Closed/Inactive Reinstall

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

mawlol

PCHF Member
PCHF Member
Jul 23, 2017
5
0
23
Hello, today I've tried to reinstall windows (I got adware on PC that I just can't figure it out how to remove) so im forced to do reinstall. Basicly what I did I made a bootable USB from ISO using "Windows 7 USB dw download tool" and when I tried to put in BIOS to boot from USB all of the sudden it doesn't show up USB anymore. I've read on forums that it's probably due to me having windows 7 Ultimate but booting in UEFI instead of Legacy boot, I've tried to swich up to legacy but all instrucitons are for windows 8 and I have windows 7 atm. Im not sure what to do now and I would appriciate some help.
 

Rustys

Escaped Mental Patient
Administrator
Support Team
Jul 22, 2016
2,327
632
127.0.0.1
pchelpforum.net
Hello Mawlol and welcome to the site.

1. Make and Model of the system.
2. Have you talked to our Security team to see if they can help you remove the ad ware form the system.
3. Where did the Windows 7 come?
4. Have you tried the systems built in recovery partition?
 

mawlol

PCHF Member
PCHF Member
Jul 23, 2017
5
0
23
If it's possible I would like to remove malware instead of reinstalling for sure, just I tried many antimalware programs and none of them seemed to help but if you could redirrect me to them I would apriciate that. I can make Model of System but you will have to tell me how since I never did it before.
 

Rustys

Escaped Mental Patient
Administrator
Support Team
Jul 22, 2016
2,327
632
127.0.0.1
pchelpforum.net
Not a problem let me move the thread and notify them that you are there.

Understand that they are located indifferent parts of the world and could take a bit of time for one to respond while you wait look through the following Information Threads.
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,242
505
PCHF Bunker
pchelpforum.net
Hi mawlol and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

mawlol

PCHF Member
PCHF Member
Jul 23, 2017
5
0
23
I've read prework thread so I suppose you need this

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Danijel (administrator) on DANIJEL-PC (23-07-2017 19:10:45)
Running from C:\Users\Danijel\Desktop
Loaded Profiles: Danijel (Available Profiles: Danijel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Run: [uTorrent] => C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-07-20] (BitTorrent Inc.)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Policies\Explorer: []
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: [DhcpNameServer] 192.168.5.1

Internet Explorer:
==================
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-29] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default [2017-07-23]
FF user.js: detected! => C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default\user.js [2017-07-12]
FF Session Restore: Mozilla\Firefox\Profiles\f7ch90oj.default -> is enabled.
FF SearchPlugin: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default\searchplugins\avg-secure-search.xml [2017-07-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-29] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default [2017-07-23]
CHR Extension: (Google Drive) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-04]
CHR Extension: (YouTube) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-04]
CHR Extension: (Cat) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimkgcpmlbkeehbjhnijoginofbdgbdk [2017-07-19]
CHR Extension: (AdBlock) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (9gag Night Mode) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdoebgohinaejdpncadbahijijgoffke [2017-06-17]
CHR Extension: (Gmail) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-19] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [91184 2017-05-03] (CyberGhost S.R.L)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-17] (Overwolf LTD)
S3 SoundBoosterService; D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe [113336 2017-06-06] (Letasoft)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [883896 2017-07-20] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-19] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-04-21] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [546968 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-19] (AVG Technologies CZ, s.r.o.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-07-20] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-07-20] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-19] (Greatis Software)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-07-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-07-19] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 19:11 - 2017-07-23 19:11 - 05200384 _____ (AVAST Software) C:\Users\Danijel\Downloads\aswmbr.exe
2017-07-23 19:10 - 2017-07-23 19:11 - 00017195 _____ C:\Users\Danijel\Desktop\FRST.txt
2017-07-23 19:10 - 2017-07-23 19:10 - 00000000 ____D C:\FRST
2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Downloads\FRST64 (1).exe
2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Desktop\FRST64.exe
2017-07-23 15:59 - 2017-07-23 15:59 - 00000104 _____ C:\Users\Danijel\Desktop\Control Panel - Shortcut.lnk
2017-07-23 15:29 - 2017-07-23 15:46 - 00000000 ____D C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-07-23 15:29 - 2017-07-23 15:29 - 00002530 _____ C:\Users\Danijel\Desktop\Windows 7 USB DVD Download Tool.lnk
2017-07-23 15:29 - 2017-07-23 15:29 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagwrn.xml
2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagerr.xml
2017-07-23 14:45 - 2017-07-23 14:46 - 00000000 ____D C:\Users\Danijel\Desktop\reinstall
2017-07-23 14:17 - 2017-07-23 14:49 - 00000000 ____D C:\Users\Danijel\Desktop\Danijel reinstalll
2017-07-23 14:17 - 2017-07-23 14:22 - 00000000 ____D C:\Users\Danijel\Desktop\tata reinstall
2017-07-22 09:11 - 2017-07-22 09:12 - 04121760 _____ (Husdawg, LLC) C:\Users\Danijel\Downloads\Detection.exe
2017-07-20 13:48 - 2017-07-23 14:35 - 00000000 ____D C:\Users\Danijel\Desktop\Windows Loader v2.2.2
2017-07-20 13:39 - 2017-07-23 14:38 - 00000000 ____D C:\Users\Danijel\Desktop\Windows 7 SP1 Ultimate (64 Bit)
2017-07-20 13:37 - 2017-07-20 13:37 - 01733104 _____ (BitTorrent Inc.) C:\Users\Danijel\Downloads\uTorrent.exe
2017-07-20 13:37 - 2017-07-20 13:37 - 00000855 _____ C:\Users\Danijel\Desktop\µTorrent.lnk
2017-07-20 13:37 - 2017-07-20 13:37 - 00000835 _____ C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-07-20 11:24 - 2017-07-20 11:24 - 00000000 _____ C:\autoexec.bat
2017-07-20 11:23 - 2017-07-23 14:34 - 00001131 _____ C:\Users\Danijel\Desktop\SpyHunter.lnk
2017-07-20 11:23 - 2017-07-20 11:23 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Enigma Software Group
2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\sh4ldr
2017-07-20 11:19 - 2017-07-23 15:24 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-20 11:19 - 2017-07-20 11:19 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2017-07-20 11:19 - 2017-07-20 11:19 - 00003144 _____ C:\Windows\System32\Tasks\{95B59E6D-A533-40CF-B14D-A77BD97AA386}
2017-07-20 11:19 - 2017-07-20 11:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-07-20 11:19 - 2017-07-20 08:57 - 02755584 _____ C:\Users\Danijel\Desktop\SH-Alt-Install.exe
2017-07-20 01:59 - 2017-07-23 16:28 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-07-20 01:56 - 2017-07-20 01:56 - 00000000 ____D C:\@RestoreQuarantine
2017-07-19 23:57 - 2017-07-19 23:57 - 00000000 ____D C:\ProgramData\RegRun
2017-07-19 23:55 - 2017-07-19 23:55 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-07-19 23:54 - 2017-07-23 15:41 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-07-19 23:54 - 2017-07-23 15:38 - 00000000 ____D C:\Users\Danijel\Documents\RegRun2
2017-07-19 23:54 - 2017-07-19 23:58 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-07-19 23:54 - 2017-07-19 23:54 - 00003332 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2017-07-19 23:54 - 2017-07-19 23:54 - 00001007 _____ C:\Users\Danijel\Desktop\UnHackMe.lnk
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\winstart.bat
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-07-19 23:54 - 2017-07-19 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-07-19 23:54 - 2017-06-22 15:03 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-07-19 23:54 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-07-19 23:53 - 2017-07-19 23:53 - 18781709 _____ C:\Users\Danijel\Downloads\unhackme.zip
2017-07-19 20:20 - 2017-07-19 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Danijel\Downloads\rkill.exe
2017-07-19 18:13 - 2017-07-23 19:10 - 00213016 _____ C:\Windows\ZAM.krnl.trace
2017-07-19 18:13 - 2017-07-23 19:10 - 00045210 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-19 18:13 - 2017-07-19 18:13 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-07-19 18:13 - 2017-07-19 18:13 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-07-19 18:13 - 2017-07-19 18:13 - 00001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-19 18:13 - 2017-07-19 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-19 18:13 - 2017-07-19 18:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-19 18:08 - 2017-07-19 18:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Zemana
2017-07-19 18:07 - 2017-07-19 18:08 - 06589840 _____ (Zemana Ltd. ) C:\Users\Danijel\Downloads\Zemana.AntiMalware.Setup (1).exe
2017-07-19 18:07 - 2017-07-19 18:07 - 06589840 _____ (Zemana Ltd. ) C:\Users\Danijel\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-19 18:01 - 2017-07-19 18:01 - 03626104 _____ (Google) C:\Users\Danijel\Downloads\chrome_cleanup_tool.exe
2017-07-19 17:59 - 2017-07-19 17:59 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-07-19 17:54 - 2017-07-19 18:00 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 17:54 - 2017-07-19 17:54 - 11584088 _____ (SurfRight B.V.) C:\Users\Danijel\Downloads\hitmanpro_x64.exe
2017-07-19 10:59 - 2017-07-19 10:59 - 00001733 _____ C:\Users\Danijel\Desktop\chrome - Shortcut.lnk
2017-07-19 10:26 - 2017-07-19 10:26 - 65033984 _____ (Malwarebytes ) C:\Users\Danijel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-19 10:18 - 2017-07-19 10:18 - 00000000 ___SD C:\Users\Danijel\AppData\LocalLow\Temp
2017-07-19 10:17 - 2017-07-19 10:17 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-19 10:14 - 2017-07-19 10:14 - 00000000 ___HD C:\$AV_AVG
2017-07-19 10:11 - 2017-07-20 01:54 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\samika
2017-07-19 10:11 - 2017-07-19 10:31 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-19 10:11 - 2017-07-19 10:11 - 00002058 _____ C:\Users\Public\Desktop\VERWOL~1.del
2017-07-19 10:11 - 2017-07-19 10:11 - 00001437 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorer.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001433 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001255 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001225 _____ C:\Users\Public\Desktop\ZILLFI~1.del
2017-07-19 10:11 - 2017-07-19 10:11 - 00001196 _____ C:\Users\Public\Desktop\ATTLEN~1.del
2017-07-19 10:11 - 2017-07-19 10:11 - 00001181 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00000000 ____D C:\Program Files\P9QABSMQ36
2017-07-19 10:10 - 2017-07-19 10:10 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-07-19 09:59 - 2017-07-19 17:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-19 09:48 - 2017-07-19 09:48 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-07-17 14:39 - 2017-07-17 14:39 - 00000794 _____ C:\Users\Public\Desktop\Letasoft Sound Booster.lnk
2017-07-17 14:39 - 2017-07-17 14:39 - 00000037 ___SH C:\Users\Danijel\AppData\Local\20986331705021ca58edc424.96250074
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 __SHD C:\Users\Danijel\AppData\Local\icsxml
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Letasoft
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
2017-07-17 14:38 - 2017-07-17 14:38 - 07555024 _____ (Letasoft LLC ) C:\Users\Danijel\Downloads\SoundBoosterSetup.exe
2017-07-13 19:02 - 2017-07-13 19:02 - 00327585 _____ C:\Users\Danijel\Downloads\01-2.dwg
2017-07-09 23:24 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-09 23:24 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-09 23:24 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-09 23:24 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-07-09 23:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-07-09 23:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-07-09 23:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-07-09 23:23 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-07-09 23:23 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-07-09 23:23 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-07-09 23:23 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-07-09 23:23 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-07-09 23:23 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-07-09 23:23 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-07-09 23:23 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-07-09 23:23 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-07-09 23:23 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-07-09 23:23 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-07-09 23:23 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-07-09 23:23 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-07-09 23:23 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-07-09 23:23 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-07-09 23:23 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-07-09 23:23 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-07-09 23:23 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-07-09 23:23 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-07-09 23:23 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-07-09 23:23 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-07-09 23:23 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-07-09 23:23 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-07-09 23:23 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-07-09 23:23 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-07-09 23:23 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-07-09 23:23 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-07-09 23:23 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-07-09 23:23 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-07-09 23:23 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-07-09 23:23 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-07-09 23:23 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-07-09 23:23 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-07-09 23:23 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-07-09 23:23 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-07-09 23:23 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-07-09 23:23 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-07-09 23:23 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-07-09 23:23 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-07-09 23:23 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-07-09 23:23 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-07-09 23:23 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-09 23:23 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-07-09 23:23 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-07-09 23:23 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-07-09 23:23 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-07-09 23:23 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-07-09 23:23 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-07-09 23:23 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-07-09 23:23 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-07-09 23:15 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-07-09 23:15 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-07-09 23:15 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-07-09 22:27 - 2017-07-09 22:27 - 01446792 _____ C:\Users\Danijel\Downloads\SteamSetup.exe
2017-07-09 22:27 - 2017-07-09 22:27 - 00000680 _____ C:\Users\Public\Desktop\Steam.lnk
2017-07-09 13:45 - 2017-07-23 13:44 - 00000000 ____D C:\Users\Danijel\Documents\slike tata more
2017-07-09 10:33 - 2017-07-11 19:44 - 00000000 ____D C:\Users\Danijel\Desktop\Barnjak primjenjena
2017-07-05 17:24 - 2017-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-07-05 17:24 - 2017-07-19 10:11 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-07-05 17:24 - 2017-07-05 17:26 - 00000000 ____D C:\ProgramData\Overwolf
2017-07-05 17:24 - 2017-07-05 17:24 - 00004304 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2017-07-05 17:24 - 2017-07-05 17:24 - 00001081 ____H C:\Users\Public\Desktop\Overwolf.lnk
2017-07-05 17:23 - 2017-07-06 10:54 - 00000000 ____D C:\Users\Danijel\AppData\Local\Overwolf
2017-07-05 17:20 - 2017-07-05 17:21 - 00925752 _____ (Overwolf Ltd.) C:\Users\Danijel\Downloads\OverwolfInstaller.exe
2017-06-30 23:27 - 2017-07-11 17:37 - 00000000 ____D C:\Users\Danijel\Desktop\begić primjenjena
2017-06-26 16:32 - 2017-06-27 09:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\CyberGhost
2017-06-26 16:31 - 2017-06-30 11:43 - 00001772 _____ C:\Users\Danijel\Desktop\CyberGhost 6.lnk
2017-06-26 16:31 - 2017-06-26 16:32 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-06-26 16:31 - 2017-06-26 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2017-06-25 19:41 - 2017-06-25 19:41 - 00316785 _____ C:\Users\Danijel\Documents\(1) Zavrsni rad.pdf
2017-06-25 12:37 - 2017-06-25 12:37 - 00000000 ____D C:\Users\Danijel\Documents\Custom Office Templates

