Kontrola logu
Napsal: 26 led 2016 13:16
Dobrý den,
Průběžně se mi instalují programy, které zobrazují nevyžádanou reklamu a nestačím je mazat. Mohl bych Vás tímto poprosit o kontrolu logu?
Dle zdejší nejčastější rady jsem použil AdwCleaner a po restartování a fixnutí všech položek se opět veškerá havěť nastahovala.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by tomas.kratochvil (administrator) on 70M2VY1KRATTOM (26-01-2016 12:44:09)
Running from C:\Users\tomas.kratochvil\Desktop
Loaded Profiles: tomas.kratochvil (Available Profiles: install & tomas.kratochvil & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
() C:\Windows\System32\NA_Service.exe
() C:\Windows\System32\ModbusDrvSys.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
() C:\Windows\System32\ModbusDrv.exe
() C:\Program Files (x86)\RSSOwl\RSSOwl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Intel\Rs.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Ghisler Software GmbH) C:\Program Files\Total Commander\TOTALCMD64.EXE
(ComAp) C:\Program Files (x86)\ComAp PC Suite\InteliMonitor\InteliMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(STA) C:\Program Files (x86)\MTV20151125\MTview.exe
(STA) C:\Program Files (x86)\MTV20151125\bugreport.exe
() C:\Program Files (x86)\t_201601261224\201601261224\tslog.exe
() C:\Program Files (x86)\t_201601261224\201601261224\lgs.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\t_201601261224\201601261224\lsas.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRealTimeSpeedup.exe
(腾讯公司) C:\Users\tomas.kratochvil\AppData\Roaming\Tencent\AndroidServer\1.0.0.509\AndroidServer.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMAutoClean.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Copy Handler] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Intel\Rs.exe [188416 2015-12-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCTray.exe [355296 2016-01-26] (Tencent)
HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20151125\MTView.exe [1875464 2015-11-25] (STA)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [lsas] => C:\Program Files (x86)\t_201601261224\201601261224\lsas.exe [554496 2016-01-26] ()
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {0ec9c726-d44a-11e4-a1ef-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {0ec9c749-d44a-11e4-a1ef-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {31d298d0-1f1f-11e5-ac72-a4db302307b8} - J:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {620fbe4f-d790-11e4-8844-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {8be5f2c7-15a8-11e5-8148-a4db302307b8} - G:\AutoRun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {8be5f311-15a8-11e5-8148-a4db302307b8} - G:\AutoRun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {a4170126-7cf8-11e3-85fc-a4db302307b8} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc4d8-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc552-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc6d5-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {d28b8d0c-a93d-11e4-a31d-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {d28b9202-a93d-11e4-a31d-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {dfa51f33-da2f-11e4-b5ec-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {ff840c52-4575-11e5-8254-a4db302307b8} - I:\SETUP.EXE
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMGCShellExt64.dll [2016-01-26] (Tencent)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013 – kopie.lnk [2014-01-07]
ShortcutTarget: Outlook 2013 – kopie.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSSOwl.lnk [2015-12-04]
ShortcutTarget: RSSOwl.lnk -> C:\Program Files (x86)\RSSOwl\RSSOwl.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 10 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 10 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 172.27.1.1 172.27.1.2
Tcpip\..\Interfaces\{2B30C851-6942-44A4-9D43-139612EFB020}: [DhcpNameServer] 172.30.6.129
Tcpip\..\Interfaces\{B895CAD4-79DD-4A6D-897E-CBFC274AA7F9}: [DhcpNameServer] 172.27.1.1 172.27.1.2
Tcpip\..\Interfaces\{E5A43645-1868-4E21-ADAF-BFDE088B74D1}: [NameServer] 192.168.60.80,194.228.41.65
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98364621_hao_pg
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98364621_hao_pg
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2703931844-3940718246-3090366172-2529 -> DefaultScope {3450C047-7FEB-446A-B991-6302F1BE523B} URL =
SearchScopes: HKU\S-1-5-21-2703931844-3940718246-3090366172-2529 -> {3450C047-7FEB-446A-B991-6302F1BE523B} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSWebMon64.dat [2016-01-26] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {944982D2-A08B-4558-BBED-33FDCEF90451} hxxp://neso1/Eso9Supp.net/LIB/CAB/Eso9Client1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\npQMExtensionsMozilla.dll [2016-01-26] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\tomas.kratochvil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tomas.kratochvil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\tomas.kratochvil\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\tomas.kratochvil\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Extension: ReloadEvery - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-10-13]
FF Extension: ChatZilla - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-10-13]
FF Extension: Update Scanner - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2015-10-13]
FF Extension: Blend In - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{0aa26703-f666-467e-bbcb-0201dc49725c}.xpi [2016-01-14]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\artur.dubovoy@gmail.com [2016-01-19]
FF Extension: NeoBux AdAlert - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2016-01-19]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\cs@dictionaries.addons.mozilla.org [2016-01-11]
FF Extension: British English Dictionary (Updated) - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\en-gb@flyingtophat.co.uk [2015-10-10] [not signed]
FF Extension: APK Downloader - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\jid1-6MGm94JnyY2VkA@jetpack.xpi [2016-01-05]
FF Extension: NeoBuxOx - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\jid1-pWGQEEt2toKZZQ@jetpack.xpi [2016-01-19]
FF Extension: Rapportive - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\rapportive@rapportive.com.xpi [2015-12-21]
FF Extension: TotalSpoof - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\totalspoof@fonk.wz.cz.xpi [2015-12-20]
FF Extension: Bamboo Feed Reader - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2016-01-22]
FF Extension: Adblock Plus - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-08-18] [not signed]
Chrome:
=======
CHR Profile: C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-07]
CHR Extension: (Google Docs) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-07]
CHR Extension: (Google Drive) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Gliffy Diagrams) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2015-08-31]
CHR Extension: (YouTube) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-27]
CHR Extension: (feedly) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-10-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (电脑管家上网防护) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-01-26]
CHR Extension: (Gmail) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-07]
CHR HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-11-06] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-09-09] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1566424 2015-02-16] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [2685640 2015-02-17] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [183496 2015-02-16] (ESET)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-06-02] (SafeNet Inc.)
S4 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-04-29] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [147056 2014-11-07] (Nalpeiron Ltd.)
R2 NA_Service; C:\Windows\system32\NA_Service.exe [105472 2012-06-06] () [File not signed]
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S4 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S4 OpenVpnLauncher; C:\Program Files (x86)\eWON\eGrabIt\OpenVpnService.exe [86016 2013-08-23] (eWON s.a.) [File not signed]
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRTP.exe [301728 2016-01-26] (Tencent)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
S4 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2015-06-17] (SDL) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-06] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-11-06] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-13] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243464 2015-02-02] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177032 2015-02-02] (ESET)
S3 em52x; C:\Windows\System32\Drivers\em52x.sys [23792 2008-08-18] ()
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159992 2015-02-02] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-06-02] (SafeNet Inc.)
