ZA-Scan V1.0.0.5 Updated 17-October-2015 Tool run by Hugo Lucas on 18-10-2015 at 19:19:00,51. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hugo Lucas\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Panda\USBVaccine.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Users\Hugo Lucas\Desktop\ZA-Scan.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\HUGOLU~1\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe R2 - [Service KMSELDI] - Service KMSELDI - c:\program files\kmspico\service_kms.exe R2 - [sppsvc] - Protecção de Software - c:\windows\system32\sppsvc.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R2 - [ZAPrivacyService] - ZoneAlarm Privacy Service - c:\program files (x86)\checkpoint\zonealarm\zaprivacyservice.exe R2 - [ZoneAlarm AntiTheft] - ZoneAlarm AntiTheft - c:\program files (x86)\checkpoint\antitheft\antitheft.exe R3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe R3 - [WMPNetworkSvc] - Serviço de Partilha de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Serviço Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [vsmon] - TrueVector Internet Monitor - c:\program files (x86)\checkpoint\zonealarm\vsmon.exe S3 - [ALG] - Serviço de gateway de camada de aplicação - c:\windows\system32\alg.exe S3 - [COMSysApp] - Aplicação de sistema COM+ - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Serviço receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Serviço de programação do