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 18:28 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-23 18:28 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-23 17:38 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\uTorrent
2017-07-23 16:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-23 16:11 - 2016-12-04 20:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-23 15:30 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\LocalLow\Mozilla
2017-07-23 15:19 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 15:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-19 20:40 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel
2017-07-19 18:01 - 2016-12-04 18:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\Google
2017-07-19 17:51 - 2016-12-05 02:40 - 00000000 ____D C:\Windows\Panther
2017-07-19 17:50 - 2016-12-04 19:42 - 00000000 ____D C:\Program Files\CCleaner
2017-07-19 10:11 - 2017-06-20 14:09 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-07-19 10:11 - 2016-12-04 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-07-19 10:11 - 2016-12-04 19:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-19 09:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-19 09:48 - 2017-04-21 03:34 - 00546968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150045052449901
2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-19 01:56 - 2016-12-04 22:00 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Skype
2017-07-17 08:25 - 2017-05-03 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-17 08:25 - 2016-12-04 18:34 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-07-15 11:45 - 2016-12-04 19:09 - 00000000 ____D C:\Users\Danijel\AppData\Local\Battle.net
2017-07-13 19:04 - 2016-12-04 21:47 - 00000000 ____D C:\Users\Danijel\AppData\Local\cache
2017-07-13 00:24 - 2016-12-04 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 20:02 - 2017-02-09 21:32 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 20:02 - 2017-02-09 21:32 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 20:02 - 2017-02-09 21:32 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 10:47 - 2016-12-04 21:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Microsoft Help
2017-07-09 22:31 - 2016-12-04 23:18 - 00000000 ____D C:\Users\Danijel\AppData\Local\Steam
2017-07-09 22:27 - 2016-12-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-09 09:19 - 2009-07-14 07:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-06 10:54 - 2016-12-04 18:32 - 00000000 ____D C:\Users\Danijel\AppData\Local\Avg
2017-07-05 11:33 - 2017-04-21 03:32 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.149924725508804
2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 10:35 - 2016-12-04 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 10:35 - 2016-12-04 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-28 00:20 - 2016-12-04 18:05 - 00002195 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 00:20 - 2016-12-04 18:05 - 00002183 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 16:32 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2017-07-17 14:39 - 2017-07-17 14:39 - 0000037 ___SH () C:\Users\Danijel\AppData\Local\20986331705021ca58edc424.96250074
2016-12-04 21:36 - 2016-12-04 21:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-19 10:17 - 2017-07-19 10:17 - 0000004 _____ () C:\ProgramData\_lg.3sap

Some files in TEMP:
====================
2017-07-19 10:11 - 2017-07-19 10:11 - 4021600 _____ (Easeware ) C:\Users\Danijel\AppData\Local\Temp\BC6C.tmp.exe
2017-07-19 10:11 - 2017-07-19 10:11 - 1199825 _____ () C:\Users\Danijel\AppData\Local\Temp\unins000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2017-05-03 13:18] - 1008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2017-05-03 13:18] - 0833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-22 13:38