R3 hhdspmc64; C:\Windows\System32\DRIVERS\hhdspmc64.sys [39472 2010-10-13] (HHD Software Ltd.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2013-09-09] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R2 mgdrv; C:\Windows\system32\drivers\mgdrv.sys [56344 2011-03-22] (Moxa Inc. )
S3 MOSUMAC; C:\Windows\System32\DRIVERS\M7830A64.SYS [48128 2008-07-25] (--)
S3 mxuwdrv2; C:\Windows\System32\DRIVERS\mxuwdrv2.sys [83480 2009-04-27] (Moxa Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R2 npdrv; C:\Windows\system32\drivers\npdrv.sys [61176 2011-04-19] (Moxa Inc. )
R2 npdrvfilter; C:\Windows\system32\drivers\npdrvfilter.sys [42232 2011-02-15] (Moxa Inc. )
S3 NSNDIS5; C:\Windows\SysWOW64\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 phmburnr; C:\Windows\System32\DRIVERS\phmburnr.sys [53328 2010-06-14] (Phantombility, Inc)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMUdisk64.sys [162104 2016-01-12] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQSysMonX64.sys [138040 2016-01-26] (电脑管家)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\softaal64.sys [35128 2016-01-26] (Tencent)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-25] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [88632 2016-01-26] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-01-26] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-26] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSDefenseBT64.sys [28984 2016-01-26] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2016-01-26] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSSysKit64.sys [87352 2016-01-26] (电脑管家)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 USBCAN; C:\Windows\System32\DRIVERS\usbcan.sys [40216 2014-01-06] (SYS TEC electronic GmbH)
S3 USBCANL4; C:\Windows\System32\DRIVERS\usbcanl4.sys [76056 2014-01-06] (SYS TEC electronic GmbH)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 SliceDisk5; \??\C:\Users\tomas.kratochvil\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aksdf.sys 3190C577746303CA4C65114441192FE2
C:\Windows\system32\drivers\aksfridge.sys 9816FB249F0D9C2DC982C6AF8213B019
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 8F67421782B5D818247AA559718D664B
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ATSwpWDF.sys FB30E32B4E6E5D9E2DE4231DDF4FBB11
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 326E77EA6E9BF27C7CD2837D65DB96C7
C:\Windows\System32\drivers\bcbtums.sys BC88D56376CCFAF08BE25E33A7046D1F
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 30E157AB82EE7406F526ED80896D2431
C:\Windows\System32\drivers\btwaudio.sys 824E7A93F491414B6BF496D29CB14331
C:\Windows\System32\DRIVERS\btwavdt.sys 9C7A3858D87F3A2574C1D326CA6C1461
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys BB892C59D453E127797F8C5B203678DC
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys 58CB536DA016641C9D24D183197F6DBF
C:\Windows\System32\DRIVERS\dcdbas64.sys E1617EC33B0B88FEC429BF6EB7B9FA52
C:\Windows\System32\Drivers\dfsc.sys CF1F6326AC44C42F4615D4BD53188AC5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 080598EFE474B7A28D7260C3AC389E36
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys BA01A130D2B850CA87483CE6AC1A2BBA
C:\Windows\System32\DRIVERS\eamonm.sys 984A5E2FFE7A4ED6A2C059C33BD6852E
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9A7ACD56DFF94353F035FAE68E790EFB
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\em52x.sys 5A520036C74D8C68717E3D5AF11AD54B
C:\Windows\System32\DRIVERS\epfwwfpr.sys 07A4BA0F50E6FAD149C7732E3B10A0D3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys 13799CB7521A39724FFDEA2E5D9C8305
C:\Windows\System32\drivers\ftser2k.sys F1544BBC7E08BB5B9E9E97996C3FA04B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hardlock.sys 3921C845A24C62CA1F44EEF4826263E9
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hhdspmc64.sys DF100F69C70F3319C3F6178D21A910FE
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 92C3A37EE41FF6022EC53972F63927B7
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys 314285071F7117263BD246E35C17FD82
C:\Windows\System32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys C4E9E2CB3B18739BBCF4C45FA106456B
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 75779002A6084C1A011E195E421A9C75
C:\Windows\System32\DRIVERS\iusb3hub.sys F390B641FE6115F536B8B78AA71B8814
C:\Windows\System32\DRIVERS\iusb3xhc.sys 653B86AA174FF7661D00EE1E524B234F
C:\Windows\System32\DRIVERS\iwdbus.sys 4487AD9C070D3973FE28AB4406555FC6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BCC83F22805F560C8A487F2F296A78FE
C:\Windows\System32\Drivers\ksecpkg.sys 33D52A96BEEE8AFCE9E07EEC9FE0C9DB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\massfilter.sys 035C83CD72E06C47000793D32B1A642D
C:\Windows\system32\drivers\mbam.sys CFBC6C6D8A492697CABD1D353EE64933
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys D61070CFAD43038DC56AEAD9BFE9CE2A
C:\Windows\System32\DRIVERS\Mbm3CBus.sys 62732AF9512B911C330ACBBDBCC2F284
C:\Windows\System32\DRIVERS\Mbm3DevMt.sys 9644C6B313A08B36E3577193FE844197
C:\Windows\System32\DRIVERS\Mbm3mdfl.sys FAFA77810CB6C4E196C7CD28855292BB
C:\Windows\System32\DRIVERS\Mbm3Mdm.sys A1A8597F1EB14A27DDA510371498C0AB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\system32\drivers\mgdrv.sys 3EE27008CCE3838063F8932389162BD1
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\M7830A64.SYS B0B7B0C7318299C697AC0FE47B1863E9
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 73ADDCC406B86E7DA4416691E8E74BDA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7C81098FBAF2EAF5B54B939F832B0F61
C:\Windows\System32\DRIVERS\mrxsmb20.sys ACB763673BCCE6C7B3B8F858C9FE4F1F
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\mxuwdrv2.sys 49BCB8E4E93C7C12D5551DAE583CF1AB
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwsw01.sys 6C6EBA531144A54AE4E5F3AFB08582FF
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\drivers\npdrv.sys D19D449A7555F93FA5FE0DF2C2A4D46E
C:\Windows\system32\drivers\npdrvfilter.sys 73A2FC9810371C3368C362368747ADFD
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\SysWOW64\NSNDIS5.SYS 53F7546E8DAEFB3A0813F5E19C4613C9
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\O2MDFw7x64.sys 6172DB160FC566CF24307941C0E94D8E
C:\Windows\system32\drivers\O2MDRw7x64.sys 8ED738ABA394BBF6D7802698BE453112
C:\Windows\System32\DRIVERS\o2sdjw7x64.sys 072CF54D82D857001910C4FC70120D0F
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\phmburnr.sys 1BE6705451B2CF0AAB261A4C9C2128C3
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys 7E55A015421A81DD103B25215F7F62EB
C:\Windows\system32\pwdspio.sys 3FB3F02F6B79AA0AC05DCDACCEE8EE33
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMUdisk64.sys 70E3F8B13D391C57918E20DE4D976F5C
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQSysMonX64.sys B7C917526A0874A8EA8949CA7FB4409A
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 71B6F78D6444CCE6F77BC42917A4E8F7
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys 9EBC8558F87AB6645DD12A0EE99E1353
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl64.sys 8167B3DF18CF957BB87F328F131D5570
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\softaal64.sys 48669F60AC6EDFF26EF215624DCE5186
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys FEB80A9EC320569CC82D4DB9F4AC78BC
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 71CB3BB20F08BB724769DAAAFD5AB26E
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ST_ACCEL.sys 8BA37304516F9B637FB140DD58B5D88C
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\Drivers\TAOAccelerator64.sys 6D2A348D91A334ABAC3FE68E9C3C193B
C:\Windows\system32\Drivers\TAOKernel64.sys 7315779D43B51C0F6B455AB5B7DCCE6A
C:\Windows\System32\DRIVERS\tap0901.sys BCD6A90D6FD757CE9C29DDC850F7F231
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TFsFltX64.sys 501998188D4154EE736188BAF1C20CE8
C:\Windows\System32\drivers\truecrypt.sys 370A6907DDF79532A39319492B1FA38A
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSDefenseBT64.sys 9D7C94C16A83F8F4574EECD590969266
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsskx64.sys FBE4E67F738A38398576F3FEABEB846B
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSSysKit64.sys F5C5BF3FCC06BAA3F4CCE0667707A1BA
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usb3Hub.sys 8047D8AFA070A4C3B9FCBDBF77A84C45
C:\Windows\System32\DRIVERS\usbcan.sys 056FB19085A2F2F4A61E7A9C3F8560E5
C:\Windows\System32\DRIVERS\usbcanl4.sys 27D7EE056C13D16E47FA483442C36BB7
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys B57B4F0BEC4270A281B9F8537EB2FA04
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 8CD776EB77695524CCE594AAC3A71569
