VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by smolko at 2015-03-15 21:33:12
Microsoft Windows 8.1
System drive C: has 165 GB (81%) free of 203 GB
Total RAM: 8107 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:35 PM, on 3/15/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\windows\TEMP\DPTF\esif_assist.exe
C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-10.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\XTab\cmdshell.exe
C:\Program Files (x86)\XTab\HPNotify.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\windows\syswow64\wwahost.exe
C:\Program Files\trend micro\smolko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [HarmonyPicks] C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe s
O4 - HKLM\..\Run: [HarmonySetting] C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe s
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @oem22.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CCSDK - Unknown owner - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\windows\SysWOW64\esif_uf.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HarmonyPicksService - Unknown owner - C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
O23 - Service: HarmonySettingService - Unknown owner - C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel(R) ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo OKO Service - Unknown owner - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo PAWD Service (LenovoPAWDService) - Unknown owner - C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: OKOControlSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
O23 - Service: PaperLookingSrv - Lenovo - C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: PG_Service_Launcher - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: PLHotkeyService - Unknown owner - C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ymc - Lenovo - C:\ProgramData\LenovoTransition\Server\x64\ymc.exe

--
End of file - 14664 bytes

======Listing Processes======






wininit.exe
winlogon.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
"dwm.exe"
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 622439340352
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\windows\SysWOW64\esif_uf.exe
"C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe"
"C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe"
"C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe"
"C:\Program Files (x86)\XTab\ProtectService.exe"
"C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe"
"C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
"C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe"
"C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe"
"C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe"
"C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe"
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe"
"C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe" -Embedding
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe"

C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8d33399e-0917-4c64-b916-bf1f6657bd6f -SystemEventPortName:HostProcess-2e5ba0bd-a573-44fc-9d1b-9de7a8ce7386 -IoCancelEventPortName:HostProcess-c42e3a23-ec3d-4f42-b205-6731373ab149 -NonStateChangingEventPortName:HostProcess-33d9df28-66a8-476e-984f-fb5fac52c313 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2e34a970-0c1f-40e7-97a5-5ff6ae2806a2 -DeviceGroupId:WudfDefaultDevicePool

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b1a3394e-f233-4c04-9353-e84bd1a2dbdd -SystemEventPortName:HostProcess-556ce6e4-4c49-467f-996a-e746883e7496 -IoCancelEventPortName:HostProcess-6d03bc78-c47f-4356-b087-dd7829160a40 -NonStateChangingEventPortName:HostProcess-321ead04-26eb-43e2-897a-9b7d52b8f930 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0dbef8c2-9ee7-4e47-9502-0486dc866f0a -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-da11d323-68f0-4440-95d7-3c77f9653aa9 -SystemEventPortName:HostProcess-5c3f9933-182a-4202-bb46-61e3a227ff3d -IoCancelEventPortName:HostProcess-acaa14a4-3643-4904-9002-87bd82b948da -NonStateChangingEventPortName:HostProcess-24db8830-0f3d-4375-a70b-5c2f6b0246be -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:33a448db-7e19-4117-ab53-fa6f5a8f737f -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f3d5072f-40ff-4896-b018-3ccda0e97aac -SystemEventPortName:HostProcess-53e45136-daa1-499f-abc4-0b3e8314c10b -IoCancelEventPortName:HostProcess-23b29607-2dbd-4960-8b44-93541c370a93 -NonStateChangingEventPortName:HostProcess-1425a657-eb14-4ddf-89de-0f606a3bdce0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:085b6321-9a2a-4689-8da6-50fadec30a50 -DeviceGroupId:
"C:\windows\TEMP\DPTF\esif_assist.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
taskeng.exe {6DF3A350-A1FA-43B3-B5B9-2455F95C4740}
taskhostex.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
taskeng.exe {6316A120-4DE5-4C21-81D4-F349A2FDAEC6}
"C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-10.exe" /rawdata=DvlwjSn03XksASpb/WhtqGG1qENbIfABfVNNndMiCavTtPFJQx61q36o/nlv11auVkcWpBRl+8ZuWUDhg7MCKSx4if1aIA70WzcJfld5WK1elxMw/njxsUuhRdnJ8aj/e/M2QtxrlP3llh6PPrBR62XDtPQtJkpG9GSf7zkqWqmQs1RNNjxnfxMR3qtaNuJ83tUjcQOAw4tuOjKR4RKMKPlc4G2PFo9dYghogHpwXm8HZLdmzjSImfJPewNTNkDS1pBev8LwMbKYHEmQtcqEFKHGa6XjAhsmeVS370JcjN437tyOoSeEBq+cGG/mOBJT3+PDrs2o3OncIaJg6zP2hKwGvLOsGNQNBSVTkLNnj+Iq9m1DJNMVSNA8PMgqT5T1PCjRAfx3fC9fXWAZB1MjY+zRSYSqh1NWsXNKmZ1r/0O06kiBUrochH6EDjItLA0rFBAk+7pVOlc6H0gN4cBqcKC0g6/RqhlMC7B9Pv4QGiBoewYjb/1wRWLFDtFuNdOPSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jUACf40gc9mt0HiEtpTFeAGOrYeKJZmYZxR1ih6IPrugJ3qJXHofZjx9ycTax3VlXoI31CP5IK8hPLM/rhCFQJ+oPLgfnLRBC3roiuqb5OY42m6LHM4GKnp258Ms2ODle1hockxGOTV2Au7yS5MFL0MQstFzNd1UKW/fPVgk/AaaQ==
"C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-6.exe" /rawdata=QalPho5naK6t/foK47NPfRelNhW6yQsTpFIOL4KQwQLczY77ZZGxC9fndtRiMc6L2K+4e/VpmmR8UhVecl0ntUKUwrtZ3Ex4ksjL1PjXvMgOYbWrD/Qazqr6kHomMnML/9iEiBmTNbDfmNOctRypH5UBIlzahRguwQ5nMnZ3/ZSsMJ/MnrLsuFFJgpylz+6ij92oI+BCTBuYzJalM8XVJN44XyRwjm4ppPq1txPCKdze9BMwxLcRDJt8+sPkNWJzB6zhiMvEDmTwOmqotditNP9763p+O36iQwW4iu60eoxu+bRCtpJsKsZaaVLYrclPBXHU7DpxoYek6Fk48+j4Gqw7o8NjhYQtZsM16Am9UrOBhbBWwuCpGMQbyuyf+AuXeZJnUXAhpIwEPOY7YMwBGkvk5udDTgcuU9/4azc9Dh7NsgamM81RHzJkcNKUbDt7DYehPghakhpHm36msbPGMB8m8mk2j4ylJIVZis6f4xS5OQDwBDIwZmYCbry6BtMHIX9tY7Zg+XupIGguEIJJiKbBaIWWjQ9IEzBYod6OjZ22xYHX8eqAoAuKAPB8zerOGMOqJ8V22mwV38BvxkTKqpRg81iFfUHPkk+0Jx6lhhm/bw8hMzdkZY7bEzZAlJZpXJy9L9bPn0SFF3qhUUTBlgH8VxmJiYUrK+64hCY+BKi1HqBJTHUv097Dt+k7oYNncSJR7le+K1IfugWIF3b1++P84eTi/geG059Tf1eF0HcpAdXLVhtFQlBQ0Tbcj3EgjyuQ7oTOH64UkngFoKHnJ/Y/5BWOakvN2ezHYfWuj0M/vAKxsBIhAz8WckfpjpgEmP9BejuebcOhz6tGlZ/sf0wluMSJ0f6WyMdZc3DztpMh6L4G/obMeEdWiXmuAaLWSMemh36fGosM8KaTQJhZa2OJ8ewUEJI11o4ogQAKvUabGIBgLioqb8cw//vzgqhKQjPARJyuu9ugND698+45DxYTN9rORk0bp32U7Xch2npRLpT5gtpvPgbb2QFuMBOeM+w1xlqtVt3TiU5OuWJJNQi4C58M6GVJFrJKdAzbXTRhjwUlOayJuwXU0e0fqwH6E5LwD5xSZ/vxS+XNxpZgZ4Qwkv8vhqcJo+ywILw3kTbVmbd+izcgBIpR5KmYksLeDxxwW6iwFVHpY+QmIqm8G8GdKHzQblq+q31rtx0mu4BekQYmH/d2rBrkPGAV0gyWL+P/ZWgclh6KYKsNaQGeLxQ9fEL5rX8Ii6bNDEj1p9kDB0n6577C0DcuIfzHtW9Mdiwf6jN+R+ET0xZTD9yQmyPac0BA2e/nPMBmrehQJuwXb9t0U6KALgkB7N4htvamNpF4fY4mEHwcoPFfcoW6zCjnZwZmUrDPqI1ylhQg8AkmSuAZ9Q9pHU7fuKYgeQGBWhvGLJhavrgtMSQ8R0fRDyfFoWgBvZv9clMR3sET44aVRBC973SmYwWg0e4hCClGxWJUiCSA+w5KlGt/IV3NW6Q7/2UUjm4L9qWonF9ANET/qywUfnoRgxfOue5/rc0eOlKSydN9WkKkydnVcAWv/augifxc59h4Zn47IRXfE++y3I59Fl0o6bXuH71BTCai2HJHmd2P42d9SVcxFEgusP5Q43u1g83cvJJ+dpCXuZ2d1qKo+4JBtFqaInG2eu8af1fuf3MRUEFewmYxbTVu9d5CqPYQ8c4fvAvBmKKc2fluR/H/DT+vMn03k4K/f6OG7OuIagNu+PH2jZFymCKUmRlljGCP5nXvH5wQeAE9z7TOFszXuIvsmDcOEd21ULLj0vzdXUgF86lXGsaQhsDtWtlYEuMwsZWZ36P0QsgppfLvVpEPJf62vNTyduAqibs5F7+GLl/5ddeGuacnOINBvUpDii6l4V6wM0T7NnYp2VdVHs6Pm6o1zKpf0Sv1VAINaMh0fdikMB7wlVf6w1TB7j/fqYSS8UFLwV8BZyAc2P/qTt84mF79NB/BO5CALuTgu+OHhDH3VgZSzrED2Ppr3C1vOvEMvfsZoTFIWyvokfa95qNXcnUckZCGf2SJrOaUNw99692w1vixGIkSP26lqDC+k3YfEuvLycJkj7AeCwMgCbiltc2ilKBlx5o7pDc62zYJ53oMP3wHIizFIHZidFAHVNwMY6zZOeydcReIKtWGpSud2i3L7iFrDbKQY00BuxTMNsue1tbF7O5bTJe5k5kkLenXYJy5xLnEoGFEhdW6FkYAXez0h5ERHHeo/R4bbfg4ftGlPx2e7AysDFJ3ByQsXyvLYM1JBE4jc4IIdv8haEGfnWUBR/fZpuwFbEHNyjbKAm2uvxx//Ha/brNeKQ3FRBB1WTbCCWKWQLLOtod7WjIzwkiDMvg9Uiwq9qNQgVVSmYqyku1vu5uUkXcggVi9ULjeIXsTJX26GA8zz6D8Y9YtXI6FQkQsz7lCBtUxamccob7sX9cIXcrFk+gPDx2bcny80/jZQMLB0mM1bhqGReNjF5DJSePsiDEdlO1X50Ycn64x7ULeXm2m6Upun3kuW3TWqfaB6JtyI7WNGAQINKHCs1nn945Yf/zEMPVB
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.exe" /rawdata=vetMwqelm8qcK+XjkuQolXWB7VnatxCwQj383+IQ+fgqfdfsHa1vGUgypHTXV9mA2C0ZNVVQO2DzE5npYtdgIDQ+m2Mn2fy+y7ENkR5ujikkwz4mrRwjACSZ/2Zzfjl5Q8YdJ3pzPmoe2HErJPcXFh6ROVoc2itj2TUq98bsCcKu8DjEIGY6IwHuFqJFKvOa2CyN48Y8RSGLunTzjvXAhUMtlMW0Drqi4VTcJPyRJneQF9u+7TUFNmjK8Aii2EYVwa57PHFY18Fi4Z5ANDVtyQspdVY0YAO9m39teqqtxluZaB4LRmv4UhrGpB0YXJrIB+EVyN1kxaEKcPqz18FHIrpp1SqNpujNb4HbH+btSx9hnWjiy5T6PZz7l7WksfVRtBw1igk7B7D7GDfDtV0mAk1NR/uE8IdseNOrfOKYXDWyoClClijpoJpwfLOgP9k+6E9dtHYMdTtITOIEEbKK2MORI0wuiYGOuZf1yyC6XPc3H1paMeMUzi2curccIkqaEQPY3LKb8U1FboN8udSVeVtclzLPe7iUpQfbJHOUeZrV/G+ZZs3GsnkrQq8lSI/g2An3cJr6l6s3wZg2GuggPXMlPfA1NRYLzv6wZJ6Ypwo4Rr8O6zycSBz6gwb+mqdMM2yziZVVZ6jm8Jruk+7RP7ZAQpSiYE7AHV7RAAJfUQ92JN0R9ofunI8KK7vtSIj8qxKjOJXpJhrebznFAtztIAIM7RW6o1dKY8GHQhIbU0nnVd+G1X5FQFGilrwndJKAP2N/8nNVFIE3OOLqOmjLetgBwSiLHo427aq/uOXhnVMHfO7q9AHPys9kyUHsJcvHE+Qf8PVWDjQ0MeByEToeK8RN6Ix1bKI9VqXJMGl4HvKf/ACcb8EDOYPVWffykLWEbjZ6d0VamNt8QOPH1C+XQPpSojcMpy0xhst35Op9EoRDDOr+luTWpIpzeluMZUd4yuBFz2/Uq7q/VZPWi1S/Emv09/xcyI4wnnWGeOV5/N8ggeRVDNv9i+jKwUXF5vuOL6EcLb9ZCSrQ7+69/M2U5CJ1HCe8M/8+0Z3uJwCzkUR4v23e9bOW3QDLDhwugZFRRaT9vzHLoYItgQ15q/L6fS9zyDKrmDzAre+JApku1PSGkRnAOYsYHL4TZv7Fcw/3+PecBocmaf3G61IZP+OqTV+if1t71/G/V0S3ziEBFlJs7OOQJcONnTPURvDhzt/iZ/ZizWN4Y1qLaEuSytKGoayHfdFkbxeqLqaAwWF5hwhRr0/Td/pFflIBk+XNxorYOGQq24gfAxd1DdZcbWh8lADodBVGStGnCyg/0bfhqTB5nYZNm8Inb7kqOnWtNCuw8QKkBJ6/ejiQGW4XtSEfDQ==
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
igfxEM.exe
igfxHK.exe
igfxTray.exe
/QuitInfo:0000000000000B38;0000000000000B3C;
/loadhooks /Parent:0000000000001390
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\XTab\cmdshell.exe"
HPNotify.exe -run
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
C:\windows\SysWOW64\UMonit64.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
"C:\Program Files\Lenovo\LenovoUtility\utility.exe"
"C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe" /run
"C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe"
"C:\Windows\System32\cpuminer-gw64.exe"
\??\C:\windows\system32\conhost.exe 0x4
"C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe" s
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe" s
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1800.0.573305785\783547639" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40 --gpu-vendor-id=0x8086 --gpu-device-id=0x161e --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3871 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1800.4.1218664764\2026113154" --ppapi-flash-args=enable_hw_video_decode=1 --lang=sk --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/MaterialDesignNTP/Enabled/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Enabled/RefreshTokenDeviceId/Disabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=2.5 --font-cache-shared-mem-suffix=1800 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="1800.6.1563073542\1538441955" /prefetch:673131151
adb fork-server server
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe" 1 1 1 1
"C:\Program Files\Lenovo\Communications Utility\tpknrres.exe"
"C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe"
"C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --enable-touch-events --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/17/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOff/Prerender/Prerender15minTTL/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_47/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="5180.1.1506253021\585983495" /prefetch:3
"C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --enable-touch-events --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/17/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOff/Prerender/Prerender15minTTL/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_47/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="5180.2.1936170563\539773649" /prefetch:3
"C:\Users\smolko\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe" /hide
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe" --port 35600
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding
"C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe"
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey A0D7D719-FF98-6B55-DBA3-DDC493E2F8D4 -Reinvoke
"C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe" -ServerName:Microsoft.Reader.AppXtszmc7avrx02s7n8gch63tzwg517wd9k.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding

"C:\Users\smolko\Downloads\RSITx64.exe"
"C:\windows\syswow64\wwahost.exe" -ServerName:App.wwa
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
"C:\windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572

======Scheduled tasks folder======

C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-1-6.exe /rawdata=vetMwqelm8qcK+XjkuQolXWB7VnatxCwQj383+IQ+fgqfdfsHa1vGUgypHTXV9mA2C0ZNVVQO2DzE5npYtdgIDQ+m2Mn2fy+y7ENkR5ujikkwz4mrRwjACSZ/2Zzfjl5Q8YdJ3pzPmoe2HErJPcXFh6ROVoc2itj2TUq98bsCcKu8DjEIGY6IwHuFqJFKvOa2CyN48Y8RSGLunTzjvXAhUMtlMW0Drqi4VTcJPyRJneQF9u+7TUFNmjK8Aii2EYVwa57PHFY18Fi4Z5ANDVtyQspdVY0YAO9m39teqqtxluZaB4LRmv4UhrGpB0YXJrIB+EVyN1kxaEKcPqz18FHIrpp1SqNpujNb4HbH+btSx9hnWjiy5T6PZz7l7WksfVRtBw1igk7B7D7GDfDtV0mAk1NR/uE8IdseNOrfOKYXDWyoClClijpoJpwfLOgP9k+6E9dtHYMdTtITOIEEbKK2MORI0wuiYGOuZf1yyC6XPc3H1paMeMUzi2curccIkqaEQPY3LKb8U1FboN8udSVeVtclzLPe7iUpQfbJHOUeZrV/G+ZZs3GsnkrQq8lSI/g2An3cJr6l6s3wZg2GuggPXMlPfA1NRYLzv6wZJ6Ypwo4Rr8O6zycSBz6gwb+mqdMM2yziZVVZ6jm8Jruk+7RP7ZAQpSiYE7AHV7RAAJfUQ92JN0R9ofunI8KK7vtSIj8qxKjOJXpJhrebznFAtztIAIM7RW6o1dKY8GHQhIbU0nnVd+G1X5FQFGilrwndJKAP2N/8nNVFIE3OOLqOmjLetgBwSiLHo427aq/uOXhnVMHfO7q9AHPys9kyUHsJcvHE+Qf8PVWDjQ0MeByEToeK8RN6Ix1bKI9VqXJMGl4HvKf/ACcb8EDOYPVWffykLWEbjZ6d0VamNt8QOPH1C+XQPpSojcMpy0xhst35Op9EoRDDOr+luTWpIpzeluMZUd4yuBFz2/Uq7q/VZPWi1S/Emv09/xcyI4wnnWGeOV5/N8ggeRVDNv9i+jKwUXF5vuOL6EcLb9ZCSrQ7+69/M2U5CJ1HCe8M/8+0Z3uJwCzkUR4v23e9bOW3QDLDhwugZFRRaT9vzHLoYItgQ15q/L6fS9zyDKrmDzAre+JApku1PSGkRnAOYsYHL4TZv7Fcw/3+PecBocmaf3G61IZP+OqTV+if1t71/G/V0S3ziEBFlJs7OOQJcONnTPURvDhzt/iZ/ZizWN4Y1qLaEuSytKGoayHfdFkbxeqLqaAwWF5hwhRr0/Td/pFflIBk+XNxorYOGQq24gfAxd1DdZcbWh8lADodBVGStGnCyg/0bfhqTB5nYZNm8Inb7kqOnWtNCuw8QKkBJ6/ejiQGW4XtSEfDQ==
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-1-7.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-1-7.exe /rawdata=qZA8xx3OS0sOr4dzUHSw2N6oiraYQ+meQYdMaKRFj0w3tM3m4ftfASPEdlG325tbBXwBcsVAWpV+rWBRrzf6hLdC1ptNRkWXWVsalTO5Z3lTO/UMTJkoCm0EA880o9LejxvCx+R80J09WdqMJ++xQbtIsE5eP2mAXqOfO5WGQb06DSQuTbj6jkv5fJPTDr3bhrYfau4ikNHOzEd0WikLBn+/o5rK8Q1R8/6H2dk/eBgCb8BX/LNURfwv/vfynfu8KoGp/HplnRlAN3qWqLigImdcUhtaIaD2O5cLWdg0qlEQa7NSKPYGSYKhg4TmP8qt/XMoLzpn7ZgGa0fZG2ThObz3+hyU72VRn0gfMvJNjl9SNlxbMjJgZL6CJz1ggPMCLuUirHH+lNeVskIvdxu3dtB2bPgZsJxWuvkqG2hwUcya0Zlkkm2rel+8/5DLer8uHNmsbd3CkbCYRQGfmNth/39T7cPMs5WtALlGwsCi+lvnpa2sjs+TRsqokrMqhHsrPS8xSa76DyJgrb9P0tjnhQybyhP61e29e+gogmKMdhCBxAPMznP5LqmFGI156MOLFoCifGfZDbKSeU9j+3068zIsjyyjGJYtZfQXqvzSsbjgNhM1pJlwFoclHeniajR/xeAwPaP5vZIbKgMDAQkR08VslAoSJ52rQpIhd6pEXq49Oqyvgk/AtqICNW+oNE7gK5UA5zirW4sYanEULVBrIJlNisr9lI9ZzsG5TXTUxJJ+0Zko5Sc6uxJl6wswO8W+h5EDgxRiMlUMb5ZJ4evMRKvYgdYjqB2dFGHctpcZ/6LlQGgozNWw4SGnquZIkRh9l6L1sZreH77+hFPe3KUTiZ+AHhfdOEtDTN3xb+bto0+57O3Oe3HpPBUBgM8RgE+vDJU+lh3q/6Lyn5kbmep6nMDUySrvL1+PGNpont3sha1VMfVGm5+LIgt3b7eDptcOlYpdvVKkCHwweBx2QBf07rkw2NHJ7dLPanrCYjRwzNcyqj78Gv5OJacIE6mzfw2ckLwdmGQKFVfsRAX/n0knubEvXNMnqSw3THD6UxR2iK16aHBMYbA9KJ3m7fz0APBekKydZ55PD0qg0dPFKxie0KolXurpnOvoPSxR562eoXEG3res8RiR2OOZEFVD29jHtAi/slCjPBfSqQ6yxdfHVLCfouMIbeM90+7Z1MRUjMUOMoJC4oNt+EUTGG8+bdDtefXhf6fvNhANU6fZHgDm6zQYdB/ExlCvkH5u0NLOaFtkCxRSXzQMeqZ9b/esU9viy6D2vWek29+v8UOAkiZ61Z8xCV6O8NH37b098+IbcSgwSzDz96FkKS7CrjnOnIVvc2F00tq6rRz1IgW/3tgHTcEfica2xEYAeGI824qzdLmdUm4XMnPe3bDzgyGZOCisiZCN6RTyV0sS8mmm0WIorySRXw4zlBCF67jK6PH/nFu7/ZtKag/ZRPAYiPTpbakf/gIQ/B55zGlH81ngoLBxc8QgsqULevszz4jROjRqSmSyW/9XUBLNrOJgPKxjootG
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-10_user.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-10.exe /rawdata=DvlwjSn03XksASpb/WhtqGG1qENbIfABfVNNndMiCavTtPFJQx61q36o/nlv11auVkcWpBRl+8ZuWUDhg7MCKSx4if1aIA70WzcJfld5WK1elxMw/njxsUuhRdnJ8aj/e/M2QtxrlP3llh6PPrBR62XDtPQtJkpG9GSf7zkqWqmQs1RNNjxnfxMR3qtaNuJ83tUjcQOAw4tuOjKR4RKMKPlc4G2PFo9dYghogHpwXm8HZLdmzjSImfJPewNTNkDS1pBev8LwMbKYHEmQtcqEFKHGa6XjAhsmeVS370JcjN437tyOoSeEBq+cGG/mOBJT3+PDrs2o3OncIaJg6zP2hKwGvLOsGNQNBSVTkLNnj+Iq9m1DJNMVSNA8PMgqT5T1PCjRAfx3fC9fXWAZB1MjY+zRSYSqh1NWsXNKmZ1r/0O06kiBUrochH6EDjItLA0rFBAk+7pVOlc6H0gN4cBqcKC0g6/RqhlMC7B9Pv4QGiBoewYjb/1wRWLFDtFuNdOPSe4B2pgmNcLFqsJ0uQp9VywyJUbv/irLa1Xc4KYhhoW6bE/4tD/BWbfDgrWjT95eQzISNFkVSKZuqzDHSK6+/kFGv2fsOR6ZMrsYgSau7d0P/PBI5PYDiIBNIle8qWng5QyeuZaVUA8baPdYae4KGnmlrjB6IzoLCDQx1sof0jUACf40gc9mt0HiEtpTFeAGOrYeKJZmYZxR1ih6IPrugJ3qJXHofZjx9ycTax3VlXoI31CP5IK8hPLM/rhCFQJ+oPLgfnLRBC3roiuqb5OY42m6LHM4GKnp258Ms2ODle1hockxGOTV2Au7yS5MFL0MQstFzNd1UKW/fPVgk/AaaQ==
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-3.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-3.exe /rawdata=biksGKUMyOw1q3YbtJmfGvmnvFbU3AT9pjUQGX0wROtTB4mmZGuSvlqp6BvSkC+RUzEr4YtEr4L2HyVi8N4nDT+fIlbqidasOFp9dYnidNIrGwfG6zfNv2GzEqtUAm7yZQIM3Uja89wLbm1B1Rqshjm+GW2JIIOUDLRCkJlw3EktYucdDTvqmI5kSzYQJv4NwzbkgXk1ocaIYD6iQbiQeG67plF3lnhZyWlka9IB5e7lnavfL+iNJyVK/vls+2NHMRFFevx0A26Vj0tLTbRKlMFsPuxpbz98rMRLwlUnPL5dAKolaK/VmWL0xZLI6laNHWuQlYhnBhCPilnEKCy7E2lDoLXCKy9j6giadHdLVVEIUHazkhoHF2xoeUH+MQ6YPNuCi1SmTru6fVOG07wlYZLC55U3jKBwMn2Q9OQtJMUwax0w2zWhZXCo1V0bVTVP5SahBm8mIkTsK19dkLrM6ulLLc+0rzQ9DRa1MctpCn5Z2S/cI0kCI5ThHslkDkyCXaMdCcTyKXyXU6HN9vwfKHjCrkp7gWP49wm37tx2qu/TCtk/y0w9lIKkC4TfNArE16WxLTeuPBBvsLHNT65nmVZNDWFbayRazmnCvVhX4THvtXbsoVvxq5y9SlCyCalV3NF8+HAEG7itembfqre8mYySef4/JHIe8FNhSn7vb9yv1Y96iOGQRmMMz8f5tDUJrtfx9IsR03nKwIjkKp7WE1dML9cSv3YUTWNhhKHaXzRfum8qCZQBoU06tEC1+IFBjJoChDyPotEIa+LJ/H3Lh4pkPrPUzuUv2HdKHJXtA6q+eFas9PHrlkJ4ewowPJtl8xYWyP2Jolhou4XABRNhWzg/bqtRoLgVVPp9UStG3MdZxHcFpZXEn0ItebUPUaGKuBZKUU802HlBbXsP6HLHvVwjoB4e+dDUHif9aQtX/y1BPrYESy0we6kdCaXjwbUywSaQBtMNgHD/koV5LFQOArD5Llfbj2RiKjhQvIOwFjRIo0gWMsvAywDTpDXAdCoTm3lv2rkZJpNLMpBtXZwkcisIp2FJknhpcntc3AvB5qdHIrijZwtGo1LKUVKMu3NoyCiMIUVVfdTrN5Fx1uiTFpFDq6nPtY7WAg6sYeO9XPGkccPc8TqUhg7CyVuidBCuqx1wfmVkmsyYW421X3A+XLB5ssKH8UTu2hgiKpFOlf3HF+vSt12ROd//4VfwWoJd7l6nyfUHYBPKE3uCsw0WW0hRfZF0NZVNeqBPInSbRUEindrEDmgVHLKK+Xl9PvtroHYavC3hsfmVv8WIE19WlzLennKIZI9gS/G8APoU18xYXlEIVl3HYBxDvC6ruYrs7+SoLJe5q5cy8letUPVfljJ/CJ9zmsKuCzkxYsIjZYKlNd3ZeqzXQtvEkUVG03kjZ+gFpGyJDE8zohxn3EpIyZS1ylArx/NI60r1YfVYDukOPlrgHr8P5bMrZDgEZiEUuftxTvcbgwcVKTuN9YLQpF/iMdrmMJ6bVUVzCuSvpYJedIX/GnpBUjMlh07OwKvzLUT9jJP/JZpzSV6ShTXbqwXPOZ5hyxxf9eF1xkgR1D0Fxxj5SFyiPQ12UBuopfJHdq8V55s5FSXoGCKzce3XbgQjeFowY2+FyxwYQRxmDrraT7pZ+tpDc72uHE8sruUgJdii+mMam1oza6RNhQn92/xgk0/+UfgCm+xmkFTaAtiHeqR68zKezbQr1FiC2/p/kLjDk2DZMK8z9dX9lw6FzIdLUHwn7hDhoNUjPUiS2KClyLgfT0LRnVbwYELVu7z6t5ZhRwpQ9mCZ1rClPJxlg/Ytb9VUsMbv2Sez1YU2tPADOLr3Mz4I4wEILkmt5JqVbAjDosDhiYonVMLMiyrOxQ==