==================== End of FRST.txt ============================








additions
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Danijel (23-07-2017 19:11:25)
Running from C:\Users\Danijel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-12-04 15:44:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4218728406-1097614046-610063632-500 - Administrator - Disabled)
Danijel (S-1-5-21-4218728406-1097614046-610063632-1000 - Administrator - Enabled) => C:\Users\Danijel
Guest (S-1-5-21-4218728406-1097614046-610063632-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4218728406-1097614046-610063632-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Croatian (HKLM-x32\...\{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
Galerija fotografija (HKLM-x32\...\{343C0612-37DC-4914-95A7-0845EE0C8F04}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Letasoft Sound Booster 1.7.0.327 (HKLM-x32\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.7.0.327 - Letasoft LLC)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{57430A7B-EB42-41ED-88F8-ACB2DEDB8416}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 hr) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 hr)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.324.0 - Overwolf Ltd.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.27.1.4835 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UnHackMe 9.0 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-19] ()
ContextMenuHandlers01: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-02-06] (Autodesk)
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-19] ()
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A08AE95-46D6-4ACC-83D1-F983ADDA4DC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {12355699-07AE-496F-BF09-6D77A71A4388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {16363D54-B2BA-42AE-9DBE-0FC4BF17F3E9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-17] (Overwolf LTD)
Task: {1B4EC10B-0E01-4CBA-9DAA-90AE3B579BCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {2EE96BD6-4DCC-408F-9A83-9F5A3655899E} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {48700419-5FAA-42D5-A2D2-0DDE0432DCA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6FA4249C-39E2-4490-AF34-B6CD9EB6446C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A79CA190-8EB6-4CEA-B691-CC528EF3E39E} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-07-20] (Enigma Software Group USA, LLC.)
Task: {B4E1EE71-79CB-4F48-A2F3-A557AA523BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {BBAD05BD-D1AD-485D-83B5-D773A4EE333A} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-06-22] (Greatis Software)
Task: {DC148471-F277-4686-ABEB-4F2F8AC859EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E6FB26FA-2513-490F-9E6A-AE0C3B56AA2A} - System32\Tasks\{95B59E6D-A533-40CF-B14D-A77BD97AA386} => C:\Windows\system32\pcalua.exe -a C:\Users\Danijel\Desktop\SH-Alt-Install.exe -d C:\Users\Danijel\Desktop
Task: {EE4EE5C5-F7C8-4F95-B9B9-05370A69FC5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F16F353B-7AC6-4A8D-8B76-D81C41BEFFA7} - \{7A0A0A47-050D-7A7D-7911-7E7F0B78117E} -> No File <==== ATTENTION
Task: {F5820781-96BB-4670-BE6D-E0F986C30578} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-19] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorer.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Оvеrwоlf.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.rehcnualflowrevo.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Remоtе Desktoр.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Eхplоrеr (Nо Аdd-оns).lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2015-08-04 01:25 - 2015-08-04 01:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2017-06-26 16:31 - 2017-05-03 14:43 - 00334384 _____ () C:\Program Files\CyberGhost 6\MobileConcepts45.dll
2017-06-26 16:31 - 2017-05-03 14:43 - 00025648 _____ () C:\Program Files\CyberGhost 6\BugSplatDotNet.dll
2017-06-26 16:31 - 2017-05-03 14:43 - 00119344 _____ () C:\Program Files\CyberGhost 6\CyberGhost.RESTCommunicator.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () D:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-07-19 18:13 - 2017-07-19 18:13 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-05-19 20:51 - 2017-05-19 20:51 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-08-04 01:25 - 2015-08-04 01:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-06-28 00:20 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 00:20 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-19 20:51 - 2017-05-19 20:51 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-23 13:27 - 2017-07-23 13:27 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072300\algo.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-07-23 17:55 - 2017-07-23 17:55 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072302\algo.dll
2016-12-04 18:33 - 2016-12-04 18:32 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-07-19 09:48 - 2017-07-19 09:48 - 01067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-19 10:11 - 00001146 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Discord => C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{88B03CA9-2668-49CA-A951-FE0E1902FDF9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{747195D4-2B71-4983-B7A1-97FEC68ABD92}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{A35F0587-01A1-495A-B268-B677CF6DDC2F}D:\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5749FBDD-6CC7-491E-AAED-346C792B3138}D:\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{B296AC57-73D5-42CB-9F27-A2BCCD2125C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9CFEBCC-87E6-4322-B51B-2D75043538AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E743828E-FE5B-4313-A37F-B0B500DB85EE}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83F3427F-DC29-4973-A17F-324F15BF0C24}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C70E422C-C99F-4194-B2FD-E66C78807524}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F93F3024-2887-46B9-AFCC-68C9A3E86880}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{174CDE20-5D4B-4AB4-942E-0F1B8D45F46E}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FB9D854-5333-4F8F-AF50-EF66AFBE6A18}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D12DD792-C3F1-43BB-955C-F4E34140ED6E}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FE0F3F62-A2C5-4C97-BB73-E0A2FDB8EDB3}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6428DC99-9A63-43BE-A370-1D8448C2AD86}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{904B9933-E9D2-4885-9A19-BCC397E7ACB5}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DAEFDF83-6C92-471A-A3D2-03741619AED0}] => (Allow) LPort=50248
FirewallRules: [{0220B71B-C8F5-42E9-824D-C83C1C37AF23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{151278D7-A505-4640-9DC3-1727B15B418B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{41F14348-B9C9-4A02-922C-10E1325ED73C}] => (Allow) LPort=2869
FirewallRules: [{58C7F2B7-2237-4D45-A0F4-7DB6E01ED811}] => (Allow) LPort=1900
FirewallRules: [{78A7F068-67F3-484E-9FBE-F50E63318A48}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EFE6EDF6-3697-4DDA-BA9A-8947DF63B695}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F90E49E6-3185-4103-AFA0-E388273C07CD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{543B5DF3-053D-4724-A13C-BBDFA4694328}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{305A12D2-CCE1-49FD-BF0B-AB689B952E59}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EFE2CBBE-1947-4D2E-BE6C-670342793FAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CE835C98-4463-4742-B309-0752EE8BC2ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5CF7A95-4BB2-4366-B7BE-2DB74C18D488}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{372E4352-65F5-497C-9066-C17C7E7814DB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A2268372-99A1-4B27-89AB-44ED36583680}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A24C7BF-822D-4F3F-B61D-D57B44DE4676}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9982CADC-E377-46FE-B9BC-3C0AD00AD355}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{95B46E75-60B6-4CED-AAB8-C81972C46991}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

==================== Restore Points =========================

19-07-2017 17:57:59 Sigurnosna točka programa HitmanPro
19-07-2017 17:59:30 Sigurnosna točka programa HitmanPro
23-07-2017 15:29:11 Installed Windows 7 USB/DVD Download Tool

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2017 04:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 04:09:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 04:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 03:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 03:56:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 03:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/23/2017 09:42:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/23/2017 09:32:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/22/2017 08:48:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/22/2017 08:38:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/23/2017 03:59:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 6 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/23/2017 03:59:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 6 Service service to connect.

Error: (07/23/2017 03:52:54 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.

Error: (07/20/2017 01:54:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgbdisk
avgbidsdriver
avgbidsh
avgblog
avgbuniv
avgRvrt
avgSnx
avgSP
avgVmm
discache
SCDEmu
spldr
Wanarpv6

Error: (07/20/2017 01:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberGhost 6 Service service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (07/19/2017 09:01:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/19/2017 09:01:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/19/2017 06:08:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (07/19/2017 05:33:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:32:29 PM on ‎7/‎19/‎2017 was unexpected.

Error: (07/19/2017 02:34:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 7368.6 MB
Available physical RAM: 3539.89 MB
Total Virtual: 14735.4 MB
Available Virtual: 10502.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:78.82 GB) NTFS
Drive d: () (Fixed) (Total:784.93 GB) (Free:750 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB97DB22)
Partition 1: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=784.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================







ASW
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-07-23 19:17:02
-----------------------------
19:17:02.925 OS Version: Windows x64 6.1.7601 Service Pack 1
19:17:02.925 Number of processors: 4 586 0x1301
19:17:02.926 ComputerName: DANIJEL-PC UserName: Danijel
19:17:03.552 Initialize success
19:17:03.679 VM: initialized successfully
19:17:03.681 VM: Amd CPU BiosDisabled
19:17:41.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:17:41.695 Disk 0 Vendor: WDC_WD10EZRX-00L4HB0 01.01A01 Size: 953869MB BusType: 11
19:17:41.789 Disk 0 MBR read successfully
19:17:41.792 Disk 0 MBR scan
19:17:41.796 Disk 0 Windows 7 default MBR code
19:17:41.807 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
19:17:41.819 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 307200000
19:17:41.824 Disk 0 default boot code
19:17:41.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 803768 MB offset 307404800
19:17:41.860 Disk 0 scanning C:\Windows\system32\drivers
19:17:45.244 Service scanning
19:17:59.415 Modules scanning
19:17:59.425 Disk 0 trace - called modules:
19:17:59.444 ntoskrnl.exe CLASSPNP.SYS disk.sys avgSP.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:17:59.448 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008075060]
19:17:59.452 3 avgSP.sys[fffff880040fe1d2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007db9060]
19:17:59.456 Disk 0 statistics 98344/0/0 @ 15,55 MB/s
19:17:59.460 Scan finished successfully
19:18:08.146 Disk 0 MBR has been saved successfully to "C:\Users\Danijel\Desktop\MBR.dat"
19:18:08.150 The log file has been saved successfully to "C:\Users\Danijel\Desktop\aswMBR.txt"
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,242
505
PCHF Bunker
pchelpforum.net
I see that you have a P2P (Peer-to-Peer) file sharing program installed. I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
I will tag @Malnutrition to assist you. :)
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
4,181
1,810
pchelpforum.net
Hello Mawlol, my name is Gus and I will be helping you to clean your PC. I am in training here and before I can present any fix to you it will have to be checked by an expert. That's not so bad as two pairs of eyes are better than one anyway:)

We are going to use several tools to clean your PC and even though it may appear fixed please stay and follow our instructions until we give you the all clear and remove all our cleaning tools used.

Also if you are not sure about any instruction please ask? no such thing as a silly question.

Can I please ask that you carefully consider the excellent recommendation re removal of P2P software in the post immediately above this one, and should you not choose to uninstall it then we will have to insist that you at least not use it till after you have been given the all clear?

A question if I may, can you confirm if your copy of AVG a free one or paid for version?

Can you also please Uninstall SpyHunter using Add/Remove programs, or better still Geek Uninstaller
HERE

Please also follow the instructions above and run the Junkware removal tool.

Also whilst I review your FRST logs please run Adwcleaner.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.



  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.:)
 
Last edited:

mawlol

PCHF Member
PCHF Member
Jul 23, 2017
5
0
23
I'm not sure what P2P program you were talking about so I instead removed all programs that im not using anymore just so you have clear picture of it. I'm using free version of AVG.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Danijel (Administrator) on pon 24.07.2017. at 11:08:42,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 34

Successfully deleted: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default\searchplugins\avg-secure-search.xml (File)
Successfully deleted: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default\user.js (File)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L2B20UM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CPP5EBT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AH44ZUGO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMDT2SB7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN45EEEM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMAQ0G2R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVPGG6UQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMW3YMPW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKBKE6KM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAENYS1H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMDFQBRW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF82WRN1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L2B20UM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CPP5EBT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AH44ZUGO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMDT2SB7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN45EEEM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMAQ0G2R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVPGG6UQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMW3YMPW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKBKE6KM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAENYS1H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMDFQBRW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF82WRN1 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pon 24.07.2017. at 11:11:03,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 09:27:14 2017
# Updated on 2017/17/07 by Malwarebytes
# Database: 07-23-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate
PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\PC
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\PC
PUP.Optional.Legacy, [Key] - HKCU\Software\PC
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Event Monitor
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Event Monitor
PUP.Optional.Legacy, [Key] - HKCU\Software\Event Monitor
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\VideoBox
PUP.Optional.Legacy, [Key] - HKCU\Software\VideoBox
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
PUP.Optional.Jawego, [Key] - HKLM\SOFTWARE\Jawego


***** [ Firefox (and derivatives) ] *****

SearchProvider found: mysearch.avg.com - AVG Secure Search


***** [ Chromium (and derivatives) ] *****

SearchProvider found: AOL - aol.com
SearchProvider found: WebSearch - websearch
SearchProvider found: Softonic EN - bsplayer.en.softonic.com
SearchProvider found: Softonic EN - gt-legends.en.softonic.com
SearchProvider found: azlyrics.com - azlyrics.com
SearchProvider found: Ask - ask.com
SearchProvider found: istartsurf - istartsurf

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########one
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
4,181
1,810
pchelpforum.net
Hi Mawlol, the P2P program referred to was Utorrent, and have you removed SpyHunter?

The Adwcleaner log indicates it was only run in scan mode, with no cleaning. Can you please re run it and allow it to clean, as per the instructions:)

Can you also tell us why you have Windows Loader on your PC?

As you have removed software can you please supply fresh FRST logs and also a ZHP diag scan:)

Please go HERE and click the

link (French for Download) and save it to your desktop.