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\DRIVERS\vpcuxd.sys 63F4E10873BEB4124028C6D1A66B0968
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\XHCIPort.sys 24E57041608ED6A9D7FDAD0D9EC214E2
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 47B3280C31D9561A5FB51070D9F0528D
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-26 12:44 - 2016-01-26 12:46 - 00061153 _____ C:\Users\tomas.kratochvil\Desktop\FRST.txt
2016-01-26 12:43 - 2016-01-26 12:44 - 00000000 ____D C:\FRST
2016-01-26 12:41 - 2016-01-26 12:41 - 02370560 _____ (Farbar) C:\Users\tomas.kratochvil\Desktop\FRST64.exe
2016-01-26 12:30 - 2016-01-26 12:30 - 00136151 _____ C:\Users\tomas.kratochvil\Desktop\Prostějov.ANT
2016-01-26 12:30 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
2016-01-26 12:29 - 2016-01-26 12:26 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-01-26 12:29 - 2016-01-26 12:26 - 00088632 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-01-26 12:28 - 2016-01-26 12:28 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-26 12:28 - 2016-01-26 12:28 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-26 12:27 - 2016-01-26 12:32 - 00002250 _____ C:\Users\Public\Desktop\软件管理.lnk
2016-01-26 12:27 - 2016-01-26 12:27 - 00002243 _____ C:\Users\Public\Desktop\电脑管家.lnk
2016-01-26 12:27 - 2016-01-26 12:27 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-01-26 12:27 - 2016-01-26 12:27 - 00000000 _____ C:\Users\tomas.kratochvil\Desktop\$电脑管家-清理垃圾$.qmgc
2016-01-26 12:27 - 2016-01-26 12:26 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-01-26 12:27 - 2016-01-26 12:26 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-01-26 12:25 - 2016-01-26 12:33 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Tencent
2016-01-26 12:25 - 2016-01-26 12:33 - 00000000 ____D C:\ProgramData\Tencent
2016-01-26 12:25 - 2016-01-26 12:25 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-01-26 12:24 - 2016-01-26 12:24 - 00000000 ____D C:\Program Files (x86)\t_201601261224
2016-01-26 12:23 - 2016-01-26 12:24 - 00000000 ____D C:\Program Files (x86)\MTV20151125
2016-01-26 12:23 - 2016-01-26 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-26 12:09 - 2016-01-26 12:09 - 00095972 _____ C:\Users\tomas.kratochvil\Desktop\simulator.ant
2016-01-26 09:35 - 2016-01-26 12:39 - 00000000 ____D C:\AdwCleaner
2016-01-26 09:26 - 2016-01-26 09:26 - 00000000 ____D C:\Users\tomas.kratochvil\Downloads\backups
2016-01-26 09:20 - 2016-01-26 11:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 09:20 - 2016-01-26 09:20 - 22908888 _____ (Malwarebytes ) C:\Users\tomas.kratochvil\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-26 09:20 - 2016-01-26 09:20 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 09:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-26 09:20 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-26 09:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-26 08:04 - 2016-01-26 11:22 - 00000022 _____ C:\Windows\S.dirmngr
2016-01-23 13:51 - 2016-01-23 13:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\tomas.kratochvil\Downloads\HijackThis.exe
2016-01-22 09:04 - 2016-01-22 09:04 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-01-22 09:04 - 2016-01-22 09:04 - 00000961 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-01-22 07:39 - 2016-01-22 07:39 - 00015969 _____ C:\Users\tomas.kratochvil\Desktop\1601221.ais
2016-01-22 07:34 - 2016-01-22 07:36 - 00015826 _____ C:\Users\tomas.kratochvil\Desktop\Křovice AFR.ais
2016-01-21 18:52 - 2014-01-13 17:36 - 00224569 _____ C:\Users\tomas.kratochvil\Desktop\14010710.ant
2016-01-21 10:10 - 2016-01-21 10:11 - 00107356 _____ C:\Users\tomas.kratochvil\Documents\Modbus Hannover.TXT
2016-01-20 05:09 - 2016-01-20 05:37 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-18 10:55 - 2016-01-25 07:17 - 00341242 _____ C:\Users\tomas.kratochvil\Desktop\legnice.ant
2016-01-17 17:32 - 2016-01-17 17:32 - 54718976 _____ C:\Users\tomas.kratochvil\Downloads\Democracy.exe
2016-01-17 11:10 - 2016-01-22 17:21 - 00002000 _____ C:\Users\Public\Desktop\Half-Life - Blue Shift.lnk
2016-01-17 11:10 - 2016-01-17 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life (Xash3D)
2016-01-17 11:08 - 2016-01-22 17:15 - 00000000 ____D C:\Program Files (x86)\Half-Life-Xash3D
2016-01-15 09:47 - 2016-01-15 09:47 - 00000219 _____ C:\Users\tomas.kratochvil\Desktop\Vrchlabí frekvenčáky.txt
2016-01-15 09:47 - 2016-01-15 09:47 - 00000112 _____ C:\Users\tomas.kratochvil\Desktop\Belgie emaily.txt
2016-01-13 12:18 - 2016-01-13 12:18 - 00001268 _____ C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2016-01-13 12:18 - 2016-01-13 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2016-01-12 07:57 - 2016-01-12 07:57 - 00001042 _____ C:\Users\tomas.kratochvil\Desktop\eGrabIt.lnk
2016-01-11 08:53 - 2016-01-11 08:53 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-11 08:53 - 2016-01-11 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-07 10:15 - 2016-01-07 10:16 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Smtp Client
2016-01-07 10:14 - 2016-01-07 10:14 - 00043467 _____ C:\Users\tomas.kratochvil\Downloads\Smtp-Client-bin-1.2.zip
2016-01-07 09:49 - 2016-01-07 09:49 - 00351232 _____ (hxxp://www.hellonnet.tk) C:\Users\tomas.kratochvil\Downloads\sendMailer.exe
2016-01-07 08:01 - 2016-01-10 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 06:57 - 2016-01-06 06:57 - 00002986 _____ C:\Windows\System32\Tasks\{D75CE568-8736-4F4B-A9A0-61626BCE853D}
2016-01-06 06:57 - 2016-01-06 06:57 - 00002986 _____ C:\Windows\System32\Tasks\{B8FA5D03-F3A6-41D2-9EB0-E2978E6FDAA1}
2016-01-06 06:57 - 2016-01-06 06:57 - 00000130 _____ C:\Windows\system32\config.conf
2016-01-05 11:10 - 2016-01-05 11:10 - 47400128 _____ (Microsoft Corporation) C:\Users\tomas.kratochvil\Downloads\NetFx64.exe
2016-01-05 11:07 - 2015-06-24 01:59 - 00166912 _____ (HazteK Software) C:\Users\tomas.kratochvil\Desktop\SMTPMailSender.exe
2016-01-05 11:06 - 2016-01-05 11:06 - 00062513 _____ C:\Users\tomas.kratochvil\Downloads\SMTPMailSender.zip
2016-01-04 10:40 - 2016-01-04 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hMailServer
2016-01-04 10:40 - 2015-07-09 16:45 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2016-01-04 10:04 - 2016-01-04 10:04 - 00328671 _____ C:\Users\tomas.kratochvil\Downloads\postkard.exe
2016-01-04 09:53 - 2016-01-04 09:53 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-01-04 09:52 - 2016-01-04 09:52 - 03722752 _____ C:\Users\tomas.kratochvil\Downloads\iisexpress_1_11_x86_en-US.msi
2016-01-04 09:44 - 2016-01-04 09:44 - 00000000 ____D C:\Windows\system32\0405
2016-01-01 18:00 - 2016-01-01 18:01 - 44218904 _____ C:\Users\tomas.kratochvil\Downloads\torbrowser-install-5.0.6_en-US.exe
2015-12-27 13:35 - 2015-12-27 13:35 - 00005120 _____ C:\Users\tomas.kratochvil\AppData\Roaming\GiftBag.db
2015-12-27 13:26 - 2015-12-27 13:52 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-12-27 13:25 - 2015-12-27 13:52 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Seznam.cz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-26 12:45 - 2015-12-16 14:12 - 00344576 _____ C:\Users\tomas.kratochvil\Desktop\dochazka_2016.xls
2016-01-26 12:45 - 2015-11-23 06:26 - 00005010 _____ C:\Windows\System32\Tasks\WSCEAA
2016-01-26 12:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-26 12:38 - 2014-03-10 09:19 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Skype
2016-01-26 12:37 - 2013-11-06 04:30 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-26 12:23 - 2014-01-23 07:55 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 11:32 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 11:32 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-26 11:24 - 2014-01-23 07:59 - 00000000 ___RD C:\Users\tomas.kratochvil\Disk Google
2016-01-26 11:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-01-26 11:23 - 2015-11-06 07:51 - 00000000 ____D C:\Program Files (x86)\RSSOwl
2016-01-26 11:23 - 2015-02-11 07:02 - 00000000 __SHD C:\Users\tomas.kratochvil\IntelGraphicsProfiles
2016-01-26 11:23 - 2014-01-23 07:55 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 11:23 - 2014-01-08 16:33 - 00141138 _____ C:\Windows\system32\NetAccessLog.txt
2016-01-26 11:23 - 2014-01-07 07:46 - 00000344 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-26 11:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 10:15 - 2014-01-16 10:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-26 09:36 - 2013-11-06 04:47 - 00015894 __RSH C:\ProgramData\ntuser.pol
