Troyano troj_SPNR.0CGQ14

Cerrado
aalexxacs
Message postés
1
Date d'inscription
miércoles, 30 de julio de 2014
Estatus
Miembro
Última intervención
miércoles, 30 de julio de 2014
- 30 jul 2014 a las 18:31
Hola, despues de instalar un programa se me cortó internet. No se corta toda la red, pues consigo ver otras compus de la red, pero nada de internet.
Mi antivirus (Trend Micro Titanium Internet) reportó el troyano troj_SPNR.0CGQ14.
Ya restauré el sistema (a punto de restauración anterior). Eliminé los puntos de restauración. Busqué en regedit. Inicié y corrí anti malware en modo a prueba de fallos...
He logrado que la compu esté menos lenta y puedo trabajar todos los programas cotidianos (precesadores y lectores de textos que es lo que más uso). Pero ningún programa puede conectarse.
Corrí el zoek y generó el siguiente reporte:
Zoek.exe v5.0.0.0 Updated 14-07-2014
Tool run by AlexDey on 30/07/2014 at 8:51:00,03.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\01-Alex-Dey\Office\new\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2014-07-30-112639.log 818 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware2\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware2\mbam.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware2\mbamservice.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\AlexDey\AppData\Roaming\iLinker deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\AlexDey\Searches deleted
C:\Users\AlexDey\AppData\Roaming\unins000.exe deleted
C:\Users\AlexDey\AppData\Roaming\unins001.exe deleted
C:\Users\AlexDey\AppData\Roaming\Mozilla\Firefox\Profiles\3h81tqes.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} deleted

==== System Specs ======================

Operating System: Microsoft Windows 8.1 Single Language 6.3.9600 64 bits
Manufacturer: ASUSTeK COMPUTER INC. - Model: S300CA
Install Date: 27/05/2014 23:22:52
Last Boot: 30/07/2014 8:29:20
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Number of Processors: 4
Work Station
Bootmode: Normal boot
Total RAM: 3981 MB (free 2251 MB - 56)
Computername: MANICEROS
Domain: GRUPO_TRABAJO
User: AlexDey (Administrator account)
Local Disk: C:\ - NTFS - 185 GB (free 51 GB)
Local Disk: D:\ - NTFS - 258 GB (free 155 GB)
Removable Disk: E:\ - FAT - 0 GB (free 0 GB)
Bootdevice: \Device\HarddiskVolume1
Windows update:
Country: Espa¤a
Language: ESN

==== System Specs (Software) ======================

Anti-Virus: Trend Micro Titanium Internet Security On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Trend Micro Titanium Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 11.0.9600.17126
Mozilla Firefox version: 27.0.1 (x86 es-ES)
Google Chrome version: 35.0.1916.153
Adobe Reader version: 11.0.07.79
Flash Player version: 14.0.0.125

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-07-30 04:57:58 A83C28FD77AA4ED0281A47240D44995E 465948225 ----a-w- C:\WINDOWS\MEMORY.DMP
====== C:\Users\AlexDey\AppData\Local\Temp ====
2014-07-30 02:49:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\AlexDey\AppData\Local\Temp\SHSetup.exe
2014-07-30 01:46:27 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\AlexDey\AppData\Local\Temp\SDIAG_5eba911f-4708-4e5c-b825-f4c632c624a4\NetworkDiagnosticSnapIn.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-07-30 03:10:37 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-07-30 03:09:03 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-07-30 03:09:03 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-07-30 03:09:02 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-07-10 20:37:18 -------- d-----w- C:\Program Files\Common Files\Atheros
======= C:\PROGRA~2 =====
2014-07-04 19:36:54 -------- d-----w- C:\PROGRA~2\Samsung
======= C: =====
====== C:\Users\AlexDey\AppData\Roaming ======
2014-07-30 04:32:45 -------- d-----w- C:\Users\AlexDey\AppData\Roaming\EurekaLab s.a.s
2014-07-29 21:30:22 -------- d-----w- C:\Users\AlexDey\AppData\Locallow\Trend Micro
2014-07-29 21:08:56 -------- d-----w- C:\Users\AlexDey\AppData\Roaming\uTorrent
====== C:\Users\AlexDey ======
2014-07-30 03:13:27 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-07-28 18:25:21 -------- d---a-r- C:\Users\AlexDey\OneDrive
2014-07-04 19:37:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