Once saved to your desktop left click the new icon
and choose "Run as administrator"

Accept any security warnings that may pop up.

Then select
  1. Options
  2. Check all
  3. Validate
  4. Close


Next select Scanner from the main interface.



Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

Please COPY and PASTE the contents of the notepad file with your next post:)
 
Last edited by a moderator:

mawlol

PCHF Member
PCHF Member
Jul 23, 2017
5
0
23
Yes, I removed those programs and few more that I wasn't using, I've rerun adwclear despite beeing 99% sure that I used it on clear (who knows meybe im just clumsy o.0 ). Defender was in my folders from previous PC which I don't have anymore but I had copy pasted all files from it, since it could represent a problem I just deleted it.
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Danijel (administrator) on DANIJEL-PC (25-07-2017 10:05:59)
Running from C:\Users\Danijel\Desktop
Loaded Profiles: Danijel (Available Profiles: Danijel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Policies\Explorer: []

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: [DhcpNameServer] 192.168.5.1

Internet Explorer:
==================
HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\Profiles\f7ch90oj.default [2017-07-25]
FF Session Restore: Mozilla\Firefox\Profiles\f7ch90oj.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Drive) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-04]
CHR Extension: (YouTube) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-04]
CHR Extension: (Cat) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimkgcpmlbkeehbjhnijoginofbdgbdk [2017-07-19]
CHR Extension: (AdBlock) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (9gag Night Mode) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdoebgohinaejdpncadbahijijgoffke [2017-06-17]
CHR Extension: (Gmail) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-19] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-17] (Overwolf LTD)
S3 SoundBoosterService; D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe [113336 2017-06-06] (Letasoft)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-19] (AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-04-21] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [546968 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-19] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-19] (AVG Technologies CZ, s.r.o.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 09:59 - 2017-07-25 10:06 - 00015317 _____ C:\Users\Danijel\Desktop\FRST.txt
2017-07-24 11:26 - 2017-07-25 09:47 - 00000000 ____D C:\AdwCleaner
2017-07-24 11:25 - 2017-07-24 11:25 - 08162248 _____ (Malwarebytes) C:\Users\Danijel\Desktop\adwcleaner_7.0.0.0.exe
2017-07-24 11:12 - 2017-07-24 11:21 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Geek Uninstaller
2017-07-24 11:12 - 2017-07-24 11:12 - 03000643 _____ C:\Users\Danijel\Downloads\geek.zip
2017-07-24 11:12 - 2017-07-04 14:07 - 07137216 _____ (Geek Unіnstaller) C:\Users\Danijel\Desktop\geek.exe
2017-07-24 11:06 - 2017-07-24 11:06 - 01790024 _____ (Malwarebytes) C:\Users\Danijel\Desktop\JRT.exe
2017-07-23 22:03 - 2017-07-23 22:03 - 02771734 _____ C:\Users\Danijel\Documents\Gradimo u kamenu.pdf
2017-07-23 19:54 - 2017-07-23 19:54 - 00000000 ____D C:\Users\Danijel\Desktop\skola
2017-07-23 19:11 - 2017-07-23 19:11 - 05200384 _____ (AVAST Software) C:\Users\Danijel\Desktop\aswmbr.exe
2017-07-23 19:10 - 2017-07-25 10:05 - 00000000 ____D C:\FRST
2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Desktop\FRST64.exe
2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagwrn.xml
2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagerr.xml
2017-07-23 14:45 - 2017-07-23 14:46 - 00000000 ____D C:\Users\Danijel\Desktop\reinstall
2017-07-23 14:17 - 2017-07-23 14:49 - 00000000 ____D C:\Users\Danijel\Desktop\Danijel reinstalll
2017-07-23 14:17 - 2017-07-23 14:22 - 00000000 ____D C:\Users\Danijel\Desktop\tata reinstall
2017-07-22 09:11 - 2017-07-22 09:12 - 04121760 _____ (Husdawg, LLC) C:\Users\Danijel\Downloads\Detection.exe
2017-07-20 11:24 - 2017-07-20 11:24 - 00000000 _____ C:\autoexec.bat
2017-07-20 11:19 - 2017-07-24 16:38 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-20 11:19 - 2017-07-20 11:19 - 00003144 _____ C:\Windows\System32\Tasks\{95B59E6D-A533-40CF-B14D-A77BD97AA386}
2017-07-20 01:59 - 2017-07-24 11:18 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-07-20 01:56 - 2017-07-20 01:56 - 00000000 ____D C:\@RestoreQuarantine
2017-07-19 23:57 - 2017-07-19 23:57 - 00000000 ____D C:\ProgramData\RegRun
2017-07-19 23:54 - 2017-07-24 11:20 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-07-19 23:54 - 2017-07-24 10:56 - 00000000 ____D C:\Users\Danijel\Documents\RegRun2
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\winstart.bat
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-07-19 18:13 - 2017-07-24 11:27 - 00023987 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-19 18:13 - 2017-07-24 11:20 - 00070495 _____ C:\Windows\ZAM.krnl.trace
2017-07-19 18:08 - 2017-07-24 11:21 - 00000000 ____D C:\Users\Danijel\AppData\Local\Zemana
2017-07-19 17:59 - 2017-07-19 17:59 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-07-19 17:54 - 2017-07-19 18:00 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 10:59 - 2017-07-19 10:59 - 00001733 _____ C:\Users\Danijel\Desktop\chrome - Shortcut.lnk
2017-07-19 10:26 - 2017-07-19 10:26 - 65033984 _____ (Malwarebytes ) C:\Users\Danijel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-19 10:18 - 2017-07-19 10:18 - 00000000 ___SD C:\Users\Danijel\AppData\LocalLow\Temp
2017-07-19 10:17 - 2017-07-19 10:17 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-19 10:14 - 2017-07-19 10:14 - 00000000 ___HD C:\$AV_AVG
2017-07-19 10:11 - 2017-07-20 01:54 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\samika
2017-07-19 10:11 - 2017-07-19 10:31 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-19 10:11 - 2017-07-19 10:11 - 00001437 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorer.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001433 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001255 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00001181 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
2017-07-19 10:11 - 2017-07-19 10:11 - 00000000 ____D C:\Program Files\P9QABSMQ36
2017-07-19 09:59 - 2017-07-19 17:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-19 09:48 - 2017-07-19 09:48 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-07-17 14:39 - 2017-07-17 14:39 - 00000794 _____ C:\Users\Public\Desktop\Letasoft Sound Booster.lnk
2017-07-17 14:39 - 2017-07-17 14:39 - 00000037 ___SH C:\Users\Danijel\AppData\Local\20986331705021ca58edc424.96250074
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 __SHD C:\Users\Danijel\AppData\Local\icsxml
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Letasoft
2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
2017-07-17 14:38 - 2017-07-17 14:38 - 07555024 _____ (Letasoft LLC ) C:\Users\Danijel\Downloads\SoundBoosterSetup.exe
2017-07-09 23:24 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-09 23:24 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-09 23:24 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-09 23:24 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-07-09 23:24 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-07-09 23:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-07-09 23:24 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-07-09 23:24 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-07-09 23:24 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-07-09 23:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-07-09 23:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-07-09 23:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-07-09 23:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-07-09 23:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-07-09 23:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-07-09 23:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-07-09 23:23 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-07-09 23:23 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-07-09 23:23 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-07-09 23:23 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-07-09 23:23 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-07-09 23:23 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-07-09 23:23 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-07-09 23:23 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-07-09 23:23 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-07-09 23:23 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-07-09 23:23 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-07-09 23:23 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-07-09 23:23 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-07-09 23:23 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-07-09 23:23 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-07-09 23:23 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-07-09 23:23 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-07-09 23:23 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-07-09 23:23 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-07-09 23:23 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-07-09 23:23 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-07-09 23:23 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-07-09 23:23 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-07-09 23:23 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-07-09 23:23 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-07-09 23:23 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-07-09 23:23 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-07-09 23:23 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-07-09 23:23 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-07-09 23:23 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-07-09 23:23 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-07-09 23:23 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-07-09 23:23 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-07-09 23:23 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-07-09 23:23 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-07-09 23:23 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-07-09 23:23 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-07-09 23:23 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-07-09 23:23 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-07-09 23:23 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-07-09 23:23 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-07-09 23:23 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-07-09 23:23 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-07-09 23:23 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-07-09 23:23 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-07-09 23:23 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-07-09 23:23 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-09 23:23 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-07-09 23:23 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-07-09 23:23 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-07-09 23:23 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-07-09 23:23 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-07-09 23:23 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-09 23:23 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-07-09 23:23 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-07-09 23:23 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-07-09 23:23 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-07-09 23:23 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-07-09 23:23 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-07-09 23:23 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-07-09 23:23 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-07-09 23:15 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-07-09 23:15 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-07-09 23:15 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-07-09 22:27 - 2017-07-09 22:27 - 00000680 _____ C:\Users\Public\Desktop\Steam.lnk
2017-07-09 13:45 - 2017-07-23 13:44 - 00000000 ____D C:\Users\Danijel\Documents\slike tata more
2017-07-09 10:33 - 2017-07-24 21:34 - 00000000 ____D C:\Users\Danijel\Desktop\Barnjak primjenjena
2017-07-05 17:24 - 2017-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-07-05 17:24 - 2017-07-19 10:11 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-07-05 17:24 - 2017-07-05 17:26 - 00000000 ____D C:\ProgramData\Overwolf
2017-07-05 17:24 - 2017-07-05 17:24 - 00004304 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2017-07-05 17:24 - 2017-07-05 17:24 - 00001081 ____H C:\Users\Public\Desktop\Overwolf.lnk
2017-07-05 17:23 - 2017-07-06 10:54 - 00000000 ____D C:\Users\Danijel\AppData\Local\Overwolf
2017-06-30 23:27 - 2017-07-24 17:59 - 00000000 ____D C:\Users\Danijel\Desktop\begić primjenjena
2017-06-25 19:41 - 2017-06-25 19:41 - 00316785 _____ C:\Users\Danijel\Documents\(1) Zavrsni rad.pdf
2017-06-25 12:37 - 2017-06-25 12:37 - 00000000 ____D C:\Users\Danijel\Documents\Custom Office Templates

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 09:47 - 2016-12-04 20:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-25 09:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-25 09:47 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-25 09:47 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-24 23:04 - 2017-06-02 18:33 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\discord
2017-07-24 17:38 - 2016-12-04 21:47 - 00000000 ____D C:\Users\Danijel\AppData\Local\cache
2017-07-24 11:58 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\LocalLow\Mozilla
2017-07-24 11:57 - 2016-12-04 23:19 - 00000000 ____D C:\ProgramData\Oracle
2017-07-24 11:56 - 2017-02-07 00:59 - 00000000 ____D C:\Program Files\Java
2017-07-24 11:56 - 2016-12-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 11:55 - 2017-02-07 00:59 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-07-24 11:24 - 2016-12-04 19:42 - 00000000 ____D C:\Program Files\CCleaner
2017-07-23 19:56 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-19 20:40 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel
2017-07-19 18:01 - 2016-12-04 18:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\Google
2017-07-19 17:51 - 2016-12-05 02:40 - 00000000 ____D C:\Windows\Panther
2017-07-19 10:11 - 2017-06-20 14:09 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-07-19 10:11 - 2016-12-04 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-07-19 10:11 - 2016-12-04 19:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-19 09:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-19 09:48 - 2017-04-21 03:34 - 00546968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150045052449901
2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-19 09:48 - 2017-04-21 03:32 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-19 01:56 - 2016-12-04 22:00 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Skype
2017-07-17 08:25 - 2017-05-03 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-17 08:25 - 2016-12-04 18:34 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-07-15 11:45 - 2016-12-04 19:09 - 00000000 ____D C:\Users\Danijel\AppData\Local\Battle.net
2017-07-13 00:24 - 2016-12-04 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 20:02 - 2017-02-09 21:32 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 20:02 - 2017-02-09 21:32 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 20:02 - 2017-02-09 21:32 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-11 10:47 - 2016-12-04 21:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Microsoft Help
2017-07-09 22:31 - 2016-12-04 23:18 - 00000000 ____D C:\Users\Danijel\AppData\Local\Steam
2017-07-09 22:27 - 2016-12-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-09 09:19 - 2009-07-14 07:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-06 10:54 - 2016-12-04 18:32 - 00000000 ____D C:\Users\Danijel\AppData\Local\Avg
2017-07-05 11:33 - 2017-04-21 03:32 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.149924725508804
2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 10:35 - 2016-12-04 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 10:35 - 2016-12-04 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-28 00:20 - 2016-12-04 18:05 - 00002195 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 00:20 - 2016-12-04 18:05 - 00002183 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 16:32 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2017-07-17 14:39 - 2017-07-17 14:39 - 0000037 ___SH () C:\Users\Danijel\AppData\Local\20986331705021ca58edc424.96250074
2016-12-04 21:36 - 2016-12-04 21:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-07-19 10:17 - 2017-07-19 10:17 - 0000004 _____ () C:\ProgramData\_lg.3sap

Some files in TEMP:
====================
2017-07-19 10:11 - 2017-07-19 10:11 - 4021600 _____ (Easeware ) C:\Users\Danijel\AppData\Local\Temp\BC6C.tmp.exe
2017-07-24 11:12 - 2017-07-24 11:12 - 4043712 _____ (Geek Unіnstaller) C:\Users\Danijel\AppData\Local\Temp\geek64.exe
2017-07-24 11:54 - 2017-07-24 11:54 - 0739904 _____ (Oracle Corporation) C:\Users\Danijel\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-19 10:11 - 2017-07-19 10:11 - 1199825 _____ () C:\Users\Danijel\AppData\Local\Temp\unins000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2017-05-03 13:18] - 1008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2017-05-03 13:18] - 0833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-22 13:38

==================== End of FRST.txt ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Danijel (25-07-2017 10:06:20)
Running from C:\Users\Danijel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-12-04 15:44:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4218728406-1097614046-610063632-500 - Administrator - Disabled)
Danijel (S-1-5-21-4218728406-1097614046-610063632-1000 - Administrator - Enabled) => C:\Users\Danijel
Guest (S-1-5-21-4218728406-1097614046-610063632-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4218728406-1097614046-610063632-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Croatian (HKLM-x32\...\{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-4218728406-1097614046-610063632-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
Galerija fotografija (HKLM-x32\...\{343C0612-37DC-4914-95A7-0845EE0C8F04}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Letasoft Sound Booster 1.7.0.327 (HKLM-x32\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.7.0.327 - Letasoft LLC)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{57430A7B-EB42-41ED-88F8-ACB2DEDB8416}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 hr) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 hr)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.324.0 - Overwolf Ltd.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A08AE95-46D6-4ACC-83D1-F983ADDA4DC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {12355699-07AE-496F-BF09-6D77A71A4388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {16363D54-B2BA-42AE-9DBE-0FC4BF17F3E9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-17] (Overwolf LTD)
Task: {1B4EC10B-0E01-4CBA-9DAA-90AE3B579BCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {2EE96BD6-4DCC-408F-9A83-9F5A3655899E} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {48700419-5FAA-42D5-A2D2-0DDE0432DCA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6FA4249C-39E2-4490-AF34-B6CD9EB6446C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B4E1EE71-79CB-4F48-A2F3-A557AA523BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {DC148471-F277-4686-ABEB-4F2F8AC859EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E6FB26FA-2513-490F-9E6A-AE0C3B56AA2A} - System32\Tasks\{95B59E6D-A533-40CF-B14D-A77BD97AA386} => C:\Windows\system32\pcalua.exe -a C:\Users\Danijel\Desktop\SH-Alt-Install.exe -d C:\Users\Danijel\Desktop
Task: {EE4EE5C5-F7C8-4F95-B9B9-05370A69FC5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F16F353B-7AC6-4A8D-8B76-D81C41BEFFA7} - \{7A0A0A47-050D-7A7D-7911-7E7F0B78117E} -> No File <==== ATTENTION
Task: {F5820781-96BB-4670-BE6D-E0F986C30578} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-19] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Еxplorer.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Оvеrwоlf.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.rehcnualflowrevo.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Remоtе Desktoр.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Eхplоrеr (Nо Аdd-оns).lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk -> C:\Users\Danijel\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2015-08-04 01:25 - 2015-08-04 01:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2017-05-19 20:51 - 2017-05-19 20:51 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () D:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-04-07 09:41 - 2017-04-07 09:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2015-08-04 01:25 - 2015-08-04 01:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-06-28 00:20 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 00:20 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-19 20:51 - 2017-05-19 20:51 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-24 18:03 - 2017-07-24 18:03 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072408\algo.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2016-12-04 18:33 - 2016-12-04 18:32 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-07-19 09:48 - 2017-07-19 09:48 - 01067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-05 11:33 - 2017-07-05 11:33 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-19 10:11 - 00001146 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: CyberGhost =>
MSCONFIG\startupreg: Discord => C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{88B03CA9-2668-49CA-A951-FE0E1902FDF9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{747195D4-2B71-4983-B7A1-97FEC68ABD92}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{A35F0587-01A1-495A-B268-B677CF6DDC2F}D:\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5749FBDD-6CC7-491E-AAED-346C792B3138}D:\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{B296AC57-73D5-42CB-9F27-A2BCCD2125C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9CFEBCC-87E6-4322-B51B-2D75043538AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D12DD792-C3F1-43BB-955C-F4E34140ED6E}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FE0F3F62-A2C5-4C97-BB73-E0A2FDB8EDB3}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6428DC99-9A63-43BE-A370-1D8448C2AD86}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{904B9933-E9D2-4885-9A19-BCC397E7ACB5}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DAEFDF83-6C92-471A-A3D2-03741619AED0}] => (Allow) LPort=50248
FirewallRules: [{0220B71B-C8F5-42E9-824D-C83C1C37AF23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{151278D7-A505-4640-9DC3-1727B15B418B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{41F14348-B9C9-4A02-922C-10E1325ED73C}] => (Allow) LPort=2869
FirewallRules: [{58C7F2B7-2237-4D45-A0F4-7DB6E01ED811}] => (Allow) LPort=1900
FirewallRules: [{78A7F068-67F3-484E-9FBE-F50E63318A48}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EFE6EDF6-3697-4DDA-BA9A-8947DF63B695}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F90E49E6-3185-4103-AFA0-E388273C07CD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{543B5DF3-053D-4724-A13C-BBDFA4694328}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{305A12D2-CCE1-49FD-BF0B-AB689B952E59}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EFE2CBBE-1947-4D2E-BE6C-670342793FAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CE835C98-4463-4742-B309-0752EE8BC2ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5CF7A95-4BB2-4366-B7BE-2DB74C18D488}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{372E4352-65F5-497C-9066-C17C7E7814DB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A2268372-99A1-4B27-89AB-44ED36583680}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A24C7BF-822D-4F3F-B61D-D57B44DE4676}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9982CADC-E377-46FE-B9BC-3C0AD00AD355}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{95B46E75-60B6-4CED-AAB8-C81972C46991}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

==================== Restore Points =========================

24-07-2017 11:07:04 JRT Pre-Junkware Removal
24-07-2017 11:08:43 JRT Pre-Junkware Removal
24-07-2017 11:15:38 Removed FARO LS 1.1.406.58

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2017 09:48:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/25/2017 09:47:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/25/2017 09:35:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/25/2017 12:59:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/24/2017 11:03:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2017 11:28:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2017 11:27:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2017 11:18:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/24/2017 11:03:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/24/2017 10:54:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (07/24/2017 11:02:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:00:10 PM on ‎7/‎24/‎2017 was unexpected.


==================== Memory info ===========================

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 7368.6 MB
Available physical RAM: 3699.75 MB
Total Virtual: 14735.4 MB
Available Virtual: 10734.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:84.22 GB) NTFS
Drive d: () (Fixed) (Total:784.93 GB) (Free:750 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB97DB22)
Partition 1: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=784.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
ZHP

~ ZHPDiag v2017.7.24.126 By Nicolas Coolman (2017/07/24)
~ Run by Danijel (Administrator) (2017/07/25 10:23:19)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Danijel\Desktop\ZHPDiag.txt
~ Report: C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v59.0.3071.115
~ MFIE: Mozilla Firefox 54.0.1 (x86 hr)
~ MSIE: Internet Explorer v8.0.7601.17514

---\\ Windows Product Information (5) - 0s
Windows Server License Manager Script : OK
Windows ID Activation : OK
Windows Licence : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Surveillance software (2) - 2s
~ Adobe Flash Player 26 NPAPI (Surveillance)
~ Adobe Acrobat Reader DC - Croatian (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 7545.448 MB (50% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 86 GB (57%) free of 149 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DANIJEL-PC
~ User Name: Danijel
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 86 GB free of 149 GB (System)
~ Drive D: has 767 GB free of 803 GB

---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (25) - 0s
[MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (9) - 1s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe =>.AMD
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe =>.Advanced Micro Devices, Inc.
O23 - Service: Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc. - Content Service.) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc.®
O23 - Service: AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o. - AVG Service.) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o. - AVG firewall service.) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®

---\\ Services not Microsoft (SR=Run, SS=Stop) (17) - 17s
SR - Auto [25/04/2017] [ 83056] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [11/07/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [26/02/2016] [ 249344] (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe =>.AMD
SR - Auto [04/08/2015] [ 344064] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe =>.Advanced Micro Devices, Inc.
SR - Auto [31/01/2012] [ 19232] Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc.®
SR - Auto [19/07/2017] [ 264432] AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [19/07/2017] [ 312712] AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
SR - Demand [19/07/2017] [ 7481648] avgbIDSAgent (avgbIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [03/07/2017] [ 1428656] AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
SS - Demand [04/12/2016] [ 1432400] FLEXnet Licensing Service 64 (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe =>.Flexera Software, Inc. ®
SS - Auto [04/12/2016] [ 153752] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [04/12/2016] [ 153752] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [30/06/2017] [ 175560] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SS - Demand [17/07/2017] [ 1450824] Overwolf Updater Windows SCM (OverwolfUpdater) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe =>.Overwolf Ltd®
SS - Auto [05/04/2017] [ 317400] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SS - Demand [05/04/2017] [ 317400] Letasoft Sound Booster Service (SoundBoosterService) . (.Letasoft.) - D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe =>.Letasoft LLC®
SS - Demand [05/04/2017] [ 317400] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®

---\\ Task Planned Automatically (17) - 9s
[MD5.AFC094098B6D856151002051E31867D8] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1162360] (.Activate.) =>.Adobe Systems, Incorporated®
[MD5.0DC99843E91A0313F0C6591656D650A5] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.687A7236E1CCC350F72A37A00E37E35F] [APT] [Antivirus Emergency Update] (.AVG Technologies CZ, s.r.o..) -- C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2368848] (.Activate.) =>.AVG Technologies CZ, s.r.o.®
[MD5.68DDCB629A7F2C5A3D2392F8177A3CD0] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7658200] (.Activate.) =>.Piriform Ltd®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.3B74DB846DD237B2CEDEC38DAAB2AB91] [APT] [Overwolf Updater Task] (.Overwolf LTD.) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824] (.Activate.) =>.Overwolf Ltd®
[MD5.00000000000000000000000000000000] [APT] [{95B59E6D-A533-40CF-B14D-A77BD97AA386}] (...) -- C:\Users\Danijel\Desktop\SH-Alt-Install.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [4476] =>.Adobe Systems, Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [4312] =>.Adobe Systems Incorporated®
O39 - APT: Antivirus Emergency Update - (.AVG Technologies CZ, s.r.o..) -- C:\Windows\System32\Tasks\Antivirus Emergency Update [3920] =>.AVG Technologies CZ, s.r.o.®
O39 - APT: AVG EUpdate Task - (...) -- C:\Windows\System32\Tasks\AVG EUpdate Task [3600] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2798] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3202] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3330] =>.Google Inc®
O39 - APT: Overwolf Updater Task - (.Overwolf LTD.) -- C:\Windows\System32\Tasks\Overwolf Updater Task [4304] =>.Overwolf Ltd®
O39 - APT: {95B59E6D-A533-40CF-B14D-A77BD97AA386} - (...) -- C:\Windows\System32\Tasks\{95B59E6D-A533-40CF-B14D-A77BD97AA386} [3144] (.Orphan.) =>.Superfluous.Orphan

---\\ Auto loading programs from Registry and folders (14) - 0s
O4 - HKLM\..\Run: [StartCN] . (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) -- C:\Program Files\AMD\CNext\CNext\cnext.exe =>.Advanced Micro Devices, Inc.®
O4 - HKLM\..\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Run: [AVGUI.exe] . (.AVG Technologies CZ, s.r.o. - AvLaunch component.) -- C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM\..\Wow6432Node\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc.®
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4218728406-1097614046-610063632-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4218728406-1097614046-610063632-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®

---\\ Process running (31) - 1s
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [0] [PID.280] =>.AMD
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [0] [PID.1268] =>.AMD
[MD5.A10ED61B447D77BC5B36FD13BF425985] - (.AVG Technologies CZ, s.r.o. - AVG Service.) -- C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432] [PID.1400] =>.AVG Technologies CZ, s.r.o.®
[MD5.74B5E5DBE765B6FFBC387DAC5FD4D0B6] - (.AVG Technologies CZ, s.r.o. - AVG firewall service.) -- C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712] [PID.1808] =>.AVG Technologies CZ, s.r.o.®
[MD5.8D6BA8E7676038A27FD4ECF12CC744B0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83056] [PID.2040] =>.Adobe Systems, Incorporated®
[MD5.B12D8F8A42080B955D027EE56F5BD1C3] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064] [PID.1288] =>.Advanced Micro Devices, Inc.
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1440] =>.Autodesk, Inc.®
[MD5.695CB51819A087F736EE3E3E58544417] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656] [PID.1784] =>.AVG Technologies CZ, s.r.o.®
[MD5.357CABBF155AFD1D3926E62539D2A3A7] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480] [PID.2152] =>.Microsoft Corporation®
[MD5.D790CAFEFF0291D0AF8C76F5A1EE2E4E] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223488] [PID.2368] =>.Microsoft Corporation®
[MD5.647C49CC0660476A5B482258AE922EB4] - (.AVG Technologies CZ, s.r.o. - AVG Software Analyzer.) -- C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648] [PID.3436] =>.AVG Technologies CZ, s.r.o.®
[MD5.739D7E0025F5CE97309695D3081E3823] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) -- C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664] [PID.4028] =>.Advanced Micro Devices, Inc.®
[MD5.6AC17068F3624102655071436496B501] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1800712] [PID.4072] =>.AVG Technologies CZ, s.r.o.®
[MD5.785CA75FBF99C8D12773B54F51FB2F85] - (.AVG Technologies CZ, s.r.o. - AVG Antivirus.) -- C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9271528] [PID.3116] =>.AVG Technologies CZ, s.r.o.®
[MD5.DC6BA48F7007ED842799F51BF2502EFE] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288] [PID.3680] =>.Oracle America, Inc.®
[MD5.13D47B1FCE71DE8B8B95F6AFC3166852] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe [307400] [PID.3612] =>.Advanced Micro Devices, Inc.®
[MD5.24AFAD9B4B24FD1D4BF7127A2DC78D92] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe [9818328] [PID.3804] =>.Piriform Ltd®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4120] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4140] =>.Google Inc®
[MD5.942E02374F3AE65175EF6FAC30C9246E] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe [307912] [PID.4172] =>.Advanced Micro Devices, Inc.®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4196] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.212] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4512] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3648] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.5016] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3028] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4616] =>.Google Inc®
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3080] =>.Google Inc®
[MD5.23DF6CB5212E1930463A9659F2E65B6B] - (.Farbar - Farbar Recovery Scan Tool.) -- C:\Users\Danijel\Desktop\FRST64.exe [2382336] [PID.4464] =>.Farbar
[MD5.D2919BAFD62948532F23B8E9A317D188] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Danijel\Desktop\ZHPDiag3.exe [2790784] [PID.5992] =>.Nicolas Coolman
[MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.1192] =>.Google Inc®

---\\ Google Chrome, Start,Search,Extensions (8) - 0s
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [User Data\Default] [fimkgcpmlbkeehbjhnijoginofbdgbdk] http://atavi.com/ =>.Atavi
G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] Michael Gundlach =>.Wladimir Palant {AdBlock}
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
G2 - GCE: Preference [User Data\Default] [pdoebgohinaejdpncadbahijijgoffke] 9gag Night Mode
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (8) - 1s
P2 - EXT FILE: (.Microsoft Corporation - The plugin allows you to have a better expe.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation®
P2 - EXT FILE: (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll =>.Adobe Systems, Incorporated®
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll =>.Adobe Systems Incorporated

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (31)

---\\ Browser Helper Object (BHO) (7) - 0s
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: AMD SteadyVideo BHO [64Bits] - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} (.Orphan.)
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (.Orphan.)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll =>.Microsoft Corporation®
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL =>.Microsoft Corporation®
O2 - BHO: Microsoft SkyDrive Pro Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (.Orphan.)

---\\ Global shortcuts Startup (108) - 6s
O4 - GS\Desktop [Administrator]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Administrator]: My Documents.lnk . (...) C:\Users\Danijel\Documents
O4 - GS\Desktop [Administrator]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Administrator]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Intеrnеt Exрlorеr (64-bit).lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Programs [Administrator]: Intеrnеt Еxplorer.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Desktop [Danijel]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Danijel]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Danijel]: My Documents.lnk . (...) C:\Users\Danijel\Documents
O4 - GS\Desktop [Danijel]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Danijel]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Danijel]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Danijel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Danijel]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Danijel]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Danijel]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Danijel]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Danijel]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
O4 - GS\TaskBar [Danijel]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Danijel]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Danijel]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Danijel]: Intеrnеt Exрlorеr (64-bit).lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Programs [Danijel]: Intеrnеt Еxplorer.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Desktop [Guest]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Guest]: My Documents.lnk . (...) C:\Users\Danijel\Documents
O4 - GS\Desktop [Guest]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Intеrnеt Exрlorеr (64-bit).lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Programs [Guest]: Intеrnеt Еxplorer.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\CommonDesktop [Public]: AutoCAD 2013 - English.lnk . (.Autodesk, Inc. - AutoCAD Application.) D:\Program Files\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US" =>.Autodesk, Inc®
O4 - GS\CommonDesktop [Public]: AVG.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /avg.open_ui =>.AVG Technologies CZ, s.r.o.®
O4 - GS\CommonDesktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) D:\Blizzard\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
O4 - GS\CommonDesktop [Public]: CPUID CPU-Z.lnk . (.CPUID - CPU-Z Application.) C:\Program Files\CPUID\CPU-Z\cpuz.exe =>.CPUID®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
O4 - GS\CommonDesktop [Public]: Letasoft Sound Booster.lnk . (.Letasoft - Sound Booster Application.) D:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe =>.Letasoft LLC®
O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\CommonDesktop [Public]: Overwolf.lnk . (.Copyright Overwolf © 2017 - Overwolf Launcher.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe =>.Overwolf Ltd®
O4 - GS\CommonDesktop [Public]: Skype.lnk . (...) C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe =>.Skype Technologies
O4 - GS\CommonDesktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) C:\Program Files\Speccy\Speccy64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) D:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Intеrnеt Exрlorеr (64-bit).lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Programs [Public]: Intеrnеt Еxplorer.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Intеrnet Eхplоrеr (Nо Аdd-оns).lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>..Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer\{AC76BA86-7AD7-1050-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Gоogle Chrоme.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Мozillа Firefох.lnk . (...) C:\Users\Danijel\AppData\Roaming\Browsers\exe.xoferif.bat

---\\ Lop.com/Domain Hijackers (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: DhcpNameServer = 192.168.42.129 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: DhcpNameServer = 192.168.5.1 =>.Local IP Adress

---\\ Extra protocols (28) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: osf [64Bits] - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation®
O18 - Filter: video/mp4 [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll =>.Advanced Micro Devices, Inc.®
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll =>.Advanced Micro Devices, Inc.®

---\\ Software installed (66) - 6s
O42 - Logiciel: Adobe Acrobat Reader DC - Croatian - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1050-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
O42 - Logiciel: AMD Quick Stream - (.AppEx Networks.) [HKLM][64Bits] -- {E9EED4AE-682B-4501-9574-D09A21717599}_is1 =>.AppEx Networks
O42 - Logiciel: AMD Steady Video Plug-In - (.AMD.) [HKLM][64Bits] -- {94BFDEF9-D91D-4B5D-8A60-08514C7191AF} =>.AMD
O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-B001-0000-0102-0060B0CE6BBA} =>.Autodesk, Inc®
O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-B001-0409-2102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] -- AutoCAD 2013 - English =>.Autodesk, Inc®
O42 - Logiciel: AutoCAD 2013 Language Pack - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-B001-0409-1102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Autodesk CAD Manager Tools - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-0111-0409-0110-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- {62F029AB-85F2-0000-866A-9FC0DD99DDBC} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- Autodesk Content Service =>.Autodesk, Inc®
O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] -- {62F029AB-85F2-0001-866A-9FC0DD99DDBC} =>.Autodesk
O42 - Logiciel: Autodesk Material Library 2013 - (.Autodesk.) [HKLM][64Bits] -- {117EBEEB-5DB0-43C8-9FD6-DD583DB152DD} =>.Autodesk
O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2013 - (.Autodesk.) [HKLM][64Bits] -- {606E12B9-641F-4644-A22A-FF38AE980AFD} =>.Autodesk
O42 - Logiciel: Autodesk Network License Manager - (.Autodesk.) [HKLM][64Bits] -- {4BE91685-1632-47FC-B563-A8A542C6664C} =>.Autodesk
O42 - Logiciel: Autodesk Sync - (.Autodesk, Inc..) [HKLM][64Bits] -- {EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F} =>.Autodesk, Inc.
O42 - Logiciel: AVG - (.AVG Technologies.) [HKLM][64Bits] -- {434FBA38-0562-4F98-9436-4B45C0C0EF0B} =>.AVG Technologies
O42 - Logiciel: AVG Internet Security - (.AVG Technologies.) [HKLM][64Bits] -- AVG Antivirus =>.AVG Technologies CZ, s.r.o.®
O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] -- Battle.net =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] -- Steam App 730 =>.Valve®
O42 - Logiciel: CPUID CPU-Z 1.78 - (.CPUID Inc.) [HKLM][64Bits] -- CPUID CPU-Z_is1 =>.CPUID Inc
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] -- Discord =>.Hammer & Chisel Inc.®
O42 - Logiciel: FMW 1 - (.AVG Technologies.) [HKLM][64Bits] -- {8DF0D8D9-0C24-47EB-9738-376DD2705133} =>.AVG Technologies
O42 - Logiciel: Galerija fotografija - (.Microsoft Corporation.) [HKLM][64Bits] -- {343C0612-37DC-4914-95A7-0845EE0C8F04} =>.Microsoft Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Hearthstone - (.Blizzard Entertainment.) [HKLM][64Bits] -- Hearthstone =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: Java 8 Update 141 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F64180141F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- {8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51} =>.Riot Games
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- League of Legends 4.2.1 =>.Riot Games
O42 - Logiciel: Letasoft Sound Booster 1.7.0.327 - (.Letasoft LLC.) [HKLM][64Bits] -- {6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1 =>.Letasoft LLC®
O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0117-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] -- {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Mozilla Firefox 54.0.1 (x86 hr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 54.0.1 (x86 hr) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77} =>.Microsoft
O42 - Logiciel: Overwolf - (.Overwolf Ltd..) [HKLM][64Bits] -- Overwolf =>.Overwolf Ltd®
O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM][64Bits] -- PowerISO =>.Power Software Ltd
O42 - Logiciel: Raptr - (.Raptr, Inc.) [HKLM][64Bits] -- Raptr =>.Raptr, Inc
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Skype™ 7.37 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {3B7E914A-93D5-4A29-92BB-AF8C3F66C431} =>.Skype Technologies S.A.
O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] -- Speccy =>.Piriform Ltd®
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: Windows 7 USB/DVD Download Tool - (.Microsoft Corporation.) [HKLM][64Bits] -- {CCF298AF-9CE1-4B26-B251-486E98A34789} =>.Microsoft Corporation
O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®

---\\ HKCU & HKLM Software Keys (78) - 6s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AMD =>.AMD
HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Wow6432Node\Autodesk =>.Autodesk
HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\CDESoft
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Greatis =>.Greatis Software
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Overwolf =>.Overwolf
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\PowerISO =>.PowerISO Computing
HKLM\SOFTWARE\Wow6432Node\PowerPivot =>.PowerPivot
HKLM\SOFTWARE\Wow6432Node\Raptr =>.Raptr
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Riot Games =>.Riot Games
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\wtu =>.WTU
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AppEx Networks =>.AppEx Networks
HKCU\SOFTWARE\ASProtect =>.ASPack Software
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\Autodesk =>.Autodesk
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\DriverEasy
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Greatis =>.Greatis Software
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Letasoft
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Overwolf =>.Overwolf
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PowerISO =>.PowerISO Computing
HKCU\SOFTWARE\Printers
HKCU\SOFTWARE\ProtectedStorage =>.Microsoft Corporation
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Raptr =>.Raptr
HKCU\SOFTWARE\Regrun
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\skypeapp-ab4ccbeaa4e4
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman

---\\ Contents of the Common Files folders (218) - 6s
O43 - CFD: 25/12/2016 - [] D -- C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
O43 - CFD: 25/12/2016 - [] D -- C:\Program Files\AMD Quick Stream =>.Advanced Micro Devices Inc
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\Autodesk =>.Autodesk
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 07/02/2017 - [] D -- C:\Program Files\CPUID =>.CPUID Inc
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files\Java =>.Oracle
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\Microsoft Analysis Services =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\Microsoft SQL Server =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Program Files\P9QABSMQ36
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\PowerISO =>.PowerISO Computing
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files\Speccy =>.Piriform
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 15/04/2017 - [] D -- C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 25/12/2016 - [] D -- C:\Program Files (x86)\AMD =>.AMD
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Autodesk =>.Autodesk
O43 - CFD: 25/04/2017 - [] D -- C:\Program Files (x86)\AVG =>.AVG Software
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 04/12/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Microsoft SQL Server =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 01/07/2017 - [] D -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 01/07/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files (x86)\Overwolf =>.Overwolf
O43 - CFD: 25/12/2016 - [] D -- C:\Program Files (x86)\Raptr Inc =>.Raptr Inc.
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 01/07/2017 - [] RD -- C:\Program Files (x86)\Skype =>.Skype
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files (x86)\UnHackMe =>.Greatis
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Windows Live =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 25/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center =>.Advanced Micro Devices Inc
O43 - CFD: 25/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved =>.AMD Gaming Evolved
O43 - CFD: 25/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream =>.Advanced Micro Devices Inc
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings =>.Samsung Electronics
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk =>.Autodesk
O43 - CFD: 17/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG =>.AVG Software
O43 - CFD: 12/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen =>.AVG
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 07/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID =>.CPUID Inc
O43 - CFD: 05/12/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 24/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 17/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
O43 - CFD: 05/12/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO =>.PowerISO Computing
O43 - CFD: 20/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 09/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 21/11/2010 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\.mono =>.Legitimate
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 25/12/2016 - [] D -- C:\ProgramData\AMD =>.AMD
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\ATI =>.ATI
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Autodesk =>.Autodesk
O43 - CFD: 21/04/2017 - [] D -- C:\ProgramData\Avg =>.AVG Software
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 04/12/2016 - [] HD -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] D -- C:\ProgramData\FLEXnet =>.Flexera Software
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 25/04/2017 - [] D -- C:\ProgramData\MFAData =>.AVG Software
O43 - CFD: 04/12/2016 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 24/07/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 05/07/2017 - [] D -- C:\ProgramData\Overwolf =>.Overwolf
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [0] D -- C:\ProgramData\RegRun =>.Greatis Software
O43 - CFD: 04/12/2016 - [] D -- C:\ProgramData\Riot Games =>.Riot Games
O43 - CFD: 01/07/2017 - [] D -- C:\ProgramData\Skype =>.Skype
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [0] D -- C:\ProgramData\TEMP =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\ProgramData\WindowsErrorReporting
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Common Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Common Files\Autodesk Shared =>.Autodesk
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 20/07/2017 - [] D -- C:\Program Files (x86)\Common Files\Overwolf =>.Overwolf
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 02/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 24/07/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 07/02/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\.minecraft =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\.mono =>.Legitimate
O43 - CFD: 09/02/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\ATI =>.ATI
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Autodesk =>.Autodesk
O43 - CFD: 21/04/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Battle.net =>.Games Software
O43 - CFD: 24/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\discord =>.GitHub
O43 - CFD: 24/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 29/05/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Google =>.Google
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 07/02/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\java =>.Oracle
O43 - CFD: 17/07/2017 - [0] D -- C:\Users\Danijel\AppData\Roaming\Letasoft
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\library_dir =>.library_dir
O43 - CFD: 09/02/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 21/11/2010 - [0] D -- C:\Users\Danijel\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] SD -- C:\Users\Danijel\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\PowerISO =>.PowerISO Computing
O43 - CFD: 25/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Raptr =>.Raptr
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Riot Games =>.Riot Games
O43 - CFD: 20/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\samika
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Skype =>.Skype
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\TuneUp Software =>.TuneUp Software
O43 - CFD: 19/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 25/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 09/02/2017 - [] D -- C:\Users\Danijel\AppData\Local\Adobe =>.Adobe
O43 - CFD: 25/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\AMD =>.AMD
O43 - CFD: 25/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\AppEx Networks =>.AppEx Networks
O43 - CFD: 04/12/2016 - [0] SHD -- C:\Users\Danijel\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 23/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\ATI =>.ATI
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\Autodesk =>.Autodesk
O43 - CFD: 06/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Avg =>.AVG Software
O43 - CFD: 15/02/2017 - [] D -- C:\Users\Danijel\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 15/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Battle.net =>.Games Software
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\Blizzard =>.Blizzard
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 24/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\cache =>.Legitimate
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\CEF =>.CEF
O43 - CFD: 04/12/2016 - [0] D -- C:\Users\Danijel\AppData\Local\Deployment =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [0] D -- C:\Users\Danijel\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 02/06/2017 - [] D -- C:\Users\Danijel\AppData\Local\Discord =>.GitHub
O43 - CFD: 03/03/2017 - [0] D -- C:\Users\Danijel\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Google =>.Google
O43 - CFD: 04/12/2016 - [0] SHD -- C:\Users\Danijel\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 17/07/2017 - [0] SHD -- C:\Users\Danijel\AppData\Local\icsxml
O43 - CFD: 09/02/2017 - [] D -- C:\Users\Danijel\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 23/06/2017 - [] D -- C:\Users\Danijel\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 11/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 06/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Overwolf =>.Overwolf
O43 - CFD: 04/12/2016 - [] D -- C:\Users\Danijel\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 02/06/2017 - [] D -- C:\Users\Danijel\AppData\Local\SquirrelTemp =>.Squirrels
O43 - CFD: 09/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Steam =>.Steam Games
O43 - CFD: 25/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [0] SHD -- C:\Users\Danijel\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [] D -- C:\Users\Danijel\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Users\Danijel\AppData\Local\Windows Live =>.Microsoft Corporation
O43 - CFD: 15/02/2017 - [] D -- C:\Users\Danijel\AppData\Local\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 24/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\Zemana =>.Zemana
O43 - CFD: 25/07/2017 - [] D -- C:\Users\Danijel\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 04/12/2016 - [0] D -- C:\Users\Danijel\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] RD -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] RD -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
O43 - CFD: 02/06/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 05/12/2016 - [] RD -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 19/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf =>.Overwolf
O43 - CFD: 04/12/2016 - [] RD -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [0] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat =>.Seifert Systems
O43 - CFD: 23/07/2017 - [] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - [] D -- C:\Users\Danijel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/04/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 24/07/2017 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 17/03/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/07/2017 - [0] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Overwolf =>.Overwolf
O43 - CFD: 19/07/2017 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 04/12/2016 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 14/07/2009 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation

---\\ Latest files created in Prefetcher (1) - 5s
O45 - LFCP:[MD5.1F3AE851BAA5CF285417DB0F09D51873] 25/07/2017 A -- C:\Windows\Prefetch\WINDOWS LOADER.EXE-A9A2F8CD.pf =>HackTool.WinActivator

---\\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ ShareTools MSconfig StartupReg (8) - 1s
O53 - SMSR:HKLM\...\startupreg\AppEx Accelerator UI [Key] . (.AppEx Networks Corporation - AMD Quick Stream.) -- C:\Program Files\AMD Quick Stream\AMDQuickStream.exe =>.AppEx Networks Corporation
O53 - SMSR:HKLM\...\startupreg\Autodesk Sync [Key] . (.Autodesk, Inc. - Autodesk Sync.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe =>.Autodesk, Inc.
O53 - SMSR:HKLM\...\startupreg\Discord [Key] . (.Hammer & Chisel, Inc. - Discord.) -- C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe =>.Hammer & Chisel, Inc.
O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (.Copyright Overwolf © 2017 - Overwolf Launcher.) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE [Key] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE =>.Power Software Ltd
O53 - SMSR:HKLM\...\startupreg\Raptr [Key] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe =>.Raptr, Inc
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (.not file.)

---\\ System Drivers List (64) - 2s
O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2016/02/26 22:57:16 A . (.Advanced Micro Devices - AMD ACP Binaries.) -- C:\Windows\System32\drivers\amdacpksd.sys [296648] =>.Advanced Micro Devices, Inc.®
O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2015/04/03 02:14:26 A . (.AppEx Networks Corporation - AppEx Accelerator LWF/WFP Driver L.E..) -- C:\Windows\System32\drivers\appexDrv.sys [229056] =>.AppEx Networks Corporation®
O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2016/02/26 22:18:00 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\AtihdW76.sys [96256] =>.Advanced Micro Devices
O58 - SDL:2016/02/26 22:53:36 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [23981568] =>.Advanced Micro Devices, Inc.
O58 - SDL:2016/02/26 21:58:12 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [674816] =>.Advanced Micro Devices, Inc.
O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - File Vault Driver.) -- C:\Windows\System32\drivers\avgbdiska.sys [166624] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\drivers\avgbidsdrivera.sys [313616] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Application Activity Monitor Helper Driver.) -- C:\Windows\System32\drivers\avgbidsha.sys [192584] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Logging Driver.) -- C:\Windows\System32\drivers\avgbloga.sys [336896] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Universal Driver.) -- C:\Windows\System32\drivers\avgbuniva.sys [51336] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:26 A . (.AVG Technologies CZ, s.r.o. - AVG HWID.) -- C:\Windows\System32\drivers\avgHwid.sys [39424] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:44 A . (.AVG Technologies CZ, s.r.o. - AVG File System Minifilter for Windows 2003.) -- C:\Windows\System32\drivers\avgmonflt.sys [139112] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/04/21 03:34:22 A . (.AVG Technologies CZ, s.r.o. - Firewall NDIS6 Helper.) -- C:\Windows\System32\drivers\avgNetNd6.sys [29944] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:10 A . (.AVG Technologies CZ, s.r.o. - AVG Firewall Driver.) -- C:\Windows\System32\drivers\avgNetSec.sys [546968] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:26 A . (.AVG Technologies CZ, s.r.o. - AVG WFP Redirect Driver.) -- C:\Windows\System32\drivers\avgRdr2.sys [102792] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG Revert.) -- C:\Windows\System32\drivers\avgRvrt.sys [76832] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:14 A . (.AVG Technologies CZ, s.r.o. - AVG Virtualization Driver.) -- C:\Windows\System32\drivers\avgSnx.sys [1008288] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG self protection module.) -- C:\Windows\System32\drivers\avgSP.sys [578048] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - Stream Filter.) -- C:\Windows\System32\drivers\avgStm.sys [191208] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG VM Monitor.) -- C:\Windows\System32\drivers\avgVmm.sys [353744] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2009/06/10 22:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 03:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 22:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2009/07/14 03:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/10 22:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2009/06/10 22:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/11/21 05:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2010/11/21 05:23:47 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2012/10/25 18:20:28 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) -- C:\Windows\System32\drivers\Rt64win7.sys [769168] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/10/02 02:50:20 A . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\drivers\scdemu.sys [137280] =>.Power Software Limited®
O58 - SDL:2009/06/10 22:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 03:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2016/04/21 11:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\Windows\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®

---\\ Last modified or created user files (4) - 6s
O61 - LFC: 2017/07/25 09:49:04 A . (..) -- C:\Users\Danijel\AppData\Local\ATI\ACE\Manifest.Bin [30042] =>.ATI Technologies
O61 - LFC: 2017/07/23 21:59:05 A . (..) -- C:\Users\Danijel\AppData\Roaming\Autodesk\AutoCAD 2013 - English\R19.0\enu\AdExchangeBrowser.bin [475]
O61 - LFC: 2017/07/23 15:29:22 RA . (..) -- C:\Users\Danijel\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [119808]
O61 - LFC: 2017/07/20 13:58:02 RA . (..) -- C:\Users\Danijel\Desktop\Windows 7 SP1 Ultimate (64 Bit)\Windows 7 SP1 Ultimate (64 Bit).iso [3319764992]

---\\ File Associations Shell Spawning (12) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O67 - Shell Spawning: <.scr> <AutoCADScriptFile>[HKCU\..\open\Command] (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe =>.Microsoft Corporation

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (2) - 11s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (33) - 0s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation

---\\ Firewall Active Exception List (4) - 2s
O87 - FAEL: "{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\AVG\Av\avgmfapx.exe (.not file.)
O87 - FAEL: "{88B03CA9-2668-49CA-A951-FE0E1902FDF9}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\AVG\Av\avgmfapx.exe (.not file.)
O87 - FAEL: "{747195D4-2B71-4983-B7A1-97FEC68ABD92}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (.not file.)
O87 - FAEL: "{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (.not file.)

---\\ Additional Scan (O88) (9) - 2s
[HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] =>.Superfluous.Orphan
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] =>.Superfluous.Orphan
[HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] =>.Superfluous.Orphan
[HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] =>.Superfluous.Orphan
C:\Windows\Prefetch\WINDOWS LOADER.EXE-A9A2F8CD.pf =>HackTool.WinActivator
C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931] =>PUM.Misplaced.Certificate [Avast Software]

---\\ Summary of the elements found (3) - 0s
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://nicolascoolman.eu/2017/06/26/trojan-certlock/ =>PUM.Misplaced.Certificate

~ Unselected Options:
~ End of the scan, 35436 items in 01mn40s (944)(0)
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
4,181
1,810
pchelpforum.net
Hello Mawlol,
Unfortunately your logs show evidence of hack tools designed to circumvent the legitimate activation of of software on your PC. The rules here at PCHF specifically prohibit any assistance in these circumstances and accordingly this thread will be closed.
 
Last edited:
  • Like
Reactions: Malnutrition
Status
Not open for further replies.