2016-01-26 08:18 - 2014-01-07 08:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-26 08:07 - 2015-11-06 07:51 - 00000000 ____D C:\Users\tomas.kratochvil\.rssowl2
2016-01-25 22:03 - 2014-03-24 21:58 - 00000950 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2703931844-3940718246-3090366172-2529Core.job
2016-01-23 13:40 - 2015-10-01 07:27 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\Deployment
2016-01-22 17:20 - 2014-01-21 12:12 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\CrashDumps
2016-01-22 12:57 - 2013-11-06 05:00 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 12:53 - 2014-01-07 08:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-22 12:51 - 2014-01-07 07:54 - 00129200 _____ C:\Users\tomas.kratochvil\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-22 12:50 - 2013-12-16 08:28 - 00000000 ____D C:\Users\install
2016-01-22 12:50 - 2009-07-14 05:45 - 00542504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-22 10:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-21 06:34 - 2010-11-21 10:27 - 00735518 _____ C:\Windows\system32\perfh005.dat
2016-01-21 06:34 - 2010-11-21 10:27 - 00173650 _____ C:\Windows\system32\perfc005.dat
2016-01-21 06:34 - 2009-07-14 06:13 - 01766780 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 06:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-20 05:37 - 2013-11-06 04:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 05:37 - 2013-11-06 04:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 05:37 - 2013-11-06 04:30 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 13:14 - 2014-03-28 09:18 - 00000000 ___RD C:\Users\tomas.kratochvil\Virtual Machines
2016-01-19 07:46 - 2015-01-05 12:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-19 07:31 - 2014-01-08 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-19 07:26 - 2015-11-07 15:09 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\tor
2016-01-18 09:13 - 2014-08-04 09:26 - 00067072 _____ C:\Users\tomas.kratochvil\Desktop\Konfigurace_Bosch_2_8_1.XLS
2016-01-15 09:17 - 2014-02-19 08:51 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\PrimoPDF
2016-01-15 07:12 - 2015-07-07 07:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 13:40 - 2014-01-14 14:25 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Měření a testování
2016-01-13 09:53 - 2014-01-14 14:28 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Vrchlabí
2016-01-13 04:26 - 2015-12-07 13:06 - 00000000 ____D C:\Users\tomas.kratochvil\Documents\Studio 2015
2016-01-12 10:31 - 2014-04-25 06:30 - 00013030 _____ C:\PDOXUSRS.NET
2016-01-12 06:40 - 2015-11-12 06:42 - 00000000 ____D C:\Temp
2016-01-12 06:35 - 2015-02-10 14:57 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-01-11 08:53 - 2014-03-10 09:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-11 08:53 - 2014-03-10 09:19 - 00000000 ____D C:\ProgramData\Skype
2016-01-11 08:52 - 2014-03-10 09:19 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\Skype
2016-01-06 13:32 - 2014-01-07 13:48 - 00000000 ____D C:\Program Files\Total Commander
2016-01-06 12:23 - 2014-01-07 13:48 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\GHISLER
2016-01-06 06:57 - 2014-03-04 12:37 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\ElevatedDiagnostics
2016-01-04 14:02 - 2014-01-14 14:25 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Kancl
2016-01-04 10:44 - 2015-12-14 07:06 - 00000000 ____D C:\Program Files (x86)\hMailServer
2016-01-04 10:34 - 2015-12-14 07:05 - 04083679 _____ ( ) C:\Users\tomas.kratochvil\Downloads\hMailServer-5.6.4-B2283.exe
2016-01-04 09:45 - 2011-02-15 08:08 - 01664216 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-04 09:44 - 2014-07-18 13:42 - 00000000 ____D C:\inetpub
2016-01-04 09:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-01-01 18:36 - 2015-10-25 07:27 - 00001261 _____ C:\Users\tomas.kratochvil\Desktop\Start Tor Browser.lnk
2016-01-01 18:07 - 2015-05-29 09:53 - 00001269 _____ C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-01-01 18:01 - 2015-11-07 15:08 - 00000000 ____D C:\Program Files (x86)\TOR
2016-01-01 17:46 - 2015-10-25 07:27 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2015-12-27 13:51 - 2013-11-06 04:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-27 13:51 - 2013-11-05 21:25 - 00000000 ____D C:\Program Files (x86)\Intel
==================== Files in the root of some directories =======
2015-12-27 13:35 - 2015-12-27 13:35 - 0005120 _____ () C:\Users\tomas.kratochvil\AppData\Roaming\GiftBag.db
2015-05-01 18:12 - 2015-05-04 07:29 - 0000600 _____ () C:\Users\tomas.kratochvil\AppData\Local\PUTTY.RND
2015-10-25 16:51 - 2015-10-25 16:51 - 0001843 _____ () C:\Users\tomas.kratochvil\AppData\Local\recently-used.xbel
2015-08-04 12:53 - 2015-08-04 12:53 - 0010368 _____ () C:\ProgramData\regid.1996-09.com.picotech_{b5d8d9e5-a3f4-4ed9-9a3c-5bed623b362c}.swidtag
Some files in TEMP:
====================
C:\Users\tomas.kratochvil\AppData\Local\Temp\0ervgp2f.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\HY_Setup_duba04.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\mslog.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\pdzx0ouh.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\SkypeSetup.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\temp~.DLL
C:\Users\tomas.kratochvil\AppData\Local\Temp\temp~.EXE
C:\Users\tomas.kratochvil\AppData\Local\Temp\Tinyxml2.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {f3aac017-469f-11e3-a790-f01faf50b517}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {f3aac019-469f-11e3-a790-f01faf50b517}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f3aac017-469f-11e3-a790-f01faf50b517}
nx OptOut
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {f3aac019-469f-11e3-a790-f01faf50b517}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{f3aac01a-469f-11e3-a790-f01faf50b517}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{f3aac01a-469f-11e3-a790-f01faf50b517}
systemroot \windows
nx OptIn
winpe Yes
Obnovenˇ z hibernace
---------------------
identifik tor {f3aac017-469f-11e3-a790-f01faf50b517}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes
Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes
Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Chyby pamŘti RAM
-----------
identifik tor {badmemory}
Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}
Parametry zaýˇzenˇ
--------------
identifik tor {f3aac01a-469f-11e3-a790-f01faf50b517}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\WindowsRE\boot.sdi
LastRegBack: 2016-01-20 10:30
==================== End of FRST.txt ============================
==================== AdwCleaner ============================
# AdwCleaner v5.031 - Logfile created 26/01/2016 at 12:27:51
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : tomas.kratochvil - 70M2VY1KRATTOM
# Running from : C:\Users\tomas.kratochvil\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
Service Found : QQPCRTP
Service Found : TAOAccelerator
Service Found : TSDefenseBt
Service Found : TSSysKit
Service Found : QMUdisk
Service Found : QQSysMonX64
Service Found : TFsFlt
Service Found : TAOKernelDriver
Service Found : TSSKX64
Service Found : softaal
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\tencent
Folder Found : C:\Program Files (x86)\MTV20151125
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Folder Found : C:\Users\tomas.kratochvil\AppData\Roaming\tencent
Folder Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found : C:\Users\TOMAS~1.KRA\AppData\Local\Temp\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
File Found : C:\Users\Public\Desktop\电脑管家.lnk
File Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\电脑管家.lnk
File Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
File Found : C:\Windows\SysNative\drivers\TAOAccelerator64.sys
File Found : C:\Windows\SysNative\drivers\TSSKX64.sys
File Found : C:\Windows\SysNative\drivers\TAOKernel64.sys
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found : C:\Windows\SysWOW64\drivers\TsFltMgr.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Key Found : HKCU\Software\STA
Key Found : HKU\S-1-5-21-2312388656-572512778-52566670-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\STA
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=98364621_hao_pg
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=98364621_hao_pg
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mp.weixin.qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lsas]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4354 bytes] ##########
Průběžně se mi instalují programy, které zobrazují nevyžádanou reklamu a nestačím je mazat. Mohl bych Vás tímto poprosit o kontrolu logu?
Dle zdejší nejčastější rady jsem použil AdwCleaner a po restartování a fixnutí všech položek se opět veškerá havěť nastahovala.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by tomas.kratochvil (administrator) on 70M2VY1KRATTOM (26-01-2016 12:44:09)
Running from C:\Users\tomas.kratochvil\Desktop
Loaded Profiles: tomas.kratochvil (Available Profiles: install & tomas.kratochvil & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
() C:\Windows\System32\NA_Service.exe
() C:\Windows\System32\ModbusDrvSys.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
() C:\Windows\System32\ModbusDrv.exe
() C:\Program Files (x86)\RSSOwl\RSSOwl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Intel\Rs.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Ghisler Software GmbH) C:\Program Files\Total Commander\TOTALCMD64.EXE
(ComAp) C:\Program Files (x86)\ComAp PC Suite\InteliMonitor\InteliMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(STA) C:\Program Files (x86)\MTV20151125\MTview.exe
(STA) C:\Program Files (x86)\MTV20151125\bugreport.exe
() C:\Program Files (x86)\t_201601261224\201601261224\tslog.exe
() C:\Program Files (x86)\t_201601261224\201601261224\lgs.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\t_201601261224\201601261224\lsas.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRealTimeSpeedup.exe
(腾讯公司) C:\Users\tomas.kratochvil\AppData\Roaming\Tencent\AndroidServer\1.0.0.509\AndroidServer.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMAutoClean.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Copy Handler] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Intel\Rs.exe [188416 2015-12-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCTray.exe [355296 2016-01-26] (Tencent)
HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20151125\MTView.exe [1875464 2015-11-25] (STA)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\Run: [lsas] => C:\Program Files (x86)\t_201601261224\201601261224\lsas.exe [554496 2016-01-26] ()
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {0ec9c726-d44a-11e4-a1ef-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {0ec9c749-d44a-11e4-a1ef-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {31d298d0-1f1f-11e5-ac72-a4db302307b8} - J:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {620fbe4f-d790-11e4-8844-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {8be5f2c7-15a8-11e5-8148-a4db302307b8} - G:\AutoRun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {8be5f311-15a8-11e5-8148-a4db302307b8} - G:\AutoRun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {a4170126-7cf8-11e3-85fc-a4db302307b8} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc4d8-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc552-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {c8adc6d5-cc69-11e4-8756-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {d28b8d0c-a93d-11e4-a31d-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {d28b9202-a93d-11e4-a31d-a4db302307b8} - G:\DriverPackSolution.exe
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {dfa51f33-da2f-11e4-b5ec-a4db302307b8} - G:\SETUP.EXE
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\...\MountPoints2: {ff840c52-4575-11e5-8254-a4db302307b8} - I:\SETUP.EXE
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMGCShellExt64.dll [2016-01-26] (Tencent)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-11-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013 – kopie.lnk [2014-01-07]
ShortcutTarget: Outlook 2013 – kopie.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSSOwl.lnk [2015-12-04]
ShortcutTarget: RSSOwl.lnk -> C:\Program Files (x86)\RSSOwl\RSSOwl.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 10 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 10 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 172.27.1.1 172.27.1.2
Tcpip\..\Interfaces\{2B30C851-6942-44A4-9D43-139612EFB020}: [DhcpNameServer] 172.30.6.129
Tcpip\..\Interfaces\{B895CAD4-79DD-4A6D-897E-CBFC274AA7F9}: [DhcpNameServer] 172.27.1.1 172.27.1.2
Tcpip\..\Interfaces\{E5A43645-1868-4E21-ADAF-BFDE088B74D1}: [NameServer] 192.168.60.80,194.228.41.65
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98364621_hao_pg
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=98364621_hao_pg
HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2703931844-3940718246-3090366172-2529 -> DefaultScope {3450C047-7FEB-446A-B991-6302F1BE523B} URL =
SearchScopes: HKU\S-1-5-21-2703931844-3940718246-3090366172-2529 -> {3450C047-7FEB-446A-B991-6302F1BE523B} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSWebMon64.dat [2016-01-26] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {944982D2-A08B-4558-BBED-33FDCEF90451} hxxp://neso1/Eso9Supp.net/LIB/CAB/Eso9Client1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\npQMExtensionsMozilla.dll [2016-01-26] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\tomas.kratochvil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tomas.kratochvil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\tomas.kratochvil\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2703931844-3940718246-3090366172-2529: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\tomas.kratochvil\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
FF Extension: ReloadEvery - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-10-13]
FF Extension: ChatZilla - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-10-13]
FF Extension: Update Scanner - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2015-10-13]
FF Extension: Blend In - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{0aa26703-f666-467e-bbcb-0201dc49725c}.xpi [2016-01-14]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\artur.dubovoy@gmail.com [2016-01-19]
FF Extension: NeoBux AdAlert - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2016-01-19]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\cs@dictionaries.addons.mozilla.org [2016-01-11]
FF Extension: British English Dictionary (Updated) - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\en-gb@flyingtophat.co.uk [2015-10-10] [not signed]
FF Extension: APK Downloader - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\jid1-6MGm94JnyY2VkA@jetpack.xpi [2016-01-05]
FF Extension: NeoBuxOx - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\jid1-pWGQEEt2toKZZQ@jetpack.xpi [2016-01-19]
FF Extension: Rapportive - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\rapportive@rapportive.com.xpi [2015-12-21]
FF Extension: TotalSpoof - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\totalspoof@fonk.wz.cz.xpi [2015-12-20]
FF Extension: Bamboo Feed Reader - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\{b2e69492-2358-071a-7056-24ad0c3defb1} [2016-01-22]
FF Extension: Adblock Plus - C:\Users\tomas.kratochvil\AppData\Roaming\Mozilla\Firefox\Profiles\d7c20eb0.default-1444380498779\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-08-18] [not signed]
Chrome:
=======
CHR Profile: C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-07]
CHR Extension: (Google Docs) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-07]
CHR Extension: (Google Drive) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Gliffy Diagrams) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2015-08-31]
CHR Extension: (YouTube) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-10]
CHR Extension: (Google Sheets) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-27]
CHR Extension: (feedly) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-10-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (电脑管家上网防护) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-01-26]
CHR Extension: (Gmail) - C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-07]
CHR HKU\S-1-5-21-2703931844-3940718246-3090366172-2529\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-11-06] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-09-09] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1566424 2015-02-16] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [2685640 2015-02-17] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [183496 2015-02-16] (ESET)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-06-02] (SafeNet Inc.)
S4 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-04-29] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [147056 2014-11-07] (Nalpeiron Ltd.)
R2 NA_Service; C:\Windows\system32\NA_Service.exe [105472 2012-06-06] () [File not signed]
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S4 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S4 OpenVpnLauncher; C:\Program Files (x86)\eWON\eGrabIt\OpenVpnService.exe [86016 2013-08-23] (eWON s.a.) [File not signed]
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQPCRTP.exe [301728 2016-01-26] (Tencent)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
S4 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2015-06-17] (SDL) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-06] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-11-06] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-13] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243464 2015-02-02] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177032 2015-02-02] (ESET)
S3 em52x; C:\Windows\System32\Drivers\em52x.sys [23792 2008-08-18] ()
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159992 2015-02-02] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-06-02] (SafeNet Inc.)
R3 hhdspmc64; C:\Windows\System32\DRIVERS\hhdspmc64.sys [39472 2010-10-13] (HHD Software Ltd.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2013-09-09] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R2 mgdrv; C:\Windows\system32\drivers\mgdrv.sys [56344 2011-03-22] (Moxa Inc. )
S3 MOSUMAC; C:\Windows\System32\DRIVERS\M7830A64.SYS [48128 2008-07-25] (--)
S3 mxuwdrv2; C:\Windows\System32\DRIVERS\mxuwdrv2.sys [83480 2009-04-27] (Moxa Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R2 npdrv; C:\Windows\system32\drivers\npdrv.sys [61176 2011-04-19] (Moxa Inc. )
R2 npdrvfilter; C:\Windows\system32\drivers\npdrvfilter.sys [42232 2011-02-15] (Moxa Inc. )
S3 NSNDIS5; C:\Windows\SysWOW64\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 phmburnr; C:\Windows\System32\DRIVERS\phmburnr.sys [53328 2010-06-14] (Phantombility, Inc)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMUdisk64.sys [162104 2016-01-12] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQSysMonX64.sys [138040 2016-01-26] (电脑管家)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\softaal64.sys [35128 2016-01-26] (Tencent)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-25] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [88632 2016-01-26] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-01-26] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-26] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSDefenseBT64.sys [28984 2016-01-26] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2016-01-26] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSSysKit64.sys [87352 2016-01-26] (电脑管家)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 USBCAN; C:\Windows\System32\DRIVERS\usbcan.sys [40216 2014-01-06] (SYS TEC electronic GmbH)
S3 USBCANL4; C:\Windows\System32\DRIVERS\usbcanl4.sys [76056 2014-01-06] (SYS TEC electronic GmbH)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 SliceDisk5; \??\C:\Users\tomas.kratochvil\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aksdf.sys 3190C577746303CA4C65114441192FE2
C:\Windows\system32\drivers\aksfridge.sys 9816FB249F0D9C2DC982C6AF8213B019
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 8F67421782B5D818247AA559718D664B
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ATSwpWDF.sys FB30E32B4E6E5D9E2DE4231DDF4FBB11
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 326E77EA6E9BF27C7CD2837D65DB96C7
C:\Windows\System32\drivers\bcbtums.sys BC88D56376CCFAF08BE25E33A7046D1F
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 30E157AB82EE7406F526ED80896D2431
C:\Windows\System32\drivers\btwaudio.sys 824E7A93F491414B6BF496D29CB14331
C:\Windows\System32\DRIVERS\btwavdt.sys 9C7A3858D87F3A2574C1D326CA6C1461
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys BB892C59D453E127797F8C5B203678DC
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys 58CB536DA016641C9D24D183197F6DBF
C:\Windows\System32\DRIVERS\dcdbas64.sys E1617EC33B0B88FEC429BF6EB7B9FA52
C:\Windows\System32\Drivers\dfsc.sys CF1F6326AC44C42F4615D4BD53188AC5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 080598EFE474B7A28D7260C3AC389E36
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys BA01A130D2B850CA87483CE6AC1A2BBA
C:\Windows\System32\DRIVERS\eamonm.sys 984A5E2FFE7A4ED6A2C059C33BD6852E
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9A7ACD56DFF94353F035FAE68E790EFB
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\em52x.sys 5A520036C74D8C68717E3D5AF11AD54B
C:\Windows\System32\DRIVERS\epfwwfpr.sys 07A4BA0F50E6FAD149C7732E3B10A0D3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys 13799CB7521A39724FFDEA2E5D9C8305
C:\Windows\System32\drivers\ftser2k.sys F1544BBC7E08BB5B9E9E97996C3FA04B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hardlock.sys 3921C845A24C62CA1F44EEF4826263E9
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hhdspmc64.sys DF100F69C70F3319C3F6178D21A910FE
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 92C3A37EE41FF6022EC53972F63927B7
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys 314285071F7117263BD246E35C17FD82
C:\Windows\System32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys C4E9E2CB3B18739BBCF4C45FA106456B
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 75779002A6084C1A011E195E421A9C75
C:\Windows\System32\DRIVERS\iusb3hub.sys F390B641FE6115F536B8B78AA71B8814
C:\Windows\System32\DRIVERS\iusb3xhc.sys 653B86AA174FF7661D00EE1E524B234F
C:\Windows\System32\DRIVERS\iwdbus.sys 4487AD9C070D3973FE28AB4406555FC6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BCC83F22805F560C8A487F2F296A78FE
C:\Windows\System32\Drivers\ksecpkg.sys 33D52A96BEEE8AFCE9E07EEC9FE0C9DB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\massfilter.sys 035C83CD72E06C47000793D32B1A642D
C:\Windows\system32\drivers\mbam.sys CFBC6C6D8A492697CABD1D353EE64933
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys D61070CFAD43038DC56AEAD9BFE9CE2A
C:\Windows\System32\DRIVERS\Mbm3CBus.sys 62732AF9512B911C330ACBBDBCC2F284
C:\Windows\System32\DRIVERS\Mbm3DevMt.sys 9644C6B313A08B36E3577193FE844197
C:\Windows\System32\DRIVERS\Mbm3mdfl.sys FAFA77810CB6C4E196C7CD28855292BB
C:\Windows\System32\DRIVERS\Mbm3Mdm.sys A1A8597F1EB14A27DDA510371498C0AB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\system32\drivers\mgdrv.sys 3EE27008CCE3838063F8932389162BD1
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\M7830A64.SYS B0B7B0C7318299C697AC0FE47B1863E9
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 73ADDCC406B86E7DA4416691E8E74BDA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7C81098FBAF2EAF5B54B939F832B0F61
C:\Windows\System32\DRIVERS\mrxsmb20.sys ACB763673BCCE6C7B3B8F858C9FE4F1F
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\mxuwdrv2.sys 49BCB8E4E93C7C12D5551DAE583CF1AB
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwsw01.sys 6C6EBA531144A54AE4E5F3AFB08582FF
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\drivers\npdrv.sys D19D449A7555F93FA5FE0DF2C2A4D46E
C:\Windows\system32\drivers\npdrvfilter.sys 73A2FC9810371C3368C362368747ADFD
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\SysWOW64\NSNDIS5.SYS 53F7546E8DAEFB3A0813F5E19C4613C9
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\O2MDFw7x64.sys 6172DB160FC566CF24307941C0E94D8E
C:\Windows\system32\drivers\O2MDRw7x64.sys 8ED738ABA394BBF6D7802698BE453112
C:\Windows\System32\DRIVERS\o2sdjw7x64.sys 072CF54D82D857001910C4FC70120D0F
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\phmburnr.sys 1BE6705451B2CF0AAB261A4C9C2128C3
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys 7E55A015421A81DD103B25215F7F62EB
C:\Windows\system32\pwdspio.sys 3FB3F02F6B79AA0AC05DCDACCEE8EE33
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QMUdisk64.sys 70E3F8B13D391C57918E20DE4D976F5C
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\QQSysMonX64.sys B7C917526A0874A8EA8949CA7FB4409A
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 71B6F78D6444CCE6F77BC42917A4E8F7
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys 9EBC8558F87AB6645DD12A0EE99E1353
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl64.sys 8167B3DF18CF957BB87F328F131D5570
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\softaal64.sys 48669F60AC6EDFF26EF215624DCE5186
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys FEB80A9EC320569CC82D4DB9F4AC78BC
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 71CB3BB20F08BB724769DAAAFD5AB26E
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ST_ACCEL.sys 8BA37304516F9B637FB140DD58B5D88C
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\Drivers\TAOAccelerator64.sys 6D2A348D91A334ABAC3FE68E9C3C193B
C:\Windows\system32\Drivers\TAOKernel64.sys 7315779D43B51C0F6B455AB5B7DCCE6A
C:\Windows\System32\DRIVERS\tap0901.sys BCD6A90D6FD757CE9C29DDC850F7F231
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TFsFltX64.sys 501998188D4154EE736188BAF1C20CE8
C:\Windows\System32\drivers\truecrypt.sys 370A6907DDF79532A39319492B1FA38A
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSDefenseBT64.sys 9D7C94C16A83F8F4574EECD590969266
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsskx64.sys FBE4E67F738A38398576F3FEABEB846B
C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17063.223\TSSysKit64.sys F5C5BF3FCC06BAA3F4CCE0667707A1BA
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usb3Hub.sys 8047D8AFA070A4C3B9FCBDBF77A84C45
C:\Windows\System32\DRIVERS\usbcan.sys 056FB19085A2F2F4A61E7A9C3F8560E5
C:\Windows\System32\DRIVERS\usbcanl4.sys 27D7EE056C13D16E47FA483442C36BB7
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys B57B4F0BEC4270A281B9F8537EB2FA04
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 8CD776EB77695524CCE594AAC3A71569
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\DRIVERS\vpcuxd.sys 63F4E10873BEB4124028C6D1A66B0968
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\XHCIPort.sys 24E57041608ED6A9D7FDAD0D9EC214E2
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 47B3280C31D9561A5FB51070D9F0528D
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F14C9B3A8DF6E21F83AC63FA1ADC6D51
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-26 12:44 - 2016-01-26 12:46 - 00061153 _____ C:\Users\tomas.kratochvil\Desktop\FRST.txt
2016-01-26 12:43 - 2016-01-26 12:44 - 00000000 ____D C:\FRST
2016-01-26 12:41 - 2016-01-26 12:41 - 02370560 _____ (Farbar) C:\Users\tomas.kratochvil\Desktop\FRST64.exe
2016-01-26 12:30 - 2016-01-26 12:30 - 00136151 _____ C:\Users\tomas.kratochvil\Desktop\Prostějov.ANT
2016-01-26 12:30 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
2016-01-26 12:29 - 2016-01-26 12:26 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-01-26 12:29 - 2016-01-26 12:26 - 00088632 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-01-26 12:28 - 2016-01-26 12:28 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-26 12:28 - 2016-01-26 12:28 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-26 12:27 - 2016-01-26 12:32 - 00002250 _____ C:\Users\Public\Desktop\软件管理.lnk
2016-01-26 12:27 - 2016-01-26 12:27 - 00002243 _____ C:\Users\Public\Desktop\电脑管家.lnk
2016-01-26 12:27 - 2016-01-26 12:27 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-01-26 12:27 - 2016-01-26 12:27 - 00000000 _____ C:\Users\tomas.kratochvil\Desktop\$电脑管家-清理垃圾$.qmgc
2016-01-26 12:27 - 2016-01-26 12:26 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-01-26 12:27 - 2016-01-26 12:26 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-01-26 12:25 - 2016-01-26 12:33 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Tencent
2016-01-26 12:25 - 2016-01-26 12:33 - 00000000 ____D C:\ProgramData\Tencent
2016-01-26 12:25 - 2016-01-26 12:25 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-01-26 12:24 - 2016-01-26 12:24 - 00000000 ____D C:\Program Files (x86)\t_201601261224
2016-01-26 12:23 - 2016-01-26 12:24 - 00000000 ____D C:\Program Files (x86)\MTV20151125
2016-01-26 12:23 - 2016-01-26 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-26 12:09 - 2016-01-26 12:09 - 00095972 _____ C:\Users\tomas.kratochvil\Desktop\simulator.ant
2016-01-26 09:35 - 2016-01-26 12:39 - 00000000 ____D C:\AdwCleaner
2016-01-26 09:26 - 2016-01-26 09:26 - 00000000 ____D C:\Users\tomas.kratochvil\Downloads\backups
2016-01-26 09:20 - 2016-01-26 11:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 09:20 - 2016-01-26 09:20 - 22908888 _____ (Malwarebytes ) C:\Users\tomas.kratochvil\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-26 09:20 - 2016-01-26 09:20 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-26 09:20 - 2016-01-26 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 09:20 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-26 09:20 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-26 09:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-26 08:04 - 2016-01-26 11:22 - 00000022 _____ C:\Windows\S.dirmngr
2016-01-23 13:51 - 2016-01-23 13:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\tomas.kratochvil\Downloads\HijackThis.exe
2016-01-22 09:04 - 2016-01-22 09:04 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-01-22 09:04 - 2016-01-22 09:04 - 00000961 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-01-22 07:39 - 2016-01-22 07:39 - 00015969 _____ C:\Users\tomas.kratochvil\Desktop\1601221.ais
2016-01-22 07:34 - 2016-01-22 07:36 - 00015826 _____ C:\Users\tomas.kratochvil\Desktop\Křovice AFR.ais
2016-01-21 18:52 - 2014-01-13 17:36 - 00224569 _____ C:\Users\tomas.kratochvil\Desktop\14010710.ant
2016-01-21 10:10 - 2016-01-21 10:11 - 00107356 _____ C:\Users\tomas.kratochvil\Documents\Modbus Hannover.TXT
2016-01-20 05:09 - 2016-01-20 05:37 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-18 10:55 - 2016-01-25 07:17 - 00341242 _____ C:\Users\tomas.kratochvil\Desktop\legnice.ant
2016-01-17 17:32 - 2016-01-17 17:32 - 54718976 _____ C:\Users\tomas.kratochvil\Downloads\Democracy.exe
2016-01-17 11:10 - 2016-01-22 17:21 - 00002000 _____ C:\Users\Public\Desktop\Half-Life - Blue Shift.lnk
2016-01-17 11:10 - 2016-01-17 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life (Xash3D)
2016-01-17 11:08 - 2016-01-22 17:15 - 00000000 ____D C:\Program Files (x86)\Half-Life-Xash3D
2016-01-15 09:47 - 2016-01-15 09:47 - 00000219 _____ C:\Users\tomas.kratochvil\Desktop\Vrchlabí frekvenčáky.txt
2016-01-15 09:47 - 2016-01-15 09:47 - 00000112 _____ C:\Users\tomas.kratochvil\Desktop\Belgie emaily.txt
2016-01-13 12:18 - 2016-01-13 12:18 - 00001268 _____ C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2016-01-13 12:18 - 2016-01-13 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2016-01-12 07:57 - 2016-01-12 07:57 - 00001042 _____ C:\Users\tomas.kratochvil\Desktop\eGrabIt.lnk
2016-01-11 08:53 - 2016-01-11 08:53 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-11 08:53 - 2016-01-11 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-07 10:15 - 2016-01-07 10:16 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Smtp Client
2016-01-07 10:14 - 2016-01-07 10:14 - 00043467 _____ C:\Users\tomas.kratochvil\Downloads\Smtp-Client-bin-1.2.zip
2016-01-07 09:49 - 2016-01-07 09:49 - 00351232 _____ (hxxp://www.hellonnet.tk) C:\Users\tomas.kratochvil\Downloads\sendMailer.exe
2016-01-07 08:01 - 2016-01-10 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 06:57 - 2016-01-06 06:57 - 00002986 _____ C:\Windows\System32\Tasks\{D75CE568-8736-4F4B-A9A0-61626BCE853D}
2016-01-06 06:57 - 2016-01-06 06:57 - 00002986 _____ C:\Windows\System32\Tasks\{B8FA5D03-F3A6-41D2-9EB0-E2978E6FDAA1}
2016-01-06 06:57 - 2016-01-06 06:57 - 00000130 _____ C:\Windows\system32\config.conf
2016-01-05 11:10 - 2016-01-05 11:10 - 47400128 _____ (Microsoft Corporation) C:\Users\tomas.kratochvil\Downloads\NetFx64.exe
2016-01-05 11:07 - 2015-06-24 01:59 - 00166912 _____ (HazteK Software) C:\Users\tomas.kratochvil\Desktop\SMTPMailSender.exe
2016-01-05 11:06 - 2016-01-05 11:06 - 00062513 _____ C:\Users\tomas.kratochvil\Downloads\SMTPMailSender.zip
2016-01-04 10:40 - 2016-01-04 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hMailServer
2016-01-04 10:40 - 2015-07-09 16:45 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2016-01-04 10:04 - 2016-01-04 10:04 - 00328671 _____ C:\Users\tomas.kratochvil\Downloads\postkard.exe
2016-01-04 09:53 - 2016-01-04 09:53 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-01-04 09:52 - 2016-01-04 09:52 - 03722752 _____ C:\Users\tomas.kratochvil\Downloads\iisexpress_1_11_x86_en-US.msi
2016-01-04 09:44 - 2016-01-04 09:44 - 00000000 ____D C:\Windows\system32\0405
2016-01-01 18:00 - 2016-01-01 18:01 - 44218904 _____ C:\Users\tomas.kratochvil\Downloads\torbrowser-install-5.0.6_en-US.exe
2015-12-27 13:35 - 2015-12-27 13:35 - 00005120 _____ C:\Users\tomas.kratochvil\AppData\Roaming\GiftBag.db
2015-12-27 13:26 - 2015-12-27 13:52 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-12-27 13:25 - 2015-12-27 13:52 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Seznam.cz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-26 12:45 - 2015-12-16 14:12 - 00344576 _____ C:\Users\tomas.kratochvil\Desktop\dochazka_2016.xls
2016-01-26 12:45 - 2015-11-23 06:26 - 00005010 _____ C:\Windows\System32\Tasks\WSCEAA
2016-01-26 12:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-26 12:38 - 2014-03-10 09:19 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\Skype
2016-01-26 12:37 - 2013-11-06 04:30 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-26 12:23 - 2014-01-23 07:55 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 11:32 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 11:32 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-26 11:24 - 2014-01-23 07:59 - 00000000 ___RD C:\Users\tomas.kratochvil\Disk Google
2016-01-26 11:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-01-26 11:23 - 2015-11-06 07:51 - 00000000 ____D C:\Program Files (x86)\RSSOwl
2016-01-26 11:23 - 2015-02-11 07:02 - 00000000 __SHD C:\Users\tomas.kratochvil\IntelGraphicsProfiles
2016-01-26 11:23 - 2014-01-23 07:55 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 11:23 - 2014-01-08 16:33 - 00141138 _____ C:\Windows\system32\NetAccessLog.txt
2016-01-26 11:23 - 2014-01-07 07:46 - 00000344 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-26 11:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 10:15 - 2014-01-16 10:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-26 09:36 - 2013-11-06 04:47 - 00015894 __RSH C:\ProgramData\ntuser.pol
2016-01-26 08:18 - 2014-01-07 08:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-26 08:07 - 2015-11-06 07:51 - 00000000 ____D C:\Users\tomas.kratochvil\.rssowl2
2016-01-25 22:03 - 2014-03-24 21:58 - 00000950 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2703931844-3940718246-3090366172-2529Core.job
2016-01-23 13:40 - 2015-10-01 07:27 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\Deployment
2016-01-22 17:20 - 2014-01-21 12:12 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\CrashDumps
2016-01-22 12:57 - 2013-11-06 05:00 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 12:53 - 2014-01-07 08:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-22 12:51 - 2014-01-07 07:54 - 00129200 _____ C:\Users\tomas.kratochvil\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-22 12:50 - 2013-12-16 08:28 - 00000000 ____D C:\Users\install
2016-01-22 12:50 - 2009-07-14 05:45 - 00542504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-22 10:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-21 06:34 - 2010-11-21 10:27 - 00735518 _____ C:\Windows\system32\perfh005.dat
2016-01-21 06:34 - 2010-11-21 10:27 - 00173650 _____ C:\Windows\system32\perfc005.dat
2016-01-21 06:34 - 2009-07-14 06:13 - 01766780 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 06:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-20 05:37 - 2013-11-06 04:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 05:37 - 2013-11-06 04:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 05:37 - 2013-11-06 04:30 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 13:14 - 2014-03-28 09:18 - 00000000 ___RD C:\Users\tomas.kratochvil\Virtual Machines
2016-01-19 07:46 - 2015-01-05 12:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-19 07:31 - 2014-01-08 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-19 07:26 - 2015-11-07 15:09 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\tor
2016-01-18 09:13 - 2014-08-04 09:26 - 00067072 _____ C:\Users\tomas.kratochvil\Desktop\Konfigurace_Bosch_2_8_1.XLS
2016-01-15 09:17 - 2014-02-19 08:51 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\PrimoPDF
2016-01-15 07:12 - 2015-07-07 07:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 13:40 - 2014-01-14 14:25 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Měření a testování
2016-01-13 09:53 - 2014-01-14 14:28 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Vrchlabí
2016-01-13 04:26 - 2015-12-07 13:06 - 00000000 ____D C:\Users\tomas.kratochvil\Documents\Studio 2015
2016-01-12 10:31 - 2014-04-25 06:30 - 00013030 _____ C:\PDOXUSRS.NET
2016-01-12 06:40 - 2015-11-12 06:42 - 00000000 ____D C:\Temp
2016-01-12 06:35 - 2015-02-10 14:57 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-01-11 08:53 - 2014-03-10 09:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-11 08:53 - 2014-03-10 09:19 - 00000000 ____D C:\ProgramData\Skype
2016-01-11 08:52 - 2014-03-10 09:19 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\Skype
2016-01-06 13:32 - 2014-01-07 13:48 - 00000000 ____D C:\Program Files\Total Commander
2016-01-06 12:23 - 2014-01-07 13:48 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Roaming\GHISLER
2016-01-06 06:57 - 2014-03-04 12:37 - 00000000 ____D C:\Users\tomas.kratochvil\AppData\Local\ElevatedDiagnostics
2016-01-04 14:02 - 2014-01-14 14:25 - 00000000 ____D C:\Users\tomas.kratochvil\Desktop\Kancl
2016-01-04 10:44 - 2015-12-14 07:06 - 00000000 ____D C:\Program Files (x86)\hMailServer
2016-01-04 10:34 - 2015-12-14 07:05 - 04083679 _____ ( ) C:\Users\tomas.kratochvil\Downloads\hMailServer-5.6.4-B2283.exe
2016-01-04 09:45 - 2011-02-15 08:08 - 01664216 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-04 09:44 - 2014-07-18 13:42 - 00000000 ____D C:\inetpub
2016-01-04 09:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-01-01 18:36 - 2015-10-25 07:27 - 00001261 _____ C:\Users\tomas.kratochvil\Desktop\Start Tor Browser.lnk
2016-01-01 18:07 - 2015-05-29 09:53 - 00001269 _____ C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-01-01 18:01 - 2015-11-07 15:08 - 00000000 ____D C:\Program Files (x86)\TOR
2016-01-01 17:46 - 2015-10-25 07:27 - 00000000 ____D C:\Program Files (x86)\Tor Browser
2015-12-27 13:51 - 2013-11-06 04:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-27 13:51 - 2013-11-05 21:25 - 00000000 ____D C:\Program Files (x86)\Intel
==================== Files in the root of some directories =======
2015-12-27 13:35 - 2015-12-27 13:35 - 0005120 _____ () C:\Users\tomas.kratochvil\AppData\Roaming\GiftBag.db
2015-05-01 18:12 - 2015-05-04 07:29 - 0000600 _____ () C:\Users\tomas.kratochvil\AppData\Local\PUTTY.RND
2015-10-25 16:51 - 2015-10-25 16:51 - 0001843 _____ () C:\Users\tomas.kratochvil\AppData\Local\recently-used.xbel
2015-08-04 12:53 - 2015-08-04 12:53 - 0010368 _____ () C:\ProgramData\regid.1996-09.com.picotech_{b5d8d9e5-a3f4-4ed9-9a3c-5bed623b362c}.swidtag
Some files in TEMP:
====================
C:\Users\tomas.kratochvil\AppData\Local\Temp\0ervgp2f.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\HY_Setup_duba04.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\mslog.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\pdzx0ouh.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\SkypeSetup.exe
C:\Users\tomas.kratochvil\AppData\Local\Temp\temp~.DLL
C:\Users\tomas.kratochvil\AppData\Local\Temp\temp~.EXE
C:\Users\tomas.kratochvil\AppData\Local\Temp\Tinyxml2.dll
C:\Users\tomas.kratochvil\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {f3aac017-469f-11e3-a790-f01faf50b517}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {f3aac019-469f-11e3-a790-f01faf50b517}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f3aac017-469f-11e3-a790-f01faf50b517}
nx OptOut
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {f3aac019-469f-11e3-a790-f01faf50b517}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{f3aac01a-469f-11e3-a790-f01faf50b517}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{f3aac01a-469f-11e3-a790-f01faf50b517}
systemroot \windows
nx OptIn
winpe Yes
Obnovenˇ z hibernace
---------------------
identifik tor {f3aac017-469f-11e3-a790-f01faf50b517}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes
Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes
Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Chyby pamŘti RAM
-----------
identifik tor {badmemory}
Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}
Parametry zaýˇzenˇ
--------------
identifik tor {f3aac01a-469f-11e3-a790-f01faf50b517}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\WindowsRE\boot.sdi
LastRegBack: 2016-01-20 10:30
==================== End of FRST.txt ============================
==================== AdwCleaner ============================
# AdwCleaner v5.031 - Logfile created 26/01/2016 at 12:27:51
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : tomas.kratochvil - 70M2VY1KRATTOM
# Running from : C:\Users\tomas.kratochvil\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
Service Found : QQPCRTP
Service Found : TAOAccelerator
Service Found : TSDefenseBt
Service Found : TSSysKit
Service Found : QMUdisk
Service Found : QQSysMonX64
Service Found : TFsFlt
Service Found : TAOKernelDriver
Service Found : TSSKX64
Service Found : softaal
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\tencent
Folder Found : C:\Program Files (x86)\MTV20151125
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\Users\tomas.kratochvil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Folder Found : C:\Users\tomas.kratochvil\AppData\Roaming\tencent
Folder Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found : C:\Users\TOMAS~1.KRA\AppData\Local\Temp\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
***** [ Files ] *****
File Found : C:\Users\Public\Desktop\电脑管家.lnk
File Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\电脑管家.lnk
File Found : C:\Users\tomas.kratochvil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
File Found : C:\Windows\SysNative\drivers\TAOAccelerator64.sys
File Found : C:\Windows\SysNative\drivers\TSSKX64.sys
File Found : C:\Windows\SysNative\drivers\TAOKernel64.sys
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found : C:\Windows\SysWOW64\drivers\TsFltMgr.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Key Found : HKCU\Software\STA
Key Found : HKU\S-1-5-21-2312388656-572512778-52566670-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\STA
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=98364621_hao_pg
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=98364621_hao_pg
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mp.weixin.qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.qq.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lsas]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4354 bytes] ##########
Děkuji mnohokrát za pomoc.