VIRY.CZ

Start
HKLM-x32\...\RunOnce: [{8A254797-CE81-4646-8C74-944424F98A0B}] => cmd.exe /C start /D "C:\Users\Hombre\AppData\Local\Temp" /B {8A254797-CE81-4646-8C74-944424F98A0B}.cmd
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [Spotify] => C:\Users\Hombre\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-27] (Spotify Ltd)
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9674175] => "C:\Users\Hombre\AppData\Roaming\xcws2tqrgee\lahki4julkp.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [1171228] => "C:\Users\Hombre\AppData\Roaming\m1dmpvyldkh\nt4ecie2ry4.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [8388227] => "C:\Users\Hombre\AppData\Roaming\bdvt1d5fimw\ezy5d2ybmbo.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [2011544] => "C:\Users\Hombre\AppData\Roaming\oanxihg5nos\x2hs0brickr.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [5970510] => "C:\Users\Hombre\AppData\Roaming\5k03kg0ftfy\was1yi5mvjy.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [5947983] => "C:\Users\Hombre\AppData\Roaming\wuy0tgmr1kg\0v4bca4sqrc.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [1386120] => "C:\Users\Hombre\AppData\Roaming\cydja20bbaw\pknqmwxuxsv.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [5491848] => "C:\Users\Hombre\AppData\Roaming\ifowuq14sqz\t5raspm312o.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [8948070] => "C:\Users\Hombre\AppData\Roaming\k3ffa0ogpp4\qy0k4vmenrs.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [1928080] => "C:\Users\Hombre\AppData\Roaming\vmhzqfahcax\zgj3sqr5d0o.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [2607501] => "C:\Users\Hombre\AppData\Roaming\wtnw1bmz202\mpwh51kh20q.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [4454299] => "C:\Users\Hombre\AppData\Roaming\1ud3lh2feae\rdpagdwzhhe.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [6390660] => "C:\Users\Hombre\AppData\Roaming\0zyj54cqf1d\rwadgably52.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [40174] => "C:\Users\Hombre\AppData\Roaming\ddpb4zstbbq\jqqm0wgxfgq.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [3989383] => "C:\Users\Hombre\AppData\Roaming\1e4cwdmf5c3\gskkv3cqeeh.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [4901771] => "C:\Users\Hombre\AppData\Roaming\1mx4u3geetq\q45lzprh0l1.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [4045214] => "C:\Users\Hombre\AppData\Roaming\cjrufx0zrol\zvobhgmthhp.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [8234767] => "C:\Users\Hombre\AppData\Roaming\sqv2dirteaq\zvj5kkwgezj.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [2623204] => "C:\Users\Hombre\AppData\Roaming\spod4vuzom0\o1ll0jsdmcm.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9226530] => "C:\Users\Hombre\AppData\Roaming\falhmpq4keh\0cqqc3xclui.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [3230474] => "C:\Users\Hombre\AppData\Roaming\yt54uchln1e\ytsuklgsljk.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [316134] => "C:\Users\Hombre\AppData\Roaming\j0l1nzknuo0\tmavkwunhpj.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [7457585] => "C:\Users\Hombre\AppData\Roaming\4esguif0shs\xocva3fihxb.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [7569208] => "C:\Users\Hombre\AppData\Roaming\3fgzw2wjo53\rmq2pstfy43.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [7513416] => "C:\Users\Hombre\AppData\Roaming\ckcscjcpuca\l40lxzqb2ad.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [8658810] => "C:\Users\Hombre\AppData\Roaming\g2bex3gus3i\v5j4qnaqgrm.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9403823] => "C:\Users\Hombre\AppData\Roaming\j25i0t4zvnq\r321dcn5xis.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9965416] => "C:\Users\Hombre\AppData\Roaming\0otslxkqyny\tr23ysvksgr.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [1166603] => "C:\Users\Hombre\AppData\Roaming\hlbzs34l5q3\hbpj2ebbcwh.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [4704533] => "C:\Users\Hombre\AppData\Roaming\aqtfmj1h5ao\gs2pvnod24h.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [5039966] => "C:\Users\Hombre\AppData\Roaming\pq4m4qqiwqc\ifiih3o1lsa.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [7786930] => "C:\Users\Hombre\AppData\Roaming\s333hgyuf5y\tpkgki0vvle.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9881336] => "C:\Users\Hombre\AppData\Roaming\kbesl4id5z4\oqcvkiwoiv1.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [3373313] => "C:\Users\Hombre\AppData\Roaming\o4xoddd3bdy\yx1pjazpxxm.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [8033641] => "C:\Users\Hombre\AppData\Roaming\5sx0i3s52p2\xg4mmoqbh31.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [6924361] => "C:\Users\Hombre\AppData\Roaming\s5rqaosc0dw\lisz3rs3x4p.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [5752729] => "C:\Users\Hombre\AppData\Roaming\fzgrllzqcqq\3qqb5njgyzd.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [9914210] => "C:\Users\Hombre\AppData\Roaming\oaxzhbyprjb\ng2xaefskgv.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [3011934] => "C:\Users\Hombre\AppData\Roaming\2fuilznqv1m\wmhztcdwpyt.exe" /VERYSILENT
HKU\S-1-5-21-1316363965-161402098-3267105952-1002\...\Run: [954190] => "C:\Users\Hombre\AppData\Roaming\epufh3tjh52\rgafiqttm00.exe" /VERYSILENT
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1316363965-161402098-3267105952-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2017-12-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2017-12-22] <==== ATTENTION
S2 HNService; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 HNService; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
C:\Users\Hombre\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {430D4A16-7F00-4D03-80FB-E43D08C7A34E} - \Online Application V2G1 -> No File <==== ATTENTION
Task: {45BC683A-4ECB-4DBC-901D-02A59399F95A} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {58C92EEF-A9BA-4135-8AA9-E818EDC950A5} - \Online Application V2G2 -> No File <==== ATTENTION
Task: {6CF6B592-B44C-4562-AEEB-31318414776E} - \Online Application V2G5 -> No File <==== ATTENTION
Task: {9C28CF1B-6E8B-4F1E-9C85-93FC10095003} - \AutoKMS -> No File <==== ATTENTION
Task: {B50867DE-8B04-477E-B95B-229C2BC50BAB} - \KMSAutoNet -> No File <==== ATTENTION
Task: {B6D8E66D-53AC-41E9-8A88-D7B293B29BEB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D2470697-4A06-40B4-AB4E-F3F95BDF93DD} - \Online Application V2G6 -> No File <==== ATTENTION
Task: {D67FAA8F-D73C-4D33-97E2-65B3E9065B87} - \Online Application V2G4 -> No File <==== ATTENTION
Task: {E778BCC6-78DF-4B5C-BCD3-13F12B8BBF29} - \Online Application V2G3 -> No File <==== ATTENTION

EmptyTemp:
ResetHosts:
End