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-4.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-4.exe /rawdata=jo1ZCcsbm2H2hMuc48IFR8NEF91zFnkRD/nfMdqMz3C6tc2nacr8JVWuaC2xWEV8iPN1xWX8Nd6zBPE67UKq3RC5Cga3yAop+OADLum0RY7hIROQTDVlNJ5lOtO30wUPoKjC8MfW7NhPpK2s0YkvN33nN/qL5v0H/JFiwcidXRVn2FZUHSrpg7vnq+kvpS5WLUFpmgLRmM4uwJOQPn+QGzwoViT/3wTRNuWMjgYLfTHuHBKsX+MIrd1ChRjakCheYLOQmlK7vVxHnia3ZuEjWyAcgg6GdlIuC2YqrNT6CgX2s74XY53Qrr5KFaJG1ldl67tXUlyjneark+9tgajeORAzx7WTaIxCB+NkPD+UKpiVqbAnBnhVBaEbCJe1rw+GESvK0aLxhX1xBwsMYR5NnLbmr+cK+HeQFFDPE02HbbH73S8crqfmh78G1acLc/aZPPD7cPp6k8BFhSNTtjONtkJrVxRLYWlaTJ0PENoMIADt2qHDL1Yw3w2HDVrM6zS2SUGBjKewCRvKQwgTln+xHDD6WZWP9fXUmMNWocc5cpFoToc913++Dc7YSZhcpkXXemzeJGyubl8jBmjknq7Di5doNNNI8r6hkUF+cNwk2Yk3AwyLQ8QyC5Q0wFsu/+8Dv4vwe9udjnGKpeE56ghrURzRlx0/U5IwROaRFYvfYhg0dgObyN1O/IsKNOWoL0xHZ7UzkLtPXOJV9jo5jKy8jqh35ShlcwtgEZOjXgUs1miAnhIP7D+nDSxyZLv2oWkVx/uBu9KPrBoZkK/Fpcq1XCTlTELY3NPWXf5RWuZspHol3bcQf9do7XH7QuxQgqxUdb0UpuGysEzLJF1vHRUW5aDnB9Wt7d95EzflRM8pQkYoD/iypoUemvO0M2haVvGrf9fW0YvOq5W5YHSGxXokbCKDkS4ekdEs/VE66Tw0PZ9aRYYqvjdHLh+UkQ8DQqsnR3syH91cGzPul157eZodqqhMjsj8ZCT5UkM3aEhOPaqP2dPCdvTAbEVyaIW3k2QcC3aqeAuLXztJpczjcs4Hi/o9X2YaJHn5ycXxH/MBEYyRJ7/Ow1GB4kNjAjeyBM1w9aXtCL4mJssT8UXp6ijlHk1BNyOCAZXvDTFvUOA61aGX7lQXwo8EyqOOWjx5+DoMBrBc/LzZkg70oSpV7S6YgD1clHpOuonaSSkaeH0PfURoLCdV4MM0JjWk9e9Fbv8/E6WJk2l1ZOKQDRNQZETsZSUZHb6jGWWuuNXKDDtemzplQk4m46YOmLVIM+hAAKKiAUslsGzuxx6uFuxsAHjI+goI07bbNS5JbHVB86J1m6VTlEEr0XgrbqpgDH08cQ6y/NdBZLKf8gNrvpQfAQvAyI2qYZHRzJ21rG1TdynBEZjycDuMVE74iDZMNzq5RSXotBk0n79BSBL0gOq8vDo28R2KMq2BpQ297OfsGzNYEgqI9at458yoQB5Sm9OeNhntv+sQXeQfzHZMbBUIVGaUClsy2dB8mhda/oshq2eWO9iQIBS3o7B9Y3PaJJJHMrsKi2fZJrURlGUmLKZgK5p8Knvp75RO9WzJ0hzF4qRRZL6CuAMlRM4DTc7KDY/bdFBMe/V6ctBYho7NWeRX0NstW7uhVys5gZOvKy7WOUBFSbthzk5AidOmB4Mbv2ra8pC5hb2fdfA4aTeMIeEypa/seZr7HrG8SqbvVNZDz6BilTAHrd6rmspLXP4IwZQfbW59wfk6F0+4ZYZBM6k92SVEjjpA7V3iHPV45oGJPEy142gxUT446V4FTn2pT9pI8nRyd0rotZR2CX+46JdeMrroaWOnNOsXzcEUljUGnh6eRP5xmALqur0/Kx0j4x5V1undslTcbKeJ5z/NQfFAisR4mw==
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-5.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-5.exe /rawdata=m595UO7IC9YSW4rYPULjJtG/NSnE5hMHQlUyMkR1NkuRyWgerHaRqLRh6uhw5jDuEUdlHrAuVg1ioHrKKucwuN3b7w4idE77Iwo7C1FMmzlljT4rSSF56RxmLIcTkfdofwZjOeoosma+Irpk0VKPX0oz0+ypCRW8A0FNyjQsgE2E+4y4iKCfyafo9WC/dQA9OQhw21KAg+gumNBje5pSSBxo8HbjGV62iHzr0OBBxdVBGzhxsWzHEauRbHGI6WpJBr38eFlrouKnp3+m03PXSi8jYt4xB+twLTSm208LxaR2xxKktOY31SP1vQd1BKmo9CiifrEYM44tSgR8Dd0pTwcc3LL53S+rUSNRqLHhM/KVrXdCiCNCeU7lHXl+BS7cw9fmUG/867/m7gLZ7Q7370UAOnn+8A3AL5vd9sFVexlDZoohn+LqeKuSEwzend7lcv0sCLkcgGYSFeQ8cRqo57SDJeZE+VoWCitLH0NmVtHTX4g9EDs4OQkrQU0elV3sdq6v2JuMadzVctCFvTcs7Lw89xAPNNE0sc0jugXXYXPSQSckMuccGiWjFmvMbqVub22jJd5ejcrC5TB9fMhVqaLeZhETtqH4S8q/1XGSgoRaOFaGnYe+3ZZDOHQJW4o266P7O4tniq2/dRtiJOaGkZ6GHR8x/+7OAYb31fw4IbwvJFaLCh4+qQ5tiimx1Z0iFsv1GzXrCKcpy+P4m1gOdpYihNYkG9ZFXnLRDyB+lbxFgeSrFhT4vXURSb5i3OBpq5iLBLS7XozoB5Lca5Y+lEsU0lWxk9OFUmGW6biqvR6mJFVm6/PJeRhP1W01gy2g3ktlOjpVtMBq5PpoauVRe61y/LHT2XDmU60B/ClaNMnhiGeUKEKguPcfaG6/nWkLl5MPpaHSgIQZqk0grdhdxFmVcga+I1UjKfr6/+577y60KMNoPIKlCNRbUgYt2LkJj+FO3AQuUJ5MTLtIViVlqV4HSersmsM8qn73V4sMyXFYe5hZRpHVUbfsS6lIB2Mn
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-5_user.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-5.exe /rawdata=m595UO7IC9YSW4rYPULjJtG/NSnE5hMHQlUyMkR1NkuRyWgerHaRqLRh6uhw5jDuEUdlHrAuVg1ioHrKKucwuN3b7w4idE77Iwo7C1FMmzlljT4rSSF56RxmLIcTkfdofwZjOeoosma+Irpk0VKPX0oz0+ypCRW8A0FNyjQsgE2E+4y4iKCfyafo9WC/dQA9OQhw21KAg+gumNBje5pSSBxo8HbjGV62iHzr0OBBxdVBGzhxsWzHEauRbHGI6WpJBr38eFlrouKnp3+m03PXSi8jYt4xB+twLTSm208LxaR2xxKktOY31SP1vQd1BKmo9CiifrEYM44tSgR8Dd0pTwcc3LL53S+rUSNRqLHhM/KVrXdCiCNCeU7lHXl+BS7cw9fmUG/867/m7gLZ7Q7370UAOnn+8A3AL5vd9sFVexlDZoohn+LqeKuSEwzend7lcv0sCLkcgGYSFeQ8cRqo57SDJeZE+VoWCitLH0NmVtHTX4g9EDs4OQkrQU0elV3sdq6v2JuMadzVctCFvTcs7Lw89xAPNNE0sc0jugXXYXPSQSckMuccGiWjFmvMbqVub22jJd5ejcrC5TB9fMhVqaLeZhETtqH4S8q/1XGSgoRaOFaGnYe+3ZZDOHQJW4o266P7O4tniq2/dRtiJOaGkZ6GHR8x/+7OAYb31fw4IbwvJFaLCh4+qQ5tiimx1Z0iFsv1GzXrCKcpy+P4m1gOdpYihNYkG9ZFXnLRDyB+lbxFgeSrFhT4vXURSb5i3OBpq5iLBLS7XozoB5Lca5Y+lEsU0lWxk9OFUmGW6biqvR6mJFVm6/PJeRhP1W01gy2g3ktlOjpVtMBq5PpoauVRe7pyZCnDInphxQa/f11Fxicukd3DC4j9HBS47DWBcd6xV3eSynzuUDaaraNdBo9/dS9F3rU5J0c1Mko8dyK7UhYtLrCxJFtpzrTu593n9k+TfKpNOHgHA9TZ6qibrXUWXI04GXEadUjZ4cM17ocxABemXGG4Xd9aRHYUC6UV0fZf
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-6.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-6.exe /rawdata=QalPho5naK6t/foK47NPfRelNhW6yQsTpFIOL4KQwQLczY77ZZGxC9fndtRiMc6L2K+4e/VpmmR8UhVecl0ntUKUwrtZ3Ex4ksjL1PjXvMgOYbWrD/Qazqr6kHomMnML/9iEiBmTNbDfmNOctRypH5UBIlzahRguwQ5nMnZ3/ZSsMJ/MnrLsuFFJgpylz+6ij92oI+BCTBuYzJalM8XVJN44XyRwjm4ppPq1txPCKdze9BMwxLcRDJt8+sPkNWJzB6zhiMvEDmTwOmqotditNP9763p+O36iQwW4iu60eoxu+bRCtpJsKsZaaVLYrclPBXHU7DpxoYek6Fk48+j4Gqw7o8NjhYQtZsM16Am9UrOBhbBWwuCpGMQbyuyf+AuXeZJnUXAhpIwEPOY7YMwBGkvk5udDTgcuU9/4azc9Dh7NsgamM81RHzJkcNKUbDt7DYehPghakhpHm36msbPGMB8m8mk2j4ylJIVZis6f4xS5OQDwBDIwZmYCbry6BtMHIX9tY7Zg+XupIGguEIJJiKbBaIWWjQ9IEzBYod6OjZ22xYHX8eqAoAuKAPB8zerOGMOqJ8V22mwV38BvxkTKqpRg81iFfUHPkk+0Jx6lhhm/bw8hMzdkZY7bEzZAlJZpXJy9L9bPn0SFF3qhUUTBlgH8VxmJiYUrK+64hCY+BKi1HqBJTHUv097Dt+k7oYNncSJR7le+K1IfugWIF3b1++P84eTi/geG059Tf1eF0HcpAdXLVhtFQlBQ0Tbcj3EgjyuQ7oTOH64UkngFoKHnJ/Y/5BWOakvN2ezHYfWuj0M/vAKxsBIhAz8WckfpjpgEmP9BejuebcOhz6tGlZ/sf0wluMSJ0f6WyMdZc3DztpMh6L4G/obMeEdWiXmuAaLWSMemh36fGosM8KaTQJhZa2OJ8ewUEJI11o4ogQAKvUabGIBgLioqb8cw//vzgqhKQjPARJyuu9ugND698+45DxYTN9rORk0bp32U7Xch2npRLpT5gtpvPgbb2QFuMBOeM+w1xlqtVt3TiU5OuWJJNQi4C58M6GVJFrJKdAzbXTRhjwUlOayJuwXU0e0fqwH6E5LwD5xSZ/vxS+XNxpZgZ4Qwkv8vhqcJo+ywILw3kTbVmbd+izcgBIpR5KmYksLeDxxwW6iwFVHpY+QmIqm8G8GdKHzQblq+q31rtx0mu4BekQYmH/d2rBrkPGAV0gyWL+P/ZWgclh6KYKsNaQGeLxQ9fEL5rX8Ii6bNDEj1p9kDB0n6577C0DcuIfzHtW9Mdiwf6jN+R+ET0xZTD9yQmyPac0BA2e/nPMBmrehQJuwXb9t0U6KALgkB7N4htvamNpF4fY4mEHwcoPFfcoW6zCjnZwZmUrDPqI1ylhQg8AkmSuAZ9Q9pHU7fuKYgeQGBWhvGLJhavrgtMSQ8R0fRDyfFoWgBvZv9clMR3sET44aVRBC973SmYwWg0e4hCClGxWJUiCSA+w5KlGt/IV3NW6Q7/2UUjm4L9qWonF9ANET/qywUfnoRgxfOue5/rc0eOlKSydN9WkKkydnVcAWv/augifxc59h4Zn47IRXfE++y3I59Fl0o6bXuH71BTCai2HJHmd2P42d9SVcxFEgusP5Q43u1g83cvJJ+dpCXuZ2d1qKo+4JBtFqaInG2eu8af1fuf3MRUEFewmYxbTVu9d5CqPYQ8c4fvAvBmKKc2fluR/H/DT+vMn03k4K/f6OG7OuIagNu+PH2jZFymCKUmRlljGCP5nXvH5wQeAE9z7TOFszXuIvsmDcOEd21ULLj0vzdXUgF86lXGsaQhsDtWtlYEuMwsZWZ36P0QsgppfLvVpEPJf62vNTyduAqibs5F7+GLl/5ddeGuacnOINBvUpDii6l4V6wM0T7NnYp2VdVHs6Pm6o1zKpf0Sv1VAINaMh0fdikMB7wlVf6w1TB7j/fqYSS8UFLwV8BZyAc2P/qTt84mF79NB/BO5CALuTgu+OHhDH3VgZSzrED2Ppr3C1vOvEMvfsZoTFIWyvokfa95qNXcnUckZCGf2SJrOaUNw99692w1vixGIkSP26lqDC+k3YfEuvLycJkj7AeCwMgCbiltc2ilKBlx5o7pDc62zYJ53oMP3wHIizFIHZidFAHVNwMY6zZOeydcReIKtWGpSud2i3L7iFrDbKQY00BuxTMNsue1tbF7O5bTJe5k5kkLenXYJy5xLnEoGFEhdW6FkYAXez0h5ERHHeo/R4bbfg4ftGlPx2e7AysDFJ3ByQsXyvLYM1JBE4jc4IIdv8haEGfnWUBR/fZpuwFbEHNyjbKAm2uvxx//Ha/brNeKQ3FRBB1WTbCCWKWQLLOtod7WjIzwkiDMvg9Uiwq9qNQgVVSmYqyku1vu5uUkXcggVi9ULjeIXsTJX26GA8zz6D8Y9YtXI6FQkQsz7lCBtUxamccob7sX9cIXcrFk+gPDx2bcny80/jZQMLB0mM1bhqGReNjF5DJSePsiDEdlO1X50Ycn64x7ULeXm2m6Upun3kuW3TWqfaB6JtyI7WNGAQINKHCs1nn945Yf/zEMPVB
C:\windows\tasks\2300726e-d013-4e97-93b8-82cdb2191e24-7.job - C:\Program Files (x86)\CinemaP-1.9cV05.03\2300726e-d013-4e97-93b8-82cdb2191e24-7.exe /rawdata=EIlcdt04eYq+27SF8vdL4pcZ6wc1vW2TZMdeHv8PNncx5/q4ta5i0IIEyGNVbVpJagnU3vv4GnixB0im9DmGO3rq2A6jLNcSTwM3LtmuR2Utb/4zE3IBDK996cdY+VdHxWhug6pP3x/ik8kXZte+VlBlATWNtcUB2sWfHHmyAauqPhiMupmU1rzV9V3rXoTDrY3bhUQzkGHmdueTsqh0zcnox4mSPbCxdsz6LOKV1lYX713+fujjOn3SohMlr3Cx1l/Rq14vP4lL7xDbbayGmRNh0LaQGH/p3rDA9UStELuLt3/7kWvZ8wBaNK0ZijDF3gN8FA9IGA3RXG9s1TQAT0BNJkzLZvLM0t62g24SNZ38kIKw0oo7PDnqz+7RMONkUrOX4b4HisDThUCkoU4BDk8Z4lx96mvANUH3d63k8MUQpjVsu4aJkf0RDbZWmnDuZTgzdNp1dYSMmvauVg7qatC+etcQ9i8CaMLJ2vc7I99RtD9pOMJ33A563gnhNJvyGZMy6DPtfXuFStcvtnB/aO6dLSr1u+772SbY+gHYp2Qj6WNj0ijwWoBomQ5/KJBYnEYD6QfM4Si8a3xfAJhH+lNoZQJNfeKGVT0G7F+qE9EQtbSjaMXSbyjM14MS7PWsdcBcKxWnbvgRPqfXTGzKbTf55qTgWZSRj/Sn8E7vV2nHwR2Oo93FUHT+We4tQPoOWNwPPTk6ovT0RNqKTVHn5LOqJ71JJ0/bpbmIm6vy7y8MvJeCo52ae71JZPLB0xIvlLwzGjmK4u4GLi3AzM5vSjbK0ZEJcqluHoGd208LNtbnIcOQs7ePluK7+Y+s48WHPdFNM6Qp78IHLr8kwD6nBhj21KR1SIVfZhlT4A6dxWeLdbjUxpL35+lZLwU9RhMwHC6ZW9wfFel0gN02WcAkyt8stCK2vExvsLijY4hhBO+VNlidqPAfhIi7ubp6hrvi2fizKxb82L1THNGNzeRJVzvYqDXIYkd3WGk/KeJQN8Uv99Hn774OS4ehcmEdhphqpZpc5jTwzLekw32pogfrx3QitCgDYdM5Tuv9jsXt15SbzmOTevdr4wNSrDAO54zXJz4U0QcaIpJzMTN+RynSw7HnY+eok38EdlqOjix9A3Zv8Mo3lhJZFF+4lNhVNkJrJETQACkvfiTwF/bkK1qJ1uLabIfjbhiOTDcsf5XWsH4Hxr5D7RxZtH59mVbrT+M7qytADzQjtIeNNzZGyQ7wcVS6ABSIA2myvPuc1mYhn904YRxhbEUh9pqsr3BzzyAtaPx3eC1x0guqyYSG+KGqPKL7eXd67cSeeP88qFvx6Jc3SEOmIwCR8WK0tOi3iG2JnDn7Q9AqK0awTG4Ztopq24g0ZO9rxRMMFoABR/ABsrrSfTiKOU2qvjtz3ul+vwGBeAJ5QLP3iNw97rsuvwYEYi7J5FcP4tdpCL5mpBrgRYryLm70Dci1mgkpedhZewEue05kKjSWwltv4OJefb9AZWC4SI5VBbBmimBYys/rCISbc4zcKhLL0U+6NLQwXwlCD6H3B6aUVNpguPNzCeYWYlVPB/bRFLWs5qrkf+mXBpJtIgQZJO9X0OA4MtR/xPIJ+Xmsdz7ARZ/gWurgY7wKXQPzqHNyJqbh+BgXsjxwQZq5fhF40/oyO4aG21fZ14pr7GstbdKy1pvzuq4bkVKeyWukGn9pR4MiMmP7/fzWQlsPaxtXCFYk9CFCDRZBncYme06PskmEhBPgWqMKbarOu7bg2PPZntNK1LbrgZmtRZYeTF9f5eP8ver2iNN4SUfwsGk7wJASzaJ5iobxoMmB2kkXlbXk+mh61sBotViRepkEeojiJ1D/NKEdyIq3UIOCPS9sg48ZzsswCVqUqhtGEyf0Y8FezgHnO3rT/IjOTaoTZurBqZ/g8JVWFQUggVT5h7SSjhNjbev7lMmehnfFt0BeGic5kp7UhLb+9Jo4SlZICyr2CPbOLxSja2wM3Dfz3cXj/DWEteZCNgMo3/ehlh6roo1aFx9ifrY0A7mOxmwnzEBI00NbvhKBR99Y3qX4xM5dUQIVDJuHduSgsVSHxV90RJ+8qQL4l9hmtSyIs9ZFHUpQ4ywNrgqkd2nWMnvwYy/ljn1mWEbUEFgY6S60zW/i83uMO2DupHDTx8ax4R5fedeFrH74Jg3SNGMYHjEGan98EXa8k9w7JywyOTlbR5q/zBXFH0bmrLEaP3gpXoAbTMQf794Zz4wSZ03O+ayJWSDX1yIEbcfY8JV79COWFaH0H3jugxnStXEvoGkCKNlgdG/Ooo5QQDjkL1nPwjYupo8QxEmUI7Cap1UKO3Ml5o2pwPa7dLQS7OzOrPl3zEQBX07qaDIethzxihRKxu60B1pnNn0PmLPv76uwOKytng==
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\FHIGIC.job - C:\Users\smolko\AppData\Roaming\FHIGIC.exe /infocmdline=G9gIEXHW6mWu8vSn94yB5rOOK8JNdniw67mBIZ9VEsBROWmT5FDczDYv2ZQugNeU/zurCbnodA9S1okJHUGhTWEAqpSZ2y0vZkEnRImbKt+V2PTOfRfMIBy8uM1kyo1F2jz3Z2ysWp9L47PHRxuIYzN54G5ukVys0aFYsj7jbMhmdyi9YU0JH32QLlel0hvjacYFbY6CdkdUxxSbi+KjYUBR6nGHouiuv/wUmqldjmdssi/ufHp98yefqnX9TQxqudEgxqQIV2mzHSqYq4MP53wmDd2FCDZRTc3cstVRv/CkKMVmfXelH0HsJLOX+bQnYU3+DRO2u14xWCo4baR4NgFhgJ0Yfti/j+sZHRUOrMvN+bdfg8unD8EELw+g94E2DxwarpSJQO0m0/K3pDPukopIoSsdQxQsJ7zhhIjgoRhxbjit/p6wPhuPNIzSzSQ6I4som91rCHnXmbi6tMXRiaLuyajeVcDZr4M2x0SjJ2GHw3h/ZxAZ7DGKK8b+yAx+
C:\windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\OEM.job - C:\Users\smolko\AppData\Roaming\OEM.exe /infocmdline=bZQk2wXFLMrXkukc43Ixdpvan00z6Atmt9BF0fLRF2XP0AqYAU/vpOC0HddUDNiXoszBzr63v5VXMNB4kEDtulrdWmqakNzPLyXRYXlgHo4pzJ3aVJIKpdsvorcIYhYsK5X9aG6jjsA1DxE28AtQ+GaTPrbLl5J6xPlldwLbl+6/TbfxvMx6qL3tWfOHwhX3nA6ZIwn0DeM02zl2W+esVoM5IQwJv2r0bXmVZhwT7AzFzd/hSRDHxOOUGW7ih2oB8g5hiketo7gIMGneaeP7VlccO1arW7VNu2vOzO/n7Uh9LCGrt7n+M9U3LarnqNh+gEY0v8WRgc2Qp5h+Wrt6DxGLxGWjegj8+BtJEDUOhRuVjlcZkO/Uh9s8bFWAxaUY++LKiuJzWY8AAUU7vV7WQGoKZqt6XCkaGVW7E5k2ThaGtlpvbQ+wuAruKwnmPUkKOBNUE51OH6qXjxbhHDbzSYjbL9TFx3rT5ltK8zEKPjj5pgPFBk6Hut41PL6+y/ys

=========Mozilla firefox=========

ProfilePath - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll


C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\
istart_ffnt@gmail.com
NLQUCQ35648598@KRFIE97629948.com
searchengine@gmail.com

C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\searchplugins\
omniboxes.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-15 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-15 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-15 2333400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\XTab\SupTab.dll [2015-03-10 538208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-15 707800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-08-14 13675736]
"RtHDVBg_MAXX6"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-08-14 1391832]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-08-14 1391832]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-08-14 1391832]
"WavesSvc"=C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [2014-07-15 604928]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-04 2809072]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-06-25 36352]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll [2014-08-06 87536]
"LenovoUtility"=C:\Program Files\Lenovo\LenovoUtility\utility.exe [2014-11-19 10828056]
"AutoStartTransition"=C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe [2014-08-14 109840]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-11-19 802800]
"OneKeyOptimizer"=C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [2014-08-16 461080]
"cpuminer"=C:\windows\system32\cpuminer-gw64.exe [2015-03-11 1316400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\smolko\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2015-02-05 10354504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HarmonyPicks"=C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [2014-08-28 1341720]
"HarmonySetting"=C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2014-08-28 2657048]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-11-20 126200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-03-15 21:33:12 ----D---- C:\rsit
2015-03-15 21:33:12 ----D---- C:\Program Files\trend micro
2015-03-15 15:55:12 ----A---- C:\windows\SYSWOW64\MrmCoreR.dll
2015-03-15 15:55:12 ----A---- C:\windows\SYSWOW64\explorer.exe
2015-03-15 15:55:12 ----A---- C:\windows\system32\MrmCoreR.dll
2015-03-15 15:55:12 ----A---- C:\windows\explorer.exe
2015-03-15 15:55:11 ----A---- C:\windows\SYSWOW64\eappprxy.dll
2015-03-15 15:55:11 ----A---- C:\windows\SYSWOW64\eapphost.dll
2015-03-15 15:55:11 ----A---- C:\windows\SYSWOW64\eappgnui.dll
2015-03-15 15:55:11 ----A---- C:\windows\SYSWOW64\eappcfg.dll
2015-03-15 15:55:11 ----A---- C:\windows\SYSWOW64\eapp3hst.dll
2015-03-15 15:55:11 ----A---- C:\windows\system32\LockScreenContentServer.exe
2015-03-15 15:55:11 ----A---- C:\windows\system32\eappprxy.dll
2015-03-15 15:55:11 ----A---- C:\windows\system32\eapphost.dll
2015-03-15 15:55:11 ----A---- C:\windows\system32\eappgnui.dll
2015-03-15 15:55:11 ----A---- C:\windows\system32\eappcfg.dll
2015-03-15 15:55:11 ----A---- C:\windows\system32\eapp3hst.dll
2015-03-15 15:06:12 ----RHD---- C:\MSOCache
2015-03-15 14:59:03 ----D---- C:\ProgramData\Microsoft OneDrive
2015-03-15 14:56:07 ----D---- C:\Program Files\Microsoft Office 15
2015-03-15 12:14:37 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-03-15 12:14:37 ----A---- C:\windows\system32\atmfd.dll
2015-03-15 12:14:36 ----A---- C:\windows\SYSWOW64\lpk.dll
2015-03-15 12:14:36 ----A---- C:\windows\SYSWOW64\fontsub.dll
2015-03-15 12:14:36 ----A---- C:\windows\SYSWOW64\dciman32.dll
2015-03-15 12:14:36 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-03-15 12:14:36 ----A---- C:\windows\system32\lpk.dll
2015-03-15 12:14:36 ----A---- C:\windows\system32\fontsub.dll
2015-03-15 12:14:36 ----A---- C:\windows\system32\dciman32.dll
2015-03-15 12:14:36 ----A---- C:\windows\system32\atmlib.dll
2015-03-15 12:14:35 ----A---- C:\windows\system32\rdpcorets.dll
2015-03-15 12:14:34 ----A---- C:\windows\system32\ubpm.dll
2015-03-15 12:14:34 ----A---- C:\windows\system32\rfxvmt.dll
2015-03-15 12:14:34 ----A---- C:\windows\system32\rdpudd.dll
2015-03-15 12:14:34 ----A---- C:\windows\system32\drivers\rdpvideominiport.sys
2015-03-15 12:14:33 ----A---- C:\windows\system32\ntoskrnl.exe
2015-03-15 12:14:32 ----A---- C:\windows\SYSWOW64\ntdll.dll
2015-03-15 12:14:32 ----A---- C:\windows\system32\ntdll.dll
2015-03-15 12:14:30 ----A---- C:\windows\system32\win32k.sys
2015-03-15 12:14:28 ----A---- C:\windows\SYSWOW64\schannel.dll
2015-03-15 12:14:28 ----A---- C:\windows\system32\schannel.dll
2015-03-15 12:14:16 ----A---- C:\windows\system32\mshtml.dll
2015-03-15 12:14:14 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-03-15 12:14:10 ----A---- C:\windows\system32\jscript9.dll
2015-03-15 12:14:10 ----A---- C:\windows\system32\ieframe.dll
2015-03-15 12:14:08 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-03-15 12:14:07 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-03-15 12:14:07 ----A---- C:\windows\system32\wininet.dll
2015-03-15 12:14:07 ----A---- C:\windows\system32\iertutil.dll
2015-03-15 12:14:06 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-03-15 12:14:06 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-03-15 12:14:06 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-03-15 12:14:06 ----A---- C:\windows\system32\urlmon.dll
2015-03-15 12:14:06 ----A---- C:\windows\system32\inetcomm.dll
2015-03-15 12:14:05 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-03-15 12:14:05 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-03-15 12:14:05 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-03-15 12:14:05 ----A---- C:\windows\system32\vbscript.dll
2015-03-15 12:14:04 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2015-03-15 12:14:04 ----A---- C:\windows\system32\MshtmlDac.dll
2015-03-15 12:14:04 ----A---- C:\windows\system32\msfeeds.dll
2015-03-15 12:14:04 ----A---- C:\windows\system32\iepeers.dll
2015-03-15 12:14:04 ----A---- C:\windows\system32\dxtrans.dll
2015-03-15 12:14:03 ----A---- C:\windows\SYSWOW64\webcheck.dll
2015-03-15 12:14:03 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2015-03-15 12:14:03 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2015-03-15 12:14:03 ----A---- C:\windows\SYSWOW64\iepeers.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\webcheck.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\mshtmled.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\jscript9diag.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\jscript.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\iedkcs32.dll
2015-03-15 12:14:03 ----A---- C:\windows\system32\actxprxy.dll
2015-03-15 12:14:02 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-03-15 12:14:02 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-03-15 12:14:02 ----A---- C:\windows\system32\ieapfltr.dll
2015-03-15 12:13:49 ----A---- C:\windows\SYSWOW64\WindowsCodecs.dll
2015-03-15 12:13:49 ----A---- C:\windows\system32\WindowsCodecs.dll
2015-03-15 12:13:49 ----A---- C:\windows\system32\shell32.dll
2015-03-15 12:13:48 ----A---- C:\windows\SYSWOW64\shell32.dll
2015-03-15 12:13:39 ----A---- C:\windows\SYSWOW64\WMPhoto.dll
2015-03-15 12:13:39 ----A---- C:\windows\SYSWOW64\msctf.dll
2015-03-15 12:13:39 ----A---- C:\windows\system32\WMPhoto.dll
2015-03-15 12:13:39 ----A---- C:\windows\system32\msctf.dll
2015-03-15 12:00:24 ----A---- C:\Users\smolko\AppData\Roaming\OEM.exe
2015-03-15 12:00:06 ----D---- C:\Program Files (x86)\43d45ddb-733d-4a4f-9d91-4e3253112627
2015-03-15 12:00:06 ----A---- C:\Users\smolko\AppData\Roaming\FHIGIC.exe
2015-03-15 12:00:02 ----D---- C:\Program Files (x86)\globalUpdate
2015-03-15 11:59:56 ----D---- C:\Program Files (x86)\CinemaP-1.9cV05.03
2015-03-15 11:59:46 ----D---- C:\Users\smolko\AppData\Roaming\cpuminer
2015-03-15 11:59:46 ----D---- C:\ProgramData\IHProtectUpDate
2015-03-15 11:59:41 ----D---- C:\Program Files (x86)\XTab
2015-03-15 11:59:35 ----D---- C:\ProgramData\WindowsMangerProtect
2015-03-15 11:59:25 ----D---- C:\Users\smolko\AppData\Roaming\omniboxes
2015-03-11 17:24:42 ----A---- C:\windows\system32\cpuminer-gw64.exe
2015-02-21 18:58:48 ----A---- C:\windows\SYSWOW64\scesrv.dll
2015-02-21 18:58:48 ----A---- C:\windows\system32\scesrv.dll
2015-02-21 18:58:40 ----A---- C:\windows\system32\wow64.dll
2015-02-21 18:58:39 ----A---- C:\windows\SYSWOW64\wow32.dll
2015-02-21 18:58:39 ----A---- C:\windows\SYSWOW64\user.exe
2015-02-21 18:58:39 ----A---- C:\windows\SYSWOW64\setup16.exe
2015-02-21 18:58:39 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2015-02-21 18:58:39 ----A---- C:\windows\SYSWOW64\instnm.exe
2015-02-21 18:58:39 ----A---- C:\windows\system32\wow64cpu.dll
2015-02-21 18:58:39 ----A---- C:\windows\system32\ntvdm64.dll
2015-02-21 18:58:35 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-02-21 18:58:35 ----A---- C:\windows\system32\drivers\cng.sys
2015-02-21 18:58:35 ----A---- C:\windows\system32\certcli.dll
2015-02-21 18:58:34 ----A---- C:\windows\SYSWOW64\msaudite.dll
2015-02-21 18:58:34 ----A---- C:\windows\SYSWOW64\certcli.dll
2015-02-21 18:58:34 ----A---- C:\windows\SYSWOW64\adtschema.dll
2015-02-21 18:58:34 ----A---- C:\windows\system32\msaudite.dll
2015-02-21 18:58:34 ----A---- C:\windows\system32\lsasrv.dll
2015-02-21 18:58:34 ----A---- C:\windows\system32\adtschema.dll
2015-02-21 18:57:41 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2015-02-21 18:57:41 ----A---- C:\windows\system32\dxtmsft.dll
2015-02-21 18:57:40 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-02-21 18:57:40 ----A---- C:\windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 month======

2015-03-15 21:33:12 ----RD---- C:\Program Files
2015-03-15 21:31:56 ----D---- C:\windows\Prefetch
2015-03-15 21:28:52 ----D---- C:\windows\Inf
2015-03-15 21:28:52 ----AD---- C:\windows\System32
2015-03-15 21:28:52 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-03-15 21:28:08 ----D---- C:\windows\Microsoft.NET
2015-03-15 21:25:10 ----D---- C:\windows\Temp
2015-03-15 21:23:14 ----D---- C:\windows\system32\config
2015-03-15 21:23:12 ----D---- C:\windows\WinSxS
2015-03-15 21:23:12 ----D---- C:\windows\SysWOW64
2015-03-15 21:21:57 ----AD---- C:\Windows
2015-03-15 21:21:56 ----D---- C:\windows\system32\drivers
2015-03-15 21:21:56 ----D---- C:\Program Files\Internet Explorer
2015-03-15 21:21:56 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-15 21:21:55 ----RD---- C:\windows\ToastData
2015-03-15 21:21:43 ----D---- C:\windows\system32\MRT
2015-03-15 21:19:34 ----D---- C:\windows\CbsTemp
2015-03-15 21:00:00 ----D---- C:\windows\system32\sru
2015-03-15 18:09:53 ----SD---- C:\Users\smolko\AppData\Roaming\Microsoft
2015-03-15 16:18:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-15 15:55:02 ----D---- C:\windows\system32\catroot2
2015-03-15 14:59:14 ----D---- C:\windows\system32\Tasks
2015-03-15 14:59:03 ----SHD---- C:\windows\Installer
2015-03-15 14:59:03 ----HD---- C:\ProgramData
2015-03-15 14:58:57 ----D---- C:\ProgramData\Microsoft
2015-03-15 14:58:51 ----RD---- C:\windows\assembly
2015-03-15 14:58:45 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-03-15 14:58:44 ----D---- C:\Program Files (x86)\Common Files
2015-03-15 14:58:43 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-03-15 14:58:32 ----D---- C:\windows\system32\DriverStore
2015-03-15 14:56:20 ----RSD---- C:\windows\Fonts
2015-03-15 12:10:46 ----D---- C:\windows\system32\wdi
2015-03-15 12:07:57 ----SHD---- C:\System Volume Information
2015-03-15 12:02:15 ----RD---- C:\Program Files (x86)
2015-03-15 12:00:41 ----D---- C:\windows\Tasks
2015-03-15 12:00:12 ----D---- C:\Program Files (x86)\Avira
2015-03-04 22:24:42 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-03-03 14:17:35 ----N---- C:\windows\system32\MpSigStub.exe
2015-02-26 21:14:44 ----A---- C:\windows\system32\MRT.exe
2015-02-22 11:37:10 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-21 22:36:57 ----D---- C:\windows\SYSWOW64\en-US
2015-02-21 22:36:57 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-02-21 22:36:57 ----D---- C:\windows\system32\en-US
2015-02-21 22:36:57 ----D---- C:\windows\system32\cs-CZ
2015-02-21 22:36:57 ----D---- C:\windows\apppatch
2015-02-21 18:59:05 ----SHD---- C:\$Recycle.Bin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Fastboot;Fastboot; C:\windows\system32\drivers\Fastboot.sys [2014-08-16 69144]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2014-06-25 670056]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 ACPIVPC;@oem29.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\windows\System32\drivers\AcpiVpc.sys [2014-11-19 35064]
R3 bcbtums;@oem22.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\windows\system32\drivers\bcbtums.sys [2013-11-14 170712]
R3 BCM43XX;@oem16.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl63a.sys [2014-11-19 7578328]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 btwampfl;@oem22.inf,%btwampfl.ServiceName%;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2014-02-03 166616]
R3 btwaudio;@oem18.inf,%btaudio.SvcDesc%;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2014-05-13 190168]
R3 btwavdt;@oem18.inf,%btwavdt.SvcDesc%;Bluetooth AVDT; C:\windows\System32\drivers\btwavdt.sys [2014-03-19 229080]
R3 btwl2cap;@oem21.inf,%btwl2cap.SVCDESC%;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2012-07-27 40248]
R3 dptf_cpu;dptf_cpu; C:\windows\System32\drivers\dptf_cpu.sys [2014-06-10 35136]
R3 dptf_pch;dptf_pch; C:\windows\System32\drivers\dptf_pch.sys [2014-06-10 34072]
R3 esif_lf;esif_lf; C:\windows\System32\drivers\esif_lf.sys [2014-06-10 192624]
R3 iaLPSS_GPIO;@oem6.inf,%iaLPSS_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Driver; C:\windows\System32\drivers\iaLPSS_GPIO.sys [2014-06-11 35832]
R3 iaLPSS_I2C;@oem7.inf,%iaLPSS_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver; C:\windows\System32\drivers\iaLPSS_I2C.sys [2014-06-11 120312]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-07-25 4783472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2014-08-19 4026840]
R3 iwdbus;@oem9.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2014-07-14 27000]
R3 KMDFVirtualKbd;@oem33.inf,%KMDFVirtualKbd.SVCDESC%;Lenovo Virtual Keyboard Device; C:\windows\System32\drivers\KMDFVirtualKbd.sys [2014-08-05 22264]
R3 KMDFVirtualMouse;@oem34.inf,%KMDFVirtualMouse.SVCDESC%;Lenovo Virtual Mouse Device; C:\windows\System32\drivers\KMDFVirtualMouse.sys [2014-08-05 21240]
R3 MEIx64;@oem3.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\TeeDriverx64.sys [2014-07-03 125952]
R3 mxtBootBridge;@oem17.inf,%mxtBootBridge.SVCDESC%;maxTouch I2C Boot Bridge Peripheral Service; C:\windows\System32\drivers\mxtBootBridge.sys [2013-12-19 36160]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2014-03-18 167424]
R3 rtsuvc;@oem25.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\windows\system32\DRIVERS\rtsuvc.sys [2014-08-30 7239384]
R3 SensorsHIDClassDriver;@sensorshidclassdriver.inf,%WudfSensorsHIDClassDriverDisplayName%;UMDF Reflector service for SensorsHIDClassDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [2014-05-31 227840]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [2014-05-31 227840]
R3 SynRMIHID;@oem14.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\windows\system32\DRIVERS\SynRMIHID.sys [2014-08-04 41200]
R3 SynTP;@oem13.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2014-08-04 550128]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 AX88772;@netax88772.inf,%AX88772.DeviceDesc%;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\windows\system32\DRIVERS\ax88772.sys [2013-07-18 113864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 btwrchid;btwrchid; C:\windows\System32\drivers\btwrchid.sys [2014-03-19 38616]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem8.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2014-07-14 38264]
S3 IntcDAud;@oem4.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2014-07-25 451576]
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2014-06-03 977664]
R2 CCSDK;CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [2014-07-10 592880]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-01-02 2169016]
R2 esifsvc;ESIF Upper Framework Service; C:\windows\SysWOW64\esif_uf.exe [2014-06-10 953352]
R2 FastbootService;FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [2014-08-16 191256]
R2 HarmonyPicksService;HarmonyPicksService; C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe [2014-08-14 17176]
R2 HarmonySettingService;HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [2014-08-14 18712]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-06-25 16232]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\windows\system32\igfxCUIService.exe [2014-07-25 324568]
R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [2015-03-10 158816]
R2 Intel(R) ME Service;Intel® ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-07-03 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-07-03 154584]
R2 Lenovo OKO Service;Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2014-07-31 2543896]
R2 Lenovo Settings Service;Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2014-08-07 2013680]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoPAWDService;Lenovo PAWD Service; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [2014-11-19 133440]
R2 LenovoSetSvr;LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [2014-06-19 258544]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-08-02 218440]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-07-03 405976]
R2 OKOControlSvc;OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [2014-08-16 113944]
R2 PaperLookingSrv;PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [2014-08-12 173336]
R2 PG_Service_Launcher;PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [2014-05-28 524552]
R2 PGService;PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [2014-05-28 167176]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-11-19 321520]
R2 PLHotkeyService;PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [2014-08-12 25368]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2014-08-04 190704]
R2 VeriFaceSrv;VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [2014-11-19 68880]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09 174368]
S2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
S2 BcmBtRSupport;@oem22.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\windows\system32\BtwRSupportService.exe [2013-11-14 2251992]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-03-15 68608]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-21 267440]
S3 AVControlCenter;AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [2014-08-06 599024]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-07-25 274736]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-03-15 68608]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18 107912]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [2014-06-03 533760]
S3 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller; C:\Program Files\Lenovo\Communications Utility\cammute.exe [2014-08-06 525296]
S3 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface; C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe [2014-08-06 535024]
S3 LENOVO.TVTVCAM;Lenovo AVFramework Virtual Camera Controller Service; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2014-08-06 727536]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-17 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-11-19 338416]

-----------------EOF-----------------

Zdravim

Odinstalujte McAfee Security Scan

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

# AdwCleaner v4.112 - Logfile created 15/03/2015 at 22:00:05
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : smolko - CTHULHU
# Running from : C:\Users\smolko\Downloads\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Users\smolko\AppData\Local\globalUpdate
Folder Deleted : C:\Users\smolko\AppData\Roaming\omniboxes
Folder Deleted : C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\Extensions\searchengine@gmail.com
Folder Deleted : C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\Extensions\istart_ffnt@gmail.com
File Deleted : C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
File Deleted : C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\user.js
File Deleted : C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-1-6
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-1-7
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-10_user
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-3
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-4
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-5
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-5_user
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-6
Task Deleted : 2300726e-d013-4e97-93b8-82cdb2191e24-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omniboxes uninstall
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 en-US)

[qynluvkg.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3[...]
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14c1d19723fe7444776f334c091ad56a");
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "searchengine%40gmail.com:1.0.0.1027,NLQUCQ35648598%40KRFIE97629948.com:0.95.22,istart_ffnt%40gmail.com:5.3.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0");
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[qynluvkg.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"istart_ffnt@gmail.com\":{\"d\":\"C:\\\\Users\\\\smolko\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\qynluvkg.default\\\\extensions\\[...]

-\\ Google Chrome v41.0.2272.89


*************************

AdwCleaner[R0].txt - [10261 bytes] - [15/03/2015 21:58:57]
AdwCleaner[S0].txt - [10291 bytes] - [15/03/2015 22:00:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10351 bytes] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 15-March-2015
Tool run by smolko on Mon 03/16/2015 at 22:17:47.75.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\smolko\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/16/2015 10:19:16 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully
C:\Users\smolko\AppData\Local\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully
HKEY_USERS\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5D32E578-F030-4BA3-B1F6-C2CA1CA00DBA} deleted successfully
HKEY_USERS\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\prefs.js:
user_pref("browser.startup.homepage", "http://google.com/");
user_pref("browser.search.defaultenginename", "omniboxes");
user_pref("browser.search.selectedEngine", "omniboxes");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default

user.js not found
---- Lines aNLQUCQ35648598KRFIE97629948com71383 removed from prefs.js ----
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.active", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.addressbar", "NA");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.addressbarenhanced", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.asyncdb.was_copied", "true");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.asyncinternaldb.was_copied", "true");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.backgroundver", 1);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.certdomaininstaller", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.changeprevious", false);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Euro
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.InstallationTime.value", "%221426417190%22");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europ
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002661%22%2C%22sub_id%22%3A%2
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europea
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.previous_page.value", "%22https%3A//stores.office.com/myaccount/home.aspx%22")
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central European Stan
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.cookie.user_id.value", "%2214c1d19723fe7444776f334c091ad56a%22");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.description", "Lights out for YouTube");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.domain", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.enablesearch", false);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.homepage", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.iframe", false);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.InstallationThankYouPage", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.InstallationTime", 1426417190);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Centr
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B0%2C-2147483643%2C0%
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Europea
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cent
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E37844DE0D7343CF
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central E
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002661%22%2C%22sub_id%22%
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cent
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002661%22%2C%22sub_i
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22E37844D
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 0
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.reporting_user_key_index.expiration", "Wed Mar 12 2025 12:02:31 GMT+0100 (
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.reporting_user_key_index.value", "30");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_appVer.value", "32");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Cen
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central Eu
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_nextCheck.expiration", "Mon Mar 16 2015 00:03:06 GMT+0100 (Centr
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Central E
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.lastDailyReport", "1426438984787");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.lastUpdate", "1426438984783");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.manifesturl", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.name", "Lights Cinema 1.3beta");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.newtab", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comaNLQUCQ35648598KRFIE97629948com71383_dbWasSet", true)
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comaNLQUCQ35648598KRFIE97629948com71383_dbWasSet_FF25_FI
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comasyncdb_dbWasSet", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.NLQUCQ35648598@KRFIE97629948.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.opensearch", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.pluginsurl", "http://js.ourinputinfonet.com/plugin/ap ... /plugins.j
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.pluginsversion", 27);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.publisher", "Cinema Plus");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.searchstatus", 0);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.setnewtab", false);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.thankyou", "");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.updateinterval", 360);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.71383.ver", 32);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.apps", "71383");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.bic", "14c1d19723fe7444776f334c091ad56a");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.cid", 71383);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.firstrun", false);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.hadappinstalled", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.installationdate", 1426417349);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.installerAdditionalInfo", "{\"asw\":[0, -2147483643, 0, 256],\"browser_name\":\"ff\",\"proc
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.modetype", "production");
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.reportInstall", true);
user_pref("extensions.aNLQUCQ35648598KRFIE97629948com71383.statsDailyCounter", 2);
---- Lines omniboxes removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),omniboxes");
user_pref("browser.search.searchengine.alias", "omniboxes");
user_pref("browser.search.searchengine.iconURL", "http://www.omniboxes.com/favicon.ico");
user_pref("browser.search.searchengine.name", "omniboxes");
user_pref("browser.search.searchengine.url", "http://www.omniboxes.com/web/?type=ds&t ... NPNYAFA049
---- FireFox user.js and prefs.js backups ----

prefs_20150316_1028_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\New Folder not found
C:\Program Files (x86)\Avira\2df7dcab-34b5-410e-9edc-a218ac6b2157.dll deleted
C:\Program Files (x86)\Avira\43d45ddb-733d-4a4f-9d91-4e3253112627.dll deleted
C:\PROGRA~3\OneKey Optimizer deleted
C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\PROGRA~2\43d45ddb-733d-4a4f-9d91-4e3253112627 deleted
C:\Users\Public\Pokki deleted
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk deleted
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\Pokki deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\smolko\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\windows\tasks\FHIGIC.job deleted
C:\windows\SysNative\tasks\FHIGIC deleted
C:\windows\tasks\OEM.job deleted
C:\windows\SysNative\tasks\OEM deleted
C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat deleted
C:\Users\smolko\AppData\Roaming\FHIGIC.exe deleted
C:\Users\smolko\AppData\Roaming\OEM.exe deleted
C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\NLQUCQ35648598@KRFIE97629948.com deleted
"C:\Users\smolko\AppData\Roaming\FHIGIC" deleted
"C:\Users\smolko\AppData\Roaming\OEM" deleted
"C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\searchplugins\omniboxes.xml" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)


CinemaP-1.9cV05.03 - smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljbbcnooaklhpifalnihdiofoahmmjj

==== Chromium Fix ======================

C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljbbcnooaklhpifalnihdiofoahmmjj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996

==== shortcuts in Users Start Menu ======================

C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk - C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe i
C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk - C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe i
C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSACCESS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\ONENOTE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\POWERPNT.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSPUB.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\SETLANG.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\MSOUC.EXE

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Harmony.lnk - C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... NYAFA04996
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\smolko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\smolko\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\smolko\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\smolko\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\smolko\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\smolko\AppData\Local\Mozilla\Firefox\Profiles\qynluvkg.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9827 folders=267 563932291 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\smolko\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\smolko\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 03/16/2015 at 22:32:17.30 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by smolko (administrator) on CTHULHU on 18-03-2015 20:48:12
Running from C:\Users\smolko\Desktop
Loaded Profiles: smolko (Available profiles: smolko)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FBService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
() C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
() C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\AuthHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\smolko\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [604928 2014-07-15] (Waves Audio Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-08-04] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2014-11-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe [109840 2014-08-14] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2014-11-19] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [461080 2014-08-16] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [1341720 2014-08-28] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2657048 2014-08-28] (Lenovo)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3838030578-1317544775-1080996601-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-15] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-15] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-07-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\istart_ffnt@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.chrome.com/
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=142641715 ... NYAFA04996"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-18]
CHR Extension: (Google Docs) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-18]
CHR Extension: (Google Drive) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
CHR Extension: (YouTube) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-18]
CHR Extension: (Google Search) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-18]
CHR Extension: (Google Sheets) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-18]
CHR Extension: (Google Wallet) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18]
CHR Extension: (Gmail) - C:\Users\smolko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-06] (Lenovo Corporation)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [977664 2014-06-03] (Broadcom Corporation.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191256 2014-08-16] (Lenovo)
R2 HarmonyPicksService; C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe [17176 2014-08-14] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [18712 2014-08-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324568 2014-07-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-03] (Intel Corporation)
R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-07-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2543896 2014-07-31] ()
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2013680 2014-08-07] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-06] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2014-11-19] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218440 2014-08-02] (Lenovo(beijing) Limited)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-08-16] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-08-12] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2014-11-19] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2014-11-19] (Lenovo)
R2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-08-12] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-08-04] (Synaptics Incorporated)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-11-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-07-26] (Lenovo)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7578328 2014-11-19] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [34072 2014-06-10] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\Drivers\Fastboot.sys [69144 2014-08-16] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [110824 2014-06-11] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-05] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-05] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-07-03] (Intel Corporation)
R3 mxtBootBridge; C:\Windows\System32\drivers\mxtBootBridge.sys [36160 2013-12-19] (Atmel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [7239384 2014-08-30] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-08-04] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 20:48 - 2015-03-18 20:48 - 00022829 _____ () C:\Users\smolko\Desktop\FRST.txt
2015-03-18 20:47 - 2015-03-18 20:48 - 00000000 ____D () C:\FRST
2015-03-18 20:46 - 2015-03-18 20:30 - 02095616 _____ (Farbar) C:\Users\smolko\Desktop\FRST64.exe
2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\FRSTLauncher (2).exe
2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Desktop\FRSTLauncher.exe
2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 65066.crdownload
2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 215640.crdownload
2015-03-18 20:31 - 2015-03-18 20:31 - 00001132 _____ () C:\Users\smolko\Desktop\FRST64.exe - Shortcut.lnk
2015-03-18 20:30 - 2015-03-18 20:30 - 02095616 _____ (Farbar) C:\Users\smolko\Downloads\FRST64.exe
2015-03-16 22:32 - 2015-03-16 22:32 - 00000144 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-16 22:32 - 2015-03-16 22:32 - 00000000 ____D () C:\ProgramData\OneKey Optimizer
2015-03-16 22:31 - 2015-03-16 22:17 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-16 22:19 - 2015-03-16 22:32 - 00029266 _____ () C:\zoek-results.log
2015-03-16 22:17 - 2015-03-16 22:30 - 00000000 ____D () C:\zoek_backup
2015-03-16 22:16 - 2015-03-16 22:16 - 01305600 _____ () C:\Users\smolko\Downloads\zoek.exe
2015-03-15 21:57 - 2015-03-15 22:00 - 00000000 ____D () C:\AdwCleaner
2015-03-15 21:57 - 2015-03-15 21:57 - 02171392 _____ () C:\Users\smolko\Downloads\adwcleaner_4.112.exe
2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\rsit
2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\Program Files\trend micro
2015-03-15 21:31 - 2015-03-15 21:31 - 01222144 _____ () C:\Users\smolko\Downloads\RSITx64.exe
2015-03-15 15:55 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2015-03-15 15:55 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2015-03-15 15:55 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\eappgnui.dll
2015-03-15 15:55 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappgnui.dll
2015-03-15 15:55 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\eapp3hst.dll
2015-03-15 15:55 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\eapphost.dll
2015-03-15 15:55 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapp3hst.dll
2015-03-15 15:55 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapphost.dll
2015-03-15 15:55 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\eappcfg.dll
2015-03-15 15:55 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappcfg.dll
2015-03-15 15:55 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\windows\explorer.exe
2015-03-15 15:55 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2015-03-15 15:55 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\windows\system32\LockScreenContentServer.exe
2015-03-15 15:55 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\eappprxy.dll
2015-03-15 15:55 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappprxy.dll
2015-03-15 15:06 - 2015-03-15 15:06 - 00000000 __RHD () C:\MSOCache
2015-03-15 14:59 - 2015-03-18 20:12 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CTHULHU-smolko Cthulhu
2015-03-15 14:59 - 2015-03-15 14:59 - 00003096 _____ () C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3838030578-1317544775-1080996601-1001
2015-03-15 14:59 - 2015-03-15 14:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-15 14:56 - 2015-03-15 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-15 14:56 - 2015-03-15 14:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 14:55 - 2015-03-15 14:55 - 01075384 _____ (Microsoft Corporation) C:\Users\smolko\Downloads\Setup.X86.en-US_O365HomePremRetail_a096d614-1fc1-4747-a354-e7497f5871e0_TX_DB_.exe
2015-03-15 12:14 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-15 12:14 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-15 12:14 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-15 12:14 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-15 12:14 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-15 12:14 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-15 12:14 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-03-15 12:14 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-15 12:14 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-15 12:14 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-15 12:14 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-15 12:14 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-15 12:14 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-15 12:14 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-15 12:14 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-15 12:14 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-15 12:14 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-15 12:14 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-15 12:14 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-15 12:14 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-15 12:14 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-15 12:14 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-03-15 12:14 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-15 12:14 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-15 12:14 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-15 12:14 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-03-15 12:14 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-15 12:14 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-03-15 12:14 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-15 12:14 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-15 12:14 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-15 12:14 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-15 12:14 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-15 12:14 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-03-15 12:14 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-03-15 12:14 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-15 12:14 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-03-15 12:14 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-15 12:14 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-15 12:14 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-15 12:14 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-15 12:14 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-15 12:14 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-15 12:14 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-15 12:14 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-15 12:14 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-15 12:14 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-03-15 12:14 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-03-15 12:14 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-15 12:14 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-15 12:14 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-03-15 12:14 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-15 12:14 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-15 12:14 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-15 12:14 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
2015-03-15 12:14 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-15 12:14 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-15 12:14 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-15 12:13 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-15 12:13 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-15 12:13 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-15 12:13 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-15 12:13 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-15 12:13 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-15 12:13 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-15 12:13 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-15 12:09 - 2015-03-15 21:56 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-15 11:59 - 2015-03-15 12:00 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.9cV05.03
2015-02-21 18:58 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-21 18:58 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-21 18:58 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-02-21 18:58 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-02-21 18:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-21 18:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-21 18:58 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-21 18:58 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-21 18:58 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-21 18:58 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-21 18:58 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-02-21 18:58 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-02-21 18:58 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-02-21 18:58 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-21 18:58 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-02-21 18:58 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-02-21 18:58 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-02-21 18:58 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-02-21 18:58 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-02-21 18:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-21 18:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-21 18:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-21 18:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 20:27 - 2014-11-19 18:05 - 00016979 _____ () C:\windows\SysWOW64\Gms.log
2015-03-18 20:21 - 2014-11-19 17:46 - 02014403 _____ () C:\windows\WindowsUpdate.log
2015-03-18 20:18 - 2015-01-13 21:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 20:16 - 2014-12-26 07:39 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3838030578-1317544775-1080996601-1001
2015-03-18 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-18 19:58 - 2015-01-18 10:08 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 19:52 - 2015-01-18 10:08 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 19:52 - 2014-12-26 08:10 - 00000000 __RDO () C:\Users\smolko\OneDrive
2015-03-18 19:52 - 2014-12-26 07:34 - 00002262 _____ () C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk
2015-03-18 19:52 - 2014-12-26 07:34 - 00001366 _____ () C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk
2015-03-16 22:36 - 2014-11-19 18:39 - 00742382 _____ () C:\windows\system32\perfh005.dat
2015-03-16 22:36 - 2014-11-19 18:39 - 00152570 _____ () C:\windows\system32\perfc005.dat
2015-03-16 22:36 - 2014-03-18 10:53 - 01749406 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-16 22:32 - 2014-11-19 18:17 - 00004686 _____ () C:\Users\Public\Documents\TestService.txt
2015-03-16 22:32 - 2013-08-22 15:46 - 00021262 _____ () C:\windows\setupact.log
2015-03-16 22:32 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-16 22:31 - 2014-11-19 18:17 - 00002560 _____ () C:\windows\system32\VfService.trf
2015-03-16 22:31 - 2014-03-18 10:44 - 00009804 _____ () C:\windows\PFRO.log
2015-03-16 22:31 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-16 22:30 - 2014-12-26 08:45 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-16 22:30 - 2014-12-26 08:45 - 00001076 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-16 22:30 - 2014-12-26 07:34 - 00001710 _____ () C:\Users\smolko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-16 22:29 - 2014-12-26 09:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-16 22:13 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-03-15 21:22 - 2013-08-22 15:44 - 00481880 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 21:21 - 2015-01-03 19:02 - 00000000 ____D () C:\windows\system32\MRT
2015-03-15 21:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
2015-03-15 19:30 - 2015-01-30 21:24 - 00000000 ____D () C:\Users\smolko\Desktop\Robota
2015-03-15 16:18 - 2015-01-17 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-15 14:56 - 2014-12-26 07:34 - 00000000 ____D () C:\Users\smolko\AppData\Local\VirtualStore
2015-03-15 12:02 - 2015-01-18 10:09 - 00002302 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-15 11:39 - 2014-11-19 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2015-03-04 22:24 - 2013-08-22 16:38 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2013-08-22 16:38 - 00178144 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2014-12-26 07:58 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-26 21:14 - 2015-01-03 19:02 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-22 11:37 - 2014-12-26 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-21 19:18 - 2015-01-13 21:09 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-21 18:53 - 2015-01-18 10:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-21 18:53 - 2015-01-18 10:08 - 00003658 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-11-19 18:03 - 2014-11-19 18:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\smolko\Desktop" je 10 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... FA04996&q={searchTerms}
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... FA04996&q={searchTerms}
  HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
  HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-3838030578-1317544775-1080996601-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www
  
  FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\searchengine@gmail.com [Not Found]
  FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
  FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\istart_ffnt@gmail.com [Not Found]
  
  CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1426417151&from=amt&uid=SAMSUNGXMZNTE256HMHP-000L2_S1NPNYAFA04996"
  
  2015-03-18 20:48 - 2015-03-18 20:48 - 00022829 _____ () C:\Users\smolko\Desktop\FRST.txt
  2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\FRSTLauncher (2).exe
  2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Desktop\FRSTLauncher.exe
  2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 65066.crdownload
  2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 215640.crdownload
  2015-03-16 22:32 - 2015-03-16 22:32 - 00000144 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
  2015-03-16 22:32 - 2015-03-16 22:32 - 00000000 ____D () C:\ProgramData\OneKey Optimizer
  2015-03-16 22:31 - 2015-03-16 22:17 - 00024064 _____ () C:\windows\zoek-delete.exe
  2015-03-16 22:19 - 2015-03-16 22:32 - 00029266 _____ () C:\zoek-results.log
  2015-03-16 22:17 - 2015-03-16 22:30 - 00000000 ____D () C:\zoek_backup
  2015-03-16 22:16 - 2015-03-16 22:16 - 01305600 _____ () C:\Users\smolko\Downloads\zoek.exe
  2015-03-15 21:57 - 2015-03-15 22:00 - 00000000 ____D () C:\AdwCleaner
  2015-03-15 21:57 - 2015-03-15 21:57 - 02171392 _____ () C:\Users\smolko\Downloads\adwcleaner_4.112.exe
  2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\rsit
  2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\Program Files\trend micro
  2015-03-15 21:31 - 2015-03-15 21:31 - 01222144 _____ () C:\Users\smolko\Downloads\RSITx64.exe
  
  Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by smolko at 2015-03-21 18:56:50 Run:1
Running from C:\Users\smolko\Desktop
Loaded Profiles: smolko (Available profiles: smolko)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... FA04996&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... NYAFA04996
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... FA04996&q={searchTerms}
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3838030578-1317544775-1080996601-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www

FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
FF Extension: No Name - C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\istart_ffnt@gmail.com [Not Found]

CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=142641715 ... NYAFA04996"

2015-03-18 20:48 - 2015-03-18 20:48 - 00022829 _____ () C:\Users\smolko\Desktop\FRST.txt
2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\FRSTLauncher (2).exe
2015-03-18 20:43 - 2015-03-18 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Desktop\FRSTLauncher.exe
2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 65066.crdownload
2015-03-18 20:41 - 2015-03-18 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\smolko\Downloads\Nepotvrdené 215640.crdownload
2015-03-16 22:32 - 2015-03-16 22:32 - 00000144 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-16 22:32 - 2015-03-16 22:32 - 00000000 ____D () C:\ProgramData\OneKey Optimizer
2015-03-16 22:31 - 2015-03-16 22:17 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-16 22:19 - 2015-03-16 22:32 - 00029266 _____ () C:\zoek-results.log
2015-03-16 22:17 - 2015-03-16 22:30 - 00000000 ____D () C:\zoek_backup
2015-03-16 22:16 - 2015-03-16 22:16 - 01305600 _____ () C:\Users\smolko\Downloads\zoek.exe
2015-03-15 21:57 - 2015-03-15 22:00 - 00000000 ____D () C:\AdwCleaner
2015-03-15 21:57 - 2015-03-15 21:57 - 02171392 _____ () C:\Users\smolko\Downloads\adwcleaner_4.112.exe
2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\rsit
2015-03-15 21:33 - 2015-03-15 21:33 - 00000000 ____D () C:\Program Files\trend micro
2015-03-15 21:31 - 2015-03-15 21:31 - 01222144 _____ () C:\Users\smolko\Downloads\RSITx64.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3838030578-1317544775-1080996601-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\searchengine@gmail.com not found.
C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\NLQUCQ35648598@KRFIE97629948.com not found.
C:\Users\smolko\AppData\Roaming\Mozilla\Firefox\Profiles\qynluvkg.default\extensions\istart_ffnt@gmail.com not found.
Chrome StartupUrls deleted successfully.
"C:\Users\smolko\Desktop\FRST.txt" => File/Directory not found.
C:\Users\smolko\Downloads\FRSTLauncher (2).exe => Moved successfully.
C:\Users\smolko\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\smolko\Downloads\Nepotvrdené 65066.crdownload" => File/Directory not found.
"C:\Users\smolko\Downloads\Nepotvrdené 215640.crdownload" => File/Directory not found.
C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => Moved successfully.
C:\ProgramData\OneKey Optimizer => Moved successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\smolko\Downloads\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\smolko\Downloads\adwcleaner_4.112.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\smolko\Downloads\RSITx64.exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 63 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:57:06 ====

Jak se chova PC??

zatial je vsetko v poriadku, dakujem.

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

dakujem velmi pekne este raz a prajem pekny zvysok vikendu

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat