Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc s odvšivením

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Prosím o pomoc s odvšivením

#1 Příspěvek od wASQ »

Po delší době opět zdravím, pánové. Prosím o pomoc s breberkama. Neuváženým serfováním se mi do PC nejspíš dostala nějaká hávěť. Provedl jsem kontrolu AVG a odstranil viry, kontrolu Malwarebytes antispaywarem, smazal co našel. Nakonec jsem skenoval ADW cleanerem a opět odstranil, co mi nabídnul. Nicméně stále mám v PC nějakou čínskou / ruskou havěť a nedaří se mi změnit ani search engine chromu (ani přes regedit).
Prosím o pomoc.

Výpis logu RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Moloch at 2016-02-20 15:41:16
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 3 GB (3%) free of 114 GB
Total RAM: 8138 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:41:20, on 20.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
C:\Program Files\trend micro\Moloch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.tul.cz/CACHE/stc/2/binaries/vpnweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Unknown owner - C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRtp.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13438 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-61a2-1b4c39768111 /binaryPath="C:\Program Files (x86)\AVG\Av\\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\Av\avgfws.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3140.0.2136203739\687146197" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52,62 --gpu-vendor-id=0x10de --gpu-device-id=0x1381 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6191 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe" 2812 66108 0
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-405931236855657255-962144950-174289549727362417-1151004067-1281567902173925351
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe" 2812
ctfmon.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.19.296629812\1154365095" --font-cache-shared-handle=6324 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.20.1690351489\287471258" --font-cache-shared-handle=3308 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.22.1732774723\869316259" --font-cache-shared-handle=3556 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.23.141198177\1853692284" --font-cache-shared-handle=7120 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64" --type=nacl-broker --channel="3140.25.550974506\998152802" /prefetch:-875166825
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe" --type=nacl-loader --channel="3140.24.487661796\367886362" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.26.1350942791\1252393622" --font-cache-shared-handle=3104 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.27.676920282\1953059008" --font-cache-shared-handle=7996 /prefetch:673131151
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\CCleaner\CCleaner64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.32.27910233\1791711639" --font-cache-shared-handle=5068 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --channel="3140.33.1064083100\1310360956" --lang=cs --device-scale-factor=1 /prefetch:845217598
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3140.34.1770266629\112387443" --font-cache-shared-handle=4116 /prefetch:673131151
taskeng.exe {4E10A514-EF22-4B91-BEDE-96131546E452}
taskeng.exe {5E43F90A-8C2B-4300-BEFF-3D626FCA8D7C}
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
"E:\Download\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Moloch\AppData\Roaming\Mozilla\Firefox\Profiles\nwfqjn0h.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-12 2787264]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"=C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [2014-10-15 812336]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-02-18 746648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE /regrun /qqrepair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]
cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Keyboard]
C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [2014-10-14 83120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:edc67b736b4e91263159ac4c4a0703a2]
C:\Users\Moloch\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Moloch\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 15:41:16 ----D---- C:\rsit
2016-02-20 15:41:16 ----D---- C:\Program Files\trend micro
2016-02-20 15:28:04 ----D---- C:\ProgramData\TXQMPC
2016-02-20 15:12:40 ----D---- C:\Users\Moloch\AppData\Roaming\AVG
2016-02-20 15:11:30 ----HD---- C:\$AVG
2016-02-20 15:11:09 ----D---- C:\ProgramData\MFAData
2016-02-20 15:11:00 ----HD---- C:\ProgramData\Common Files
2016-02-20 15:11:00 ----D---- C:\ProgramData\Avg
2016-02-20 15:11:00 ----D---- C:\Program Files (x86)\AVG
2016-02-20 14:29:07 ----A---- C:\Users\Moloch\AppData\Roaming\GiftBag.db
2016-02-20 14:29:02 ----N---- C:\Windows\system32\drivers\TFsFltX64.sys
2016-02-20 14:28:58 ----D---- C:\Users\Moloch\AppData\Roaming\Tencent
2016-02-20 14:28:58 ----D---- C:\ProgramData\Tencent
2016-02-20 14:15:16 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-20 14:15:08 ----D---- C:\Users\Moloch\AppData\Roaming\Seznam.cz
2016-02-20 14:12:44 ----D---- C:\Program Files\7-Zip
2016-02-20 11:47:52 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-20 11:47:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-02-20 11:47:42 ----D---- C:\Windows\PCHEALTH
2016-02-20 11:47:01 ----D---- C:\Program Files\Microsoft Analysis Services
2016-02-20 11:47:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-02-20 11:46:58 ----D---- C:\Program Files (x86)\Microsoft Office
2016-02-20 11:46:57 ----D---- C:\Program Files\Microsoft Office
2016-02-20 11:46:56 ----D---- C:\ProgramData\Microsoft Help
2016-02-20 11:46:49 ----RHD---- C:\MSOCache
2016-02-15 19:06:24 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvumdshimx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglv64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglshim64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvinitx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFR64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvFBC64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispgenco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-02-15 19:04:57 ----A---- C:\Windows\system32\nvcompiler.dll
2016-02-15 18:38:20 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2016-02-20 15:41:16 ----RD---- C:\Program Files
2016-02-20 15:38:40 ----D---- C:\Windows\Temp
2016-02-20 15:34:33 ----D---- C:\Windows\System32
2016-02-20 15:34:33 ----D---- C:\Windows\inf
2016-02-20 15:34:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 15:31:33 ----D---- C:\Windows\system32\config
2016-02-20 15:28:37 ----D---- C:\ProgramData\NVIDIA
2016-02-20 15:28:35 ----RD---- C:\Program Files (x86)
2016-02-20 15:28:35 ----D---- C:\Program Files\Common Files
2016-02-20 15:28:04 ----HD---- C:\ProgramData
2016-02-20 15:27:39 ----D---- C:\Windows\Tasks
2016-02-20 15:27:39 ----D---- C:\Windows\system32\Tasks
2016-02-20 15:27:38 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-20 15:27:38 ----D---- C:\Windows\system32\drivers
2016-02-20 15:27:31 ----D---- C:\Program Files (x86)\Common Files
2016-02-20 15:27:21 ----D---- C:\AdwCleaner
2016-02-20 15:13:04 ----D---- C:\Windows\SysWOW64
2016-02-20 15:12:55 ----SHD---- C:\Windows\Installer
2016-02-20 15:12:13 ----D---- C:\Windows\system32\DriverStore
2016-02-20 15:11:24 ----SHD---- C:\System Volume Information
2016-02-20 15:04:02 ----D---- C:\Windows\Prefetch
2016-02-20 15:03:13 ----D---- C:\Program Files\SUPERAntiSpyware
2016-02-20 15:02:18 ----D---- C:\Users\Moloch\AppData\Roaming\uTorrent
2016-02-20 14:29:03 ----RSD---- C:\Windows\Fonts
2016-02-20 14:26:58 ----HD---- C:\Windows\system32\GroupPolicy
2016-02-20 14:26:58 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-02-20 12:57:15 ----D---- C:\Windows\winsxs
2016-02-20 12:55:35 ----D---- C:\Windows\Microsoft.NET
2016-02-20 12:55:34 ----RSD---- C:\Windows\assembly
2016-02-20 12:52:05 ----D---- C:\Windows\system32\catroot2
2016-02-20 11:50:08 ----SD---- C:\Users\Moloch\AppData\Roaming\Microsoft
2016-02-20 11:47:55 ----D---- C:\Windows\ShellNew
2016-02-20 11:47:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-20 11:47:42 ----SD---- C:\ProgramData\Microsoft
2016-02-20 11:47:42 ----D---- C:\Windows
2016-02-20 11:47:42 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-02-20 11:47:06 ----A---- C:\Windows\win.ini
2016-02-20 11:47:05 ----D---- C:\Program Files\Common Files\System
2016-02-20 10:43:51 ----D---- C:\Program Files (x86)\Battle.net
2016-02-17 22:59:40 ----D---- C:\Users\Moloch\AppData\Roaming\HearthstoneDeckTracker
2016-02-17 20:47:01 ----D---- C:\Users\Moloch\AppData\Roaming\Battle.net
2016-02-17 20:47:01 ----D---- C:\ProgramData\Battle.net
2016-02-17 20:00:18 ----D---- C:\Users\Moloch\AppData\Roaming\TS3Client
2016-02-15 19:06:39 ----D---- C:\ProgramData\NVIDIA Corporation
2016-02-15 19:05:59 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-15 18:38:39 ----D---- C:\ProgramData\Package Cache
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvwgf2umx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvd3dumx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvapi64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvsvc64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvcpl.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvvsvc.exe
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvsvcr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvshext.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvmctray.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshextr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshext.dll
2016-02-08 17:38:47 ----D---- C:\ProgramData\Cisco
2016-02-08 17:38:47 ----D---- C:\Program Files (x86)\Cisco
2016-02-08 17:38:44 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-11-11 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-16 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-04-24 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-04-24 30528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-07-10 141440]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-08-15 52592]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-11-20 1587128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-09 1264696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-01-13 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-02-09 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-10-23 566672]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 6308288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRtp.exe -r []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#3 Příspěvek od wASQ »

Log z ADW:

# AdwCleaner v5.035 - Logfile created 20/02/2016 at 16:42:34
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows 7 Professional N Service Pack 1 (x64)
# Username : Moloch - ENTITY
# Running from : C:\Users\Moloch\Desktop\adwcleaner_5.035 (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\Users\Moloch\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\drivers\TFsFltX64.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr

***** [ Web browsers ] *****

[-] [C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://websearch.searchmania.info/?pid=20494&r=2014/12/06&hid=28285115881752874&lg=EN&cc=CZ&unqvl=70
[-] [C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.babylon.com/?affID=112061&babsrc=HP_ss&mntrId=149d8c36000000000000386077a7bb14

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1431 bytes] ##########
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#5 Příspěvek od wASQ »

nový RSIT log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Moloch at 2016-02-20 16:54:13
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 3 GB (3%) free of 114 GB
Total RAM: 8138 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:14, on 20.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Moloch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.tul.cz/CACHE/stc/2/binaries/vpnweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13224 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-2445-3116eabcd735 /binaryPath="C:\Program Files (x86)\AVG\Av\\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\Av\avgfws.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4212.0.1429027248\1762625536" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52,62 --gpu-vendor-id=0x10de --gpu-device-id=0x1381 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6191 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.1.2033938032\462726796" --font-cache-shared-handle=1848 /prefetch:673131151
\??\C:\Windows\system32\conhost.exe "10763769921850616697-61695900-246169772188008603-567846849-38062817-721233166
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.2.942248952\1794359417" --font-cache-shared-handle=2020 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.3.12083105\257090473" --font-cache-shared-handle=2132 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.4.717523683\1678653872" --font-cache-shared-handle=2224 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.5.1409052113\1973594115" --font-cache-shared-handle=2308 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.6.1897831507\518327566" --font-cache-shared-handle=2936 /prefetch:673131151
ctfmon.exe
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe" 4024 131144 0
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64" --type=nacl-broker --channel="4212.9.1050586059\908125616" /prefetch:-875166825
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe" --type=nacl-loader --channel="4212.8.1835051375\388896287" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe" 4024
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.12.1912356871\247427482" --font-cache-shared-handle=6508 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4212.14.1975598192\1284364798" --font-cache-shared-handle=6848 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4212.15.1446523803\1831731655" --ppapi-flash-args --lang=cs --device-scale-factor=1 --font-cache-shared-handle=7228 --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Altap Salamander\salamand.exe"
"C:\Program Files\Altap Salamander\utils\salmon.exe" "Salmon685" "czech.slg"
"E:\Download\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Moloch\AppData\Roaming\Mozilla\Firefox\Profiles\nwfqjn0h.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-12 2787264]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"=C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [2014-10-15 812336]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-02-18 746648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE /regrun /qqrepair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]
cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Keyboard]
C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [2014-10-14 83120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:edc67b736b4e91263159ac4c4a0703a2]
C:\Users\Moloch\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Moloch\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 15:41:16 ----D---- C:\rsit
2016-02-20 15:41:16 ----D---- C:\Program Files\trend micro
2016-02-20 15:12:40 ----D---- C:\Users\Moloch\AppData\Roaming\AVG
2016-02-20 15:11:30 ----HD---- C:\$AVG
2016-02-20 15:11:09 ----D---- C:\ProgramData\MFAData
2016-02-20 15:11:00 ----HD---- C:\ProgramData\Common Files
2016-02-20 15:11:00 ----D---- C:\ProgramData\Avg
2016-02-20 15:11:00 ----D---- C:\Program Files (x86)\AVG
2016-02-20 14:29:07 ----A---- C:\Users\Moloch\AppData\Roaming\GiftBag.db
2016-02-20 14:15:16 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-20 14:15:08 ----D---- C:\Users\Moloch\AppData\Roaming\Seznam.cz
2016-02-20 14:12:44 ----D---- C:\Program Files\7-Zip
2016-02-20 11:47:52 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-20 11:47:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-02-20 11:47:42 ----D---- C:\Windows\PCHEALTH
2016-02-20 11:47:01 ----D---- C:\Program Files\Microsoft Analysis Services
2016-02-20 11:47:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-02-20 11:46:58 ----D---- C:\Program Files (x86)\Microsoft Office
2016-02-20 11:46:57 ----D---- C:\Program Files\Microsoft Office
2016-02-20 11:46:56 ----D---- C:\ProgramData\Microsoft Help
2016-02-20 11:46:49 ----RHD---- C:\MSOCache
2016-02-15 19:06:24 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvumdshimx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglv64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglshim64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvinitx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFR64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvFBC64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispgenco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-02-15 19:04:57 ----A---- C:\Windows\system32\nvcompiler.dll
2016-02-15 18:38:20 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2016-02-20 16:53:15 ----D---- C:\Windows\Temp
2016-02-20 16:49:08 ----D---- C:\Windows\System32
2016-02-20 16:49:08 ----D---- C:\Windows\inf
2016-02-20 16:49:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 16:43:15 ----HD---- C:\ProgramData
2016-02-20 16:43:13 ----D---- C:\ProgramData\NVIDIA
2016-02-20 16:42:44 ----D---- C:\Windows\system32\config
2016-02-20 16:42:34 ----D---- C:\Windows\system32\drivers
2016-02-20 16:42:34 ----D---- C:\AdwCleaner
2016-02-20 15:41:16 ----RD---- C:\Program Files
2016-02-20 15:28:35 ----RD---- C:\Program Files (x86)
2016-02-20 15:28:35 ----D---- C:\Program Files\Common Files
2016-02-20 15:27:39 ----D---- C:\Windows\Tasks
2016-02-20 15:27:39 ----D---- C:\Windows\system32\Tasks
2016-02-20 15:27:38 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-20 15:27:31 ----D---- C:\Program Files (x86)\Common Files
2016-02-20 15:13:04 ----D---- C:\Windows\SysWOW64
2016-02-20 15:12:55 ----SHD---- C:\Windows\Installer
2016-02-20 15:12:13 ----D---- C:\Windows\system32\DriverStore
2016-02-20 15:11:24 ----SHD---- C:\System Volume Information
2016-02-20 15:04:02 ----D---- C:\Windows\Prefetch
2016-02-20 15:03:13 ----D---- C:\Program Files\SUPERAntiSpyware
2016-02-20 15:02:18 ----D---- C:\Users\Moloch\AppData\Roaming\uTorrent
2016-02-20 14:29:03 ----RSD---- C:\Windows\Fonts
2016-02-20 14:26:58 ----HD---- C:\Windows\system32\GroupPolicy
2016-02-20 14:26:58 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-02-20 12:57:15 ----D---- C:\Windows\winsxs
2016-02-20 12:55:35 ----D---- C:\Windows\Microsoft.NET
2016-02-20 12:55:34 ----RSD---- C:\Windows\assembly
2016-02-20 12:52:05 ----D---- C:\Windows\system32\catroot2
2016-02-20 11:50:08 ----SD---- C:\Users\Moloch\AppData\Roaming\Microsoft
2016-02-20 11:47:55 ----D---- C:\Windows\ShellNew
2016-02-20 11:47:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-20 11:47:42 ----SD---- C:\ProgramData\Microsoft
2016-02-20 11:47:42 ----D---- C:\Windows
2016-02-20 11:47:42 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-02-20 11:47:06 ----A---- C:\Windows\win.ini
2016-02-20 11:47:05 ----D---- C:\Program Files\Common Files\System
2016-02-20 10:43:51 ----D---- C:\Program Files (x86)\Battle.net
2016-02-17 22:59:40 ----D---- C:\Users\Moloch\AppData\Roaming\HearthstoneDeckTracker
2016-02-17 20:47:01 ----D---- C:\Users\Moloch\AppData\Roaming\Battle.net
2016-02-17 20:47:01 ----D---- C:\ProgramData\Battle.net
2016-02-17 20:00:18 ----D---- C:\Users\Moloch\AppData\Roaming\TS3Client
2016-02-15 19:06:39 ----D---- C:\ProgramData\NVIDIA Corporation
2016-02-15 19:05:59 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-15 18:38:39 ----D---- C:\ProgramData\Package Cache
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvwgf2umx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvd3dumx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvapi64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvsvc64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvcpl.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvvsvc.exe
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvsvcr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvshext.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvmctray.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshextr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshext.dll
2016-02-08 17:38:47 ----D---- C:\ProgramData\Cisco
2016-02-08 17:38:47 ----D---- C:\Program Files (x86)\Cisco
2016-02-08 17:38:44 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-11-11 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-16 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-04-24 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-04-24 30528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-07-10 141440]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-08-15 52592]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-11-20 1587128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-09 1264696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-01-13 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-02-09 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-10-23 566672]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 6308288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]

:services
Bonjour Service

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#7 Příspěvek od wASQ »

Log RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Moloch at 2016-02-20 18:02:16
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 4 GB (4%) free of 114 GB
Total RAM: 8138 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:17, on 20.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Moloch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.tul.cz/CACHE/stc/2/binaries/vpnweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13191 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-187e-4f1b14866457 /binaryPath="C:\Program Files (x86)\AVG\Av\\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\Av\avgfws.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
taskeng.exe {5C1CAE37-DA2A-4D35-A54D-C944E9C216B2}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
taskeng.exe {789A85EA-A997-449F-B2A4-AE6102E263BB}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-1742113457-778625073659008054-1676255707-465176649283590574-1374709863-2044908332
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\02202016_180024.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe" 4516 262646 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4260.0.371110547\1126763359" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52,62 --gpu-vendor-id=0x10de --gpu-device-id=0x1381 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6191 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.1.534128055\598222867" --font-cache-shared-handle=1824 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.2.1149755053\1834197857" --font-cache-shared-handle=1796 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.3.146813264\547336473" --font-cache-shared-handle=1732 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.4.860407174\1740939795" --font-cache-shared-handle=2264 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.5.1380174264\1178498839" --font-cache-shared-handle=2296 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.6.1681133008\1065361670" --font-cache-shared-handle=2472 /prefetch:673131151
ctfmon.exe
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64" --type=nacl-broker --channel="4260.9.1825618634\2074727173" /prefetch:-875166825
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe" --type=nacl-loader --channel="4260.8.277237499\1267342767" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe" 4516
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.11.1251342276\2098615280" --font-cache-shared-handle=5860 /prefetch:673131151
"C:\Users\Moloch\Desktop\RSITx64 (1).exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Moloch\AppData\Roaming\Mozilla\Firefox\Profiles\nwfqjn0h.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-12 2787264]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"=C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [2014-10-15 812336]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-02-18 746648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE /regrun /qqrepair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]
cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Keyboard]
C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [2014-10-14 83120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:edc67b736b4e91263159ac4c4a0703a2]
C:\Users\Moloch\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Moloch\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 18:00:24 ----D---- C:\_OTM
2016-02-20 15:41:16 ----D---- C:\rsit
2016-02-20 15:41:16 ----D---- C:\Program Files\trend micro
2016-02-20 15:12:40 ----D---- C:\Users\Moloch\AppData\Roaming\AVG
2016-02-20 15:11:30 ----HD---- C:\$AVG
2016-02-20 15:11:09 ----D---- C:\ProgramData\MFAData
2016-02-20 15:11:00 ----HD---- C:\ProgramData\Common Files
2016-02-20 15:11:00 ----D---- C:\ProgramData\Avg
2016-02-20 15:11:00 ----D---- C:\Program Files (x86)\AVG
2016-02-20 14:29:07 ----A---- C:\Users\Moloch\AppData\Roaming\GiftBag.db
2016-02-20 14:15:16 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-20 14:15:08 ----D---- C:\Users\Moloch\AppData\Roaming\Seznam.cz
2016-02-20 14:12:44 ----D---- C:\Program Files\7-Zip
2016-02-20 11:47:52 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-20 11:47:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-02-20 11:47:42 ----D---- C:\Windows\PCHEALTH
2016-02-20 11:47:01 ----D---- C:\Program Files\Microsoft Analysis Services
2016-02-20 11:47:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-02-20 11:46:58 ----D---- C:\Program Files (x86)\Microsoft Office
2016-02-20 11:46:57 ----D---- C:\Program Files\Microsoft Office
2016-02-20 11:46:56 ----D---- C:\ProgramData\Microsoft Help
2016-02-20 11:46:49 ----RHD---- C:\MSOCache
2016-02-15 19:06:24 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvumdshimx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglv64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglshim64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvinitx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFR64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvFBC64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispgenco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-02-15 19:04:57 ----A---- C:\Windows\system32\nvcompiler.dll
2016-02-15 18:38:20 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2016-02-20 18:01:21 ----D---- C:\Windows\Temp
2016-02-20 18:01:19 ----D---- C:\ProgramData\NVIDIA
2016-02-20 18:00:55 ----D---- C:\Windows\system32\config
2016-02-20 18:00:24 ----D---- C:\Windows\Tasks
2016-02-20 17:30:22 ----SHD---- C:\System Volume Information
2016-02-20 17:29:43 ----D---- C:\Program Files (x86)\Battle.net
2016-02-20 16:49:08 ----D---- C:\Windows\System32
2016-02-20 16:49:08 ----D---- C:\Windows\inf
2016-02-20 16:49:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 16:43:15 ----HD---- C:\ProgramData
2016-02-20 16:42:34 ----D---- C:\Windows\system32\drivers
2016-02-20 16:42:34 ----D---- C:\AdwCleaner
2016-02-20 15:41:16 ----RD---- C:\Program Files
2016-02-20 15:28:35 ----RD---- C:\Program Files (x86)
2016-02-20 15:28:35 ----D---- C:\Program Files\Common Files
2016-02-20 15:27:39 ----D---- C:\Windows\system32\Tasks
2016-02-20 15:27:38 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-20 15:27:31 ----D---- C:\Program Files (x86)\Common Files
2016-02-20 15:13:04 ----D---- C:\Windows\SysWOW64
2016-02-20 15:12:55 ----SHD---- C:\Windows\Installer
2016-02-20 15:12:13 ----D---- C:\Windows\system32\DriverStore
2016-02-20 15:04:02 ----D---- C:\Windows\Prefetch
2016-02-20 15:03:13 ----D---- C:\Program Files\SUPERAntiSpyware
2016-02-20 15:02:18 ----D---- C:\Users\Moloch\AppData\Roaming\uTorrent
2016-02-20 14:29:03 ----RSD---- C:\Windows\Fonts
2016-02-20 14:26:58 ----HD---- C:\Windows\system32\GroupPolicy
2016-02-20 14:26:58 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-02-20 12:57:15 ----D---- C:\Windows\winsxs
2016-02-20 12:55:35 ----D---- C:\Windows\Microsoft.NET
2016-02-20 12:55:34 ----RSD---- C:\Windows\assembly
2016-02-20 12:52:05 ----D---- C:\Windows\system32\catroot2
2016-02-20 11:50:08 ----SD---- C:\Users\Moloch\AppData\Roaming\Microsoft
2016-02-20 11:47:55 ----D---- C:\Windows\ShellNew
2016-02-20 11:47:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-20 11:47:42 ----SD---- C:\ProgramData\Microsoft
2016-02-20 11:47:42 ----D---- C:\Windows
2016-02-20 11:47:42 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-02-20 11:47:06 ----A---- C:\Windows\win.ini
2016-02-20 11:47:05 ----D---- C:\Program Files\Common Files\System
2016-02-17 22:59:40 ----D---- C:\Users\Moloch\AppData\Roaming\HearthstoneDeckTracker
2016-02-17 20:47:01 ----D---- C:\Users\Moloch\AppData\Roaming\Battle.net
2016-02-17 20:47:01 ----D---- C:\ProgramData\Battle.net
2016-02-17 20:00:18 ----D---- C:\Users\Moloch\AppData\Roaming\TS3Client
2016-02-15 19:06:39 ----D---- C:\ProgramData\NVIDIA Corporation
2016-02-15 19:05:59 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-15 18:38:39 ----D---- C:\ProgramData\Package Cache
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvwgf2umx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvd3dumx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvapi64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvsvc64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvcpl.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvvsvc.exe
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvsvcr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvshext.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvmctray.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshextr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshext.dll
2016-02-08 17:38:47 ----D---- C:\ProgramData\Cisco
2016-02-08 17:38:47 ----D---- C:\Program Files (x86)\Cisco
2016-02-08 17:38:44 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-11-11 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-16 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-04-24 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-04-24 30528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-07-10 141440]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-08-15 52592]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-11-20 1587128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-09 1264696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-01-13 66872]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-02-09 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-10-23 566672]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 6308288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------


Log OTM:

All processes killed
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C\ not found.
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Moloch
->Temp folder emptied: 18177549 bytes
->Temporary Internet Files folder emptied: 2063120 bytes
->Java cache emptied: 8196 bytes
->FireFox cache emptied: 8568371 bytes
->Google Chrome cache emptied: 215280247 bytes
->Flash cache emptied: 233 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 890 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7817796 bytes

Total Files Cleaned = 240,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Moloch
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02202016_180024

Files moved on Reboot...
C:\Users\Moloch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Moloch\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#8 Příspěvek od Rudy »

Poprosím ještě o jeden RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#9 Příspěvek od wASQ »

log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Moloch at 2016-02-20 20:26:42
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 4 GB (4%) free of 114 GB
Total RAM: 8138 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:42, on 20.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files\trend micro\Moloch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.tul.cz/CACHE/stc/2/binaries/vpnweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13226 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-187e-4f1b14866457 /binaryPath="C:\Program Files (x86)\AVG\Av\\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\Av\avgfws.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
taskeng.exe {5C1CAE37-DA2A-4D35-A54D-C944E9C216B2}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-1742113457-778625073659008054-1676255707-465176649283590574-1374709863-2044908332
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe" 4516 262646 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4260.0.371110547\1126763359" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52,62 --gpu-vendor-id=0x10de --gpu-device-id=0x1381 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6191 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.1.534128055\598222867" --font-cache-shared-handle=1824 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.2.1149755053\1834197857" --font-cache-shared-handle=1796 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.3.146813264\547336473" --font-cache-shared-handle=1732 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.4.860407174\1740939795" --font-cache-shared-handle=2264 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.5.1380174264\1178498839" --font-cache-shared-handle=2296 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.6.1681133008\1065361670" --font-cache-shared-handle=2472 /prefetch:673131151
ctfmon.exe
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64" --type=nacl-broker --channel="4260.9.1825618634\2074727173" /prefetch:-875166825
"C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe" --type=nacl-loader --channel="4260.8.277237499\1267342767" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe" 4516
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\YoloMouse\YoloMouse.exe"
"C:\Program Files (x86)\Cok Software\Cok Free Auto Clicker\AutoClicker.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4260.18.136812053\157526411" --font-cache-shared-handle=4328 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe27_ Global\UsGthrCtrlFltPipeMssGthrPipe27 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe"
"C:\Users\Moloch\Desktop\RSITx64 (1).exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Moloch\AppData\Roaming\Mozilla\Firefox\Profiles\nwfqjn0h.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-12 2787264]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"=C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [2014-10-15 812336]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"GoogleChromeAutoLaunch_B7D745456B1FC54AC3632E690F40440E"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-02-18 746648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE /regrun /qqrepair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]
cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Keyboard]
C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [2014-10-14 83120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:edc67b736b4e91263159ac4c4a0703a2]
C:\Users\Moloch\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Moloch\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 18:00:24 ----D---- C:\_OTM
2016-02-20 15:41:16 ----D---- C:\rsit
2016-02-20 15:41:16 ----D---- C:\Program Files\trend micro
2016-02-20 15:12:40 ----D---- C:\Users\Moloch\AppData\Roaming\AVG
2016-02-20 15:11:30 ----HD---- C:\$AVG
2016-02-20 15:11:09 ----D---- C:\ProgramData\MFAData
2016-02-20 15:11:00 ----HD---- C:\ProgramData\Common Files
2016-02-20 15:11:00 ----D---- C:\ProgramData\Avg
2016-02-20 15:11:00 ----D---- C:\Program Files (x86)\AVG
2016-02-20 14:29:07 ----A---- C:\Users\Moloch\AppData\Roaming\GiftBag.db
2016-02-20 14:15:16 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-20 14:15:08 ----D---- C:\Users\Moloch\AppData\Roaming\Seznam.cz
2016-02-20 14:12:44 ----D---- C:\Program Files\7-Zip
2016-02-20 11:47:52 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-20 11:47:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-02-20 11:47:42 ----D---- C:\Windows\PCHEALTH
2016-02-20 11:47:01 ----D---- C:\Program Files\Microsoft Analysis Services
2016-02-20 11:47:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-02-20 11:46:58 ----D---- C:\Program Files (x86)\Microsoft Office
2016-02-20 11:46:57 ----D---- C:\Program Files\Microsoft Office
2016-02-20 11:46:56 ----D---- C:\ProgramData\Microsoft Help
2016-02-20 11:46:49 ----RHD---- C:\MSOCache
2016-02-15 19:06:24 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvumdshimx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglv64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglshim64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvinitx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFR64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvFBC64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispgenco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-02-15 19:04:57 ----A---- C:\Windows\system32\nvcompiler.dll
2016-02-15 18:38:20 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2016-02-20 20:26:22 ----D---- C:\Windows\Temp
2016-02-20 20:16:45 ----D---- C:\Users\Moloch\AppData\Roaming\TS3Client
2016-02-20 18:07:14 ----D---- C:\Windows\System32
2016-02-20 18:07:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 18:07:13 ----D---- C:\Windows\inf
2016-02-20 18:04:31 ----D---- C:\Program Files (x86)\Battle.net
2016-02-20 18:01:19 ----D---- C:\ProgramData\NVIDIA
2016-02-20 18:00:55 ----D---- C:\Windows\system32\config
2016-02-20 18:00:24 ----D---- C:\Windows\Tasks
2016-02-20 17:30:22 ----SHD---- C:\System Volume Information
2016-02-20 16:43:15 ----HD---- C:\ProgramData
2016-02-20 16:42:34 ----D---- C:\Windows\system32\drivers
2016-02-20 16:42:34 ----D---- C:\AdwCleaner
2016-02-20 15:41:16 ----RD---- C:\Program Files
2016-02-20 15:28:35 ----RD---- C:\Program Files (x86)
2016-02-20 15:28:35 ----D---- C:\Program Files\Common Files
2016-02-20 15:27:39 ----D---- C:\Windows\system32\Tasks
2016-02-20 15:27:38 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-20 15:27:31 ----D---- C:\Program Files (x86)\Common Files
2016-02-20 15:13:04 ----D---- C:\Windows\SysWOW64
2016-02-20 15:12:55 ----SHD---- C:\Windows\Installer
2016-02-20 15:12:13 ----D---- C:\Windows\system32\DriverStore
2016-02-20 15:04:02 ----D---- C:\Windows\Prefetch
2016-02-20 15:03:13 ----D---- C:\Program Files\SUPERAntiSpyware
2016-02-20 15:02:18 ----D---- C:\Users\Moloch\AppData\Roaming\uTorrent
2016-02-20 14:29:03 ----RSD---- C:\Windows\Fonts
2016-02-20 14:26:58 ----HD---- C:\Windows\system32\GroupPolicy
2016-02-20 14:26:58 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-02-20 12:57:15 ----D---- C:\Windows\winsxs
2016-02-20 12:55:35 ----D---- C:\Windows\Microsoft.NET
2016-02-20 12:55:34 ----RSD---- C:\Windows\assembly
2016-02-20 12:52:05 ----D---- C:\Windows\system32\catroot2
2016-02-20 11:50:08 ----SD---- C:\Users\Moloch\AppData\Roaming\Microsoft
2016-02-20 11:47:55 ----D---- C:\Windows\ShellNew
2016-02-20 11:47:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-20 11:47:42 ----SD---- C:\ProgramData\Microsoft
2016-02-20 11:47:42 ----D---- C:\Windows
2016-02-20 11:47:42 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-02-20 11:47:06 ----A---- C:\Windows\win.ini
2016-02-20 11:47:05 ----D---- C:\Program Files\Common Files\System
2016-02-17 22:59:40 ----D---- C:\Users\Moloch\AppData\Roaming\HearthstoneDeckTracker
2016-02-17 20:47:01 ----D---- C:\Users\Moloch\AppData\Roaming\Battle.net
2016-02-17 20:47:01 ----D---- C:\ProgramData\Battle.net
2016-02-15 19:06:39 ----D---- C:\ProgramData\NVIDIA Corporation
2016-02-15 19:05:59 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-15 18:38:39 ----D---- C:\ProgramData\Package Cache
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvwgf2umx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvd3dumx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvapi64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvsvc64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvcpl.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvvsvc.exe
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvsvcr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvshext.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvmctray.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshextr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshext.dll
2016-02-08 17:38:47 ----D---- C:\ProgramData\Cisco
2016-02-08 17:38:47 ----D---- C:\Program Files (x86)\Cisco
2016-02-08 17:38:44 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-11-11 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-16 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-04-24 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-04-24 30528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-07-10 141440]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-08-15 52592]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-11-20 1587128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-09 1264696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-01-13 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-02-09 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-10-23 566672]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 6308288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#10 Příspěvek od Rudy »

Dvouklikem na soubor C:\Program Files\trend micro\Moloch.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
R3 - URLSearchHook: (no name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - (no file)
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

Systémový disk má málo volného místa. Přesuňte některá svá data na jiné úložiště, příp. odinstalujte nepoužívané aplikace.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#11 Příspěvek od wASQ »

Hotovo. Nový log z RSIT:

(stále nemůžu změnit search engine)

Logfile of random's system information tool 1.10 (written by random/random)
Run by Moloch at 2016-02-20 22:12:16
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 8138 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:17, on 20.2.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Moloch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?un_449343_3348
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.tul.cz/CACHE/stc/2/binaries/vpnweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12704 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\Av\avgrsa.exe /boot
C:\Program Files (x86)\AVG\Av\avgcsrva.exe /pipeName=44800c66-0200-0000-faf5-66127839d10f /binaryPath="C:\Program Files (x86)\AVG\Av\\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\Av\avgfws.exe"
"C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files (x86)\AVG\Av\avgnsa.exe"
"C:\Program Files (x86)\AVG\Av\avgemca.exe"
taskeng.exe {789E5C3A-4BFB-4122-B26F-01136A6EEAC7}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3864.0.901856507\1629732240" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,24,52,62 --gpu-vendor-id=0x10de --gpu-device-id=0x1381 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.6191 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe" 4024 131490 0
"C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1590527971-427136885-423138117-1733083220-1295711377347820241-517503955-69321242
ctfmon.exe
"C:\Users\Moloch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe"
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe" 4024
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3864.13.493361598\1633420219" --font-cache-shared-handle=6520 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --channel="3864.14.2075360029\1328108460" --lang=cs --device-scale-factor=1 /prefetch:845217598
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="3864.15.1137893849\1339863633" --font-cache-shared-handle=5368 /prefetch:673131151
"C:\Program Files\Altap Salamander\salamand.exe"
"C:\Program Files\Altap Salamander\utils\salmon.exe" "Salmon714" "czech.slg"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Moloch\Desktop\RSITx64 (1).exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Moloch\AppData\Roaming\Mozilla\Firefox\Profiles\nwfqjn0h.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-01-12 2787264]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-01-12 1860120]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Actual Multiple Monitors"=C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [2014-10-15 812336]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ QQPCTray]
C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE /regrun /qqrepair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C]
cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2012-07-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Keyboard]
C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [2014-10-14 83120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:edc67b736b4e91263159ac4c4a0703a2]
C:\Users\Moloch\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe -c C:\Users\Moloch\AppData\Roaming\Seznam.cz []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe []
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-10-23 708496]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [2015-11-12 1136552]
"AVG_UI"=C:\Program Files (x86)\AVG\Av\avgui.exe [2015-11-20 3855272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 22:12:16 ----D---- C:\rsit
2016-02-20 15:41:16 ----D---- C:\Program Files\trend micro
2016-02-20 15:12:40 ----D---- C:\Users\Moloch\AppData\Roaming\AVG
2016-02-20 15:11:30 ----HD---- C:\$AVG
2016-02-20 15:11:09 ----D---- C:\ProgramData\MFAData
2016-02-20 15:11:00 ----HD---- C:\ProgramData\Common Files
2016-02-20 15:11:00 ----D---- C:\ProgramData\Avg
2016-02-20 15:11:00 ----D---- C:\Program Files (x86)\AVG
2016-02-20 14:29:07 ----A---- C:\Users\Moloch\AppData\Roaming\GiftBag.db
2016-02-20 14:15:16 ----D---- C:\Program Files (x86)\Seznam.cz
2016-02-20 14:15:08 ----D---- C:\Users\Moloch\AppData\Roaming\Seznam.cz
2016-02-20 14:12:44 ----D---- C:\Program Files\7-Zip
2016-02-20 11:47:52 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-20 11:47:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-02-20 11:47:42 ----D---- C:\Windows\PCHEALTH
2016-02-20 11:47:01 ----D---- C:\Program Files\Microsoft Analysis Services
2016-02-20 11:47:01 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2016-02-20 11:46:58 ----D---- C:\Program Files (x86)\Microsoft Office
2016-02-20 11:46:57 ----D---- C:\Program Files\Microsoft Office
2016-02-20 11:46:56 ----D---- C:\ProgramData\Microsoft Help
2016-02-20 11:46:49 ----RHD---- C:\MSOCache
2016-02-15 19:06:24 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvumdshimx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvopencl.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglv64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvoglshim64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvinitx.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvIFR64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\NvFBC64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispgenco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvdispco6436191.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuvid.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\nvcuda.dll
2016-02-15 19:04:58 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2016-02-15 19:04:57 ----A---- C:\Windows\system32\nvcompiler.dll
2016-02-15 18:38:20 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-02-15 18:38:20 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2016-02-20 22:10:00 ----D---- C:\Windows\Temp
2016-02-20 22:09:58 ----D---- C:\ProgramData\NVIDIA
2016-02-20 21:08:10 ----D---- C:\Users\Moloch\AppData\Roaming\HearthstoneDeckTracker
2016-02-20 20:27:39 ----D---- C:\Program Files (x86)\Battle.net
2016-02-20 20:16:45 ----D---- C:\Users\Moloch\AppData\Roaming\TS3Client
2016-02-20 18:07:14 ----D---- C:\Windows\System32
2016-02-20 18:07:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-20 18:07:13 ----D---- C:\Windows\inf
2016-02-20 18:00:55 ----D---- C:\Windows\system32\config
2016-02-20 18:00:24 ----D---- C:\Windows\Tasks
2016-02-20 17:30:22 ----SHD---- C:\System Volume Information
2016-02-20 16:43:15 ----HD---- C:\ProgramData
2016-02-20 16:42:34 ----D---- C:\Windows\system32\drivers
2016-02-20 16:42:34 ----D---- C:\AdwCleaner
2016-02-20 15:41:16 ----RD---- C:\Program Files
2016-02-20 15:28:35 ----RD---- C:\Program Files (x86)
2016-02-20 15:28:35 ----D---- C:\Program Files\Common Files
2016-02-20 15:27:39 ----D---- C:\Windows\system32\Tasks
2016-02-20 15:27:38 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-20 15:27:31 ----D---- C:\Program Files (x86)\Common Files
2016-02-20 15:13:04 ----D---- C:\Windows\SysWOW64
2016-02-20 15:12:55 ----SHD---- C:\Windows\Installer
2016-02-20 15:12:13 ----D---- C:\Windows\system32\DriverStore
2016-02-20 15:04:02 ----D---- C:\Windows\Prefetch
2016-02-20 15:03:13 ----D---- C:\Program Files\SUPERAntiSpyware
2016-02-20 15:02:18 ----D---- C:\Users\Moloch\AppData\Roaming\uTorrent
2016-02-20 14:29:03 ----RSD---- C:\Windows\Fonts
2016-02-20 14:26:58 ----HD---- C:\Windows\system32\GroupPolicy
2016-02-20 14:26:58 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2016-02-20 12:57:15 ----D---- C:\Windows\winsxs
2016-02-20 12:55:35 ----D---- C:\Windows\Microsoft.NET
2016-02-20 12:55:34 ----RSD---- C:\Windows\assembly
2016-02-20 12:52:05 ----D---- C:\Windows\system32\catroot2
2016-02-20 11:50:08 ----SD---- C:\Users\Moloch\AppData\Roaming\Microsoft
2016-02-20 11:47:55 ----D---- C:\Windows\ShellNew
2016-02-20 11:47:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-20 11:47:42 ----SD---- C:\ProgramData\Microsoft
2016-02-20 11:47:42 ----D---- C:\Windows
2016-02-20 11:47:42 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-02-20 11:47:06 ----A---- C:\Windows\win.ini
2016-02-20 11:47:05 ----D---- C:\Program Files\Common Files\System
2016-02-17 20:47:01 ----D---- C:\Users\Moloch\AppData\Roaming\Battle.net
2016-02-17 20:47:01 ----D---- C:\ProgramData\Battle.net
2016-02-15 19:06:39 ----D---- C:\ProgramData\NVIDIA Corporation
2016-02-15 19:05:59 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-15 18:38:39 ----D---- C:\ProgramData\Package Cache
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2016-02-09 09:39:50 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvwgf2umx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvd3dumx.dll
2016-02-09 09:39:50 ----A---- C:\Windows\system32\nvapi64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvsvc64.dll
2016-02-09 06:41:27 ----A---- C:\Windows\system32\nvcpl.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvvsvc.exe
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvsvcr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvshext.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nvmctray.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshextr.dll
2016-02-09 06:41:25 ----A---- C:\Windows\system32\nv3dappshext.dll
2016-02-08 17:38:47 ----D---- C:\ProgramData\Cisco
2016-02-08 17:38:47 ----D---- C:\Program Files (x86)\Cisco
2016-02-08 17:38:44 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-08-20 298416]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-08-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-11-06 256432]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-08-10 42416]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-10-28 22240]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-11-06 184240]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2015-08-29 97208]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-11-06 313776]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-10-08 302000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-11-11 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-16 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-12-18 47760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-10-24 22240]
S2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-10-23 129520]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2015-04-24 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2015-04-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2015-04-24 30528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-07-10 141440]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2014-08-15 52592]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-09-30 36568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\Av\avgfws.exe [2015-11-20 1587128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-11-20 3857272]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-11-20 579776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-12 1163200]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-02-09 1264696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-01-13 66872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-02-09 426040]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-10-23 566672]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-01-12 6308288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvgAMPS;AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-11-20 615584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-15 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o pomoc s odvšivením

#12 Příspěvek od Rudy »

Log je již OK. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#13 Příspěvek od wASQ »

OTM po sobě uklídil již před posledním logem (jak jste žádal). Ještě jednou proskenuji MBAM, ale smartsputnik se mě nechce pustit. Podle různých návodů jsem vymazal všechny hodnoty v registru, nicméně on v chromu stále zůstává (viz obrázek)

Kód: Vybrat vše

http://i.imgur.com/rpLR0lI.jpg
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#14 Příspěvek od wASQ »

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.2.2016
Čas skenování: 22:41
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.20.03
Databáze rootkitů: v2016.02.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Moloch

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 345210
Uplynulý čas: 3 min, 15 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 17
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, , [5a99db87613896a040ab05aa35cd33cd],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture.1, , [44afe77be2b79f976b80dad559a935cb],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture.1, , [44afe77be2b79f976b80dad559a935cb],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [8c671e445c3d270fe758c1e8f012758b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [cd266101aeebd95d320deabf936fe51b],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [8e65f66c5e3baf8750ef08a113efe11f],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [46ad39295e3b270f320d87225aa87e82],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\setup.DynamicNS, , [886bd68c6f2a52e4eea09e12778b926e],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\setup.DynamicNS, , [35be5b074653f145b3db565a867caf51],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\setup.DynamicNS, , [35be5b074653f145b3db565a867caf51],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1638566605-3970343455-2542827387-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [ad46441eb2e772c4a1e862bf19eb728e],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1638566605-3970343455-2542827387-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [ad46441eb2e772c4a1e862bf19eb728e],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 217
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hu, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\am, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ar, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\bg, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\bn, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ca, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\cs, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\da, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\de, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\el, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\en, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\en_GB, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\es, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\es_419, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\et, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fa, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fi, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fil, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fr, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\gu, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\he, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hi, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hr, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\id, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\it, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ja, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\kn, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ko, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\lt, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\lv, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ml, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\mr, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ms, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\nl, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\no, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pl, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pt_BR, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pt_PT, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ro, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ru, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sk, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sl, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sr, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sv, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sw, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ta, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\te, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\th, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\tr, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\uk, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\vi, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\zh_CN, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\zh_TW, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_metadata, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\html, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\js, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\_metadata, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\fonts, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icudata, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ar, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\bg, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ca, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\cs, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\da, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\de, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\el, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\en, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\en_GB, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\es, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\es_419, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\et, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fa, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fi, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fr, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fr_CA, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\hr, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\hu, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\id, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\it, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\iw, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ja, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ko, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\lt, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\lv, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\nb, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\nl, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\no, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pl, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pt_BR, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pt_PT, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ro, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ru, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sk, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sl, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sr, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sv, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\tr, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\uk, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\zh_TW, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_metadata, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ko, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\am, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ar, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\bg, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ca, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\cs, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\da, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\de, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\el, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\en, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\en_GB, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\es, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\es_419, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\et, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fa, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fi, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fil, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fr, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hi, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hr, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hu, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\id, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\it, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\iw, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ja, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\lt, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\lv, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ms, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\nl, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\no, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pl, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pt_BR, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pt_PT, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ro, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ru, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sk, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sl, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sr, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sv, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sw, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\th, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\tr, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\uk, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\vi, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zh_CN, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zh_TW, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zu, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_metadata, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [757ec999316850e6cc397e9dbf46af51],

Soubory: 469
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\manifest.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\bubble_compiled.js, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\bubble_gss.css, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\injection.js, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\main_compiled.js, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\options.html, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\options_compiled.js, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\options_css_compiled.css, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\popup.html, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\popup_compiled.js, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\popup_css_compiled.css, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\128.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\16.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\19.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\38.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\48.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\audio.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\icons\new_translation.png, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hu\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\am\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ar\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\bg\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\bn\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ca\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\cs\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\da\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\de\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\el\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\en\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\en_GB\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\es\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\es_419\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\et\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fa\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fi\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fil\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\fr\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\gu\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\he\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hi\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\hr\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\id\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\it\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ja\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\kn\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ko\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\lt\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\lv\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ml\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\mr\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ms\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\nl\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\no\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pl\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pt_BR\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\pt_PT\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ro\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ru\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sk\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sl\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sr\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sv\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\sw\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\ta\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\te\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\th\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\tr\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\uk\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\vi\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\zh_CN\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_locales\zh_TW\messages.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\_metadata\verified_contents.json, , [0fe4a8bae0b93afc030236e52bdad927],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\manifest.json, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\html\background.html, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\html\options.html, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\bg.noise.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\help.app_icon.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\icon.128.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\icon.16.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\icon.48.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\icon.64.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\images\logo.text.409x86.png, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\js\x___.js, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\js\_x__.js, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\js\__x_.js, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\js\___x.js, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\_metadata\verified_contents.json, , [03f0fe646d2cb77fb550a97229dce51b],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\manifest.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\background.js, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\css_compiled.css, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\css_compiled_rtl.css, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\dirchooser.html, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\loader.js, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\main.js, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\miniplayer.html, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\MusicManager.nmf, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\picker.html, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\settings.html, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\thirdparty.html, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\version.txt, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\fonts\Roboto-Regular.ttf, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_dev.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_dev_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_dogfood.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_dogfood_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_qa.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_qa_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icons\ic_app_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\icudata\icudt53l.dat, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\icon_close_popup.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\icon_close_popup_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_repeat_all_off_hover.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_repeat_all_off_normal.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_repeat_all_off_pressed.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_scrubber_thumb.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_scrubber_thumb_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_shuffle_off_hover.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_shuffle_off_normal.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\btn_shuffle_off_pressed.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\default_album_art_296_card.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\default_album_art_296_card_x2.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_checkmark.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_checkmark_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_close.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_close_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_forward.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_forward_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_headphone_empty.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_ifl_hover.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_ifl_hover_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_ifl_normal.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_ifl_normal_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_music.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_music_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_overflow.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_overflow_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_pause_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_play.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_play_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat_all.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat_all_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat_one.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_repeat_one_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_rewind.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_rewind_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_shuffle.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_shuffle_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_shuffle_on.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_shuffle_on_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_hover.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_hover_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_normal.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_normal_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_selected.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbdown_selected_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_hover.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_headphone_empty_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_pause.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_hover_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_normal.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_normal_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_selected.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ic_thumbup_selected_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_album_art.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_album_art_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_album_art_hover.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_album_art_hover_2x.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_dice.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_dice_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_dice_hover.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_dice_hover_2x.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_hover.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_hover_2x.gif, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_static.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\resources\images\miniplayer\ifl_static_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_close.png, , [9e55b8aa7128f145010465b650b50cf4],
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Uživatelský avatar
wASQ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 103
Registrován: 03 lis 2009 11:57
Bydliště: Liberec - Praha

Re: Prosím o pomoc s odvšivením

#15 Příspěvek od wASQ »

PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_close_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_dropdown_arrow.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_dropdown_arrow_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_folder.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_folder_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_plus.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\vib\ic_plus_2x.png, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ar\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\bg\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ca\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\cs\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\da\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\de\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\el\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\en\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\en_GB\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\es\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\es_419\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\et\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fa\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fi\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fr\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\fr_CA\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\hr\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\hu\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\id\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\it\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\iw\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ja\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ko\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\lt\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\lv\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\nb\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\nl\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\no\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pl\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pt_BR\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\pt_PT\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ro\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\ru\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sk\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sl\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sr\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\sv\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\tr\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\uk\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_locales\zh_TW\messages.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_metadata\verified_contents.json, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libc.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libdl.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libfaad.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libflac.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libgcc_s.so.1, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libid3lib.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libjsoncpp.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\liblame.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libm.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libminidump_generator.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libmpg123.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libnacl_exception.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libnacl_io.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libogg.so.0, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libopenssl-hash.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libppapi_cpp.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libpthread.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libstdc++.so.6, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libvorbis.so.0, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\libvorbisfile.so.3, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\MusicManager_x86_32.nexe, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-32\runnable-ld.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libc.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libdl.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libfaad.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libflac.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libgcc_s.so.1, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libid3lib.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libjsoncpp.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\liblame.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libm.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libminidump_generator.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libmpg123.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libnacl_exception.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libnacl_io.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libogg.so.0, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libopenssl-hash.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libppapi_cpp.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libpthread.so.8ec02f0e, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libstdc++.so.6, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libvorbis.so.0, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\libvorbisfile.so.3, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\MusicManager_x86_64.nexe, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.248.1_0\_platform_specific\x86-64\runnable-ld.so, , [9e55b8aa7128f145010465b650b50cf4],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\manifest.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\icon_128.png, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\icon_16.png, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\icon_local_color.png, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodapp_ltr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodapp_rtl.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodbackground.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodbootstrap.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodindex.html, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodltr.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\keep_prodrtl.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\open_sans.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\open_sans.woff, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\Roboto-Bold.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\Roboto-Italic.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\Roboto-Light.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\Roboto-Regular.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\roboto.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoCondensed-Bold.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoCondensed-Light.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoCondensed-Regular.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoSlab-Bold.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoSlab-Light.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoSlab-Regular.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\RobotoSlab-Thin.ttf, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\roboto_condensed.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\roboto_slab.css, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_es.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ml.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_es_419.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_et.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_eu.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_fa.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_fi.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_fil.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_fr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_fr_ca.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_gl.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_gu.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_hi.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_hr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_hu.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_hy.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_id.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_is.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_it.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_iw.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ja.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ka.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_km.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_kn.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ko.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_lo.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_lt.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_lv.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_af.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_am.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ar.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_az.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_bg.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_bn.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ca.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_cs.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_da.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_de.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_el.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_en.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_en_gb.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_mn.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_mr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ms.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ne.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_nl.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_no.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_pl.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_pt_br.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_pt_pt.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ro.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ru.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_si.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_sk.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_sl.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_sr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_sv.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_sw.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ta.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_te.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_th.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_tr.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_uk.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_ur.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_vi.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_zh_cn.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_zh_hk.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_zh_tw.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\i18n\symbols_zu.js, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ko\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\am\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ar\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\bg\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ca\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\cs\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\da\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\de\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\el\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\en\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\en_GB\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\es\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\es_419\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\et\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fa\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fi\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fil\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\fr\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hi\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hr\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\hu\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\id\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\it\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\iw\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ja\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\lt\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\lv\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ms\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\nl\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\no\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pl\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pt_BR\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\pt_PT\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ro\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\ru\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sk\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sl\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sr\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sv\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\sw\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\th\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\tr\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\uk\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\vi\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zh_CN\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zh_TW\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_locales\zu\messages.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14492.60_0\_metadata\verified_contents.json, , [29cabba7b8e178be2fd68893010433cd],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, , [757ec999316850e6cc397e9dbf46af51],
PUP.Optional.HijackModifiedExtension, C:\Users\Moloch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata\verified_contents.json, , [757ec999316850e6cc397e9dbf46af51],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Tři nejnebezpečnější lidé v IT:
3. Technik, který programuje
2. Programátor, který má v ruce pájku
1. Uživatel, který dostal nápad
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“