====== C: exe-files ==
2014-07-30 02:49:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\AlexDey\AppData\Local\Temp\SHSetup.exe
2014-07-30 01:46:51 94D6778EB9B72A9BCA22C522EF5FBD10 70680 ----a-w- C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\TmopExtIns32.exe
=== C: other files ==
2014-07-30 03:10:37 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-30 03:09:03 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-30 03:09:03 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-30 03:09:02 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-30 02:43:39 C124CB5EC80E0DD43FF7E562D71381D9 152850 ----a-w- C:\Users\AlexDey\AppData\Local\Temp\scoped_dir_7120_5206\chrome_tmbep.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3315006564-354634553-2824087521-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Zoner Photo Studio Autoupdate"="C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE"
"RESTART_STICKY_NOTES"="C:\WINDOWS\system32\StikyNot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"emsisoft anti-malware"="C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe /d=60"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Zoner Photo Studio Autoupdate"="C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE"
"RESTART_STICKY_NOTES"="C:\WINDOWS\system32\StikyNot.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 "
"Trend Micro Titanium"="C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent 1 SplashURL "
"BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASLDRService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASUS InstantOn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AtherosSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ATKGFNEXSrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DptfParticipantProcessorService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DptfPolicyConfigTDPService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPSIService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service Interface]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) ME Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WakeupService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZAtheros Bt and Wlan Coex Agent]


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23/06/2014 19:53]
C:\WINDOWS\tasks\AutoKMS.job --a-------- C:\Windows\AutoKMS\AutoKMS.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001Core.job --a-------- C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe [05/09/2013 22:52]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001UA.job --a-------- C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe [05/09/2013 22:52]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2013 20:37]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2013 20:37]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001Core.job --a-------- C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe [05/09/2013 23:02]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001UA.job --a-------- C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe [05/09/2013 23:02]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Patch for Touch Panel" [C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Splendid ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Splendid ColorU" [C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\WINDOWS\SysNative\tasks\ASUS VivoBook" [C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001Core" [C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001UA" [C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001Core" [C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3315006564-354634553-2824087521-1001UA" [C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"tmbepff-7.5@trendmicro.com"="C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension" [29/07/2014 22:45]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [29/07/2014 22:46]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" [29/07/2014 22:40]

==== Firefox Extensions ======================

ProfilePath: C:\Users\AlexDey\AppData\Roaming\Mozilla\Firefox\Profiles\3h81tqes.default
- Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
- Flash Video Downloader - Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Print pages to PDF - %ProfilePath%\extensions\printPages2Pdf@reinhold.ripper
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\AlexDey\AppData\Roaming\Mozilla\Firefox\Profiles\3h81tqes.default
738C29EAC995029E13333034C1402F56 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\AlexDey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\AlexDey\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\AlexDey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
C2ABE67BEF924EB10804F8B727F435D5 - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\AlexDey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
623BDA679BB7F3056930E19AB4941923 - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll - Trend Micro Titanium
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
3447F68CFA52BF8854FF05BADD5F4F17 - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx[20/08/2013 05:04]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[06/01/2014 14:57]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\AlexDey\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[23/05/2014 08:42]

Google Docs - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Banco Santander (Brasil) S.A. - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf
Google Wallet - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - AlexDey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\AlexDey\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\AlexDey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\WINDOWS\system32\StikyNot.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @oem5.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem5.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware2\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware2\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\WINDOWS\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\WINDOWS\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe
O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AlexDey\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\AlexDey\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\AlexDey\AppData\Local\Mozilla\Firefox\Profiles\3h81tqes.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\AlexDey\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=7 46912192 bytes)

==== Empty Temp Folders ======================

C:\Users\AlexDey\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\AlexDey\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/07/2014 at 9:42:59,94 ======================