() C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
(BitTorrent Inc.) C:\Users\Lou\AppData\Local\Temp\HYD874B.tmp.1516379252_permissionsCopy\BitTorrent.exe
() C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2017-12-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3034223004-1617221123-39064544-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-22]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [NameServer] 82.163.142.8,95.211.158.136
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2018-01-19]
CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3034223004-1617221123-39064544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
reg: reg query "HKLM\SYSTEM\CurrentControlSet\Services\cgrctcgg " /s
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2017-12-22] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2017-12-22] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [177536 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166624 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [315152 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193096 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337408 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51336 2017-12-22] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39424 2017-12-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139112 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102792 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76832 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1017624 2017-12-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [449848 2017-12-22] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [196904 2017-12-22] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [351128 2017-12-22] (AVG Technologies CZ, s.r.o.)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2017-09-01] () [File not signed]
2018-01-19 11:02 - 2018-01-19 11:22 - 000000000 ____D C:\ProgramData\MCShield
2018-01-19 11:02 - 2018-01-19 11:02 - 002856736 _____ (MyCity) C:\Users\Lou\Downloads\MCShield-Setup.exe
2018-01-19 11:02 - 2018-01-19 11:02 - 000001076 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2018-01-19 11:02 - 2018-01-19 11:02 - 000000000 ____D C:\Program Files (x86)\MCShield
2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ___HT C:\Windows\wusa.lock
2018-01-19 09:44 - 2018-01-19 09:44 - 000000000 ____D C:\c50d521370edaeae0fdb72bf1eff
2018-01-12 07:47 - 2018-01-19 11:26 - 000000000 ____D C:\Users\Lou\AppData\Roaming\BitTorrent
2018-01-12 07:47 - 2018-01-12 07:47 - 000000867 _____ C:\Users\Lou\Desktop\BitTorrent.lnk
2018-01-12 07:47 - 2018-01-12 07:47 - 000000847 _____ C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-01-12 07:46 - 2018-01-12 07:46 - 002870880 _____ (BitTorrent Inc.) C:\Users\Lou\Downloads\BitTorrent (1).exe
2018-01-06 10:09 - 2018-01-19 11:27 - 000000000 ____D C:\Users\Lou\AppData\LocalLow\BitTorrent
2018-01-05 21:49 - 2018-01-05 21:49 - 000000000 ____D C:\3979af9ab3fe48bef909
2018-01-01 15:57 - 2018-01-01 15:57 - 000000000 ____D C:\1a5e0f77ec97fc91c7f0ab
2018-01-01 15:41 - 2018-01-01 15:41 - 000000000 ____D C:\7e8be5e3042bcbe0fdffc5dd470306
2017-12-22 10:08 - 2017-12-22 10:08 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-01-19 11:25 - 2017-11-11 15:04 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-19 11:24 - 2017-09-01 08:07 - 000000000 ____D C:\Users\Lou\AppData\Local\lsacuxc
2017-12-22 10:15 - 2016-12-25 12:25 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-12-22 10:08 - 2017-11-19 11:00 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-12-22 10:08 - 2017-11-11 14:25 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2017-12-22 10:08 - 2017-09-02 20:45 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-12-22 10:08 - 2017-06-10 14:03 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-12-22 10:07 - 2017-06-10 14:03 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-12-22 10:06 - 2017-06-10 14:03 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers2_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} =>  -> No File
Task: {0B5EF319-DDF8-4648-9371-D9C7522E810E} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-13] (WinZip)
Task: {0EBA541F-7DA7-4918-8C32-73A70D11B83D} - System32\Tasks\k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe
Task: {10529AB3-1ACE-44B2-9369-20127414DCDF} - System32\Tasks\Sak49614734k49614734 => C:\Program Files (x86)\dunhill\dunhill.exe
Task: {117CCEB6-6D04-4E5F-9D45-9A43276EA826} - \57792256 -> No File <==== ATTENTION
Task: {1350C5D9-9415-4067-A8BE-1599031C2B78} - System32\Tasks\{D7EC4CB2-A619-400C-A8D8-3F2B68A4E41C} => C:\Windows\system32\pcalua.exe -a I:\Lou\Network\sp60242.exe -d I:\Lou\Network
Task: {1E23A938-BBE4-4299-A054-7676F254CA99} - \Sa4961473449614734 -> No File <==== ATTENTION
Task: {28E21E50-C250-43C3-B813-825A0C8032C6} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-13] (WinZip Computing, S.L.)
Task: {3E38009B-C6C0-4374-89AA-CAE8D764C4FA} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-22] (AVG Technologies CZ, s.r.o.)
Task: {4935C88A-208D-4FC9-9476-98E3EA235A69} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {54D4806C-DDCF-4A6B-B2E8-70E6BF5B424D} - \49614734 -> No File <==== ATTENTION
Task: {789179FD-574D-4106-9283-D0DF561448AC} - System32\Tasks\7412240 => C:\Program Files (x86)\Semites\sarto.exe <==== ATTENTION
Task: {7B41D227-83B5-473B-A2FF-03D39176215D} - System32\Tasks\sc0ObBznDTuC => sc0obbzndtuc.exe
Task: {8DEB2FC8-20CE-45C6-A4E9-09876D3A1CA0} - System32\Tasks\Sa74122407412240 => C:\Program Files (x86)\Semites\sarto.exe
Task: {DD575BAA-993D-4370-9C88-79FB64C232D6} - \Sa5779225657792256 -> No File <==== ATTENTION
Task: {E9D9E81E-03F6-4A0C-B794-D8DA168121A6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-11-15] (AVG Technologies CZ, s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Users\Lou\AppData\Local\lsacuxc
2017-12-22 10:07 - 2017-12-22 10:07 - 000059136 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-12-22 10:07 - 2017-12-22 10:07 - 000207272 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
ResetHosts:
FirewallRules: [{4CD511A3-F8DC-4FAD-BE2D-DBC49D7B6934}] => (Allow) C:\Program Files (x86)\Lola\sarto.exe
FirewallRules: [{A7ECC88C-BF8B-42D8-9FC6-499BD772BAD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC67C5D0-DDC6-4F4D-A372-34C400A857BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19FA2CAD-BC40-448C-A984-A85FE763F26F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{41E3C948-B6D1-42EB-B484-5B9B8C35363E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2060E859-83B8-4958-B571-46EE26DAD3FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{DEC6CADD-6348-418B-B430-E5A3C9C7F2E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{33FCEEB2-20BB-40B0-8AA7-16C852AD84F4}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{E007FBF9-95B9-44CE-A189-D8C83E856483}C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\lou\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{63D6C5A5-CD06-456E-9A5D-93C8F43284FC}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B2F60DF0-2B62-4094-8E4D-672240EDAE81}] => (Allow) C:\Users\Lou\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Lola
CMD: sc config WMPNetworkSvc start= disabled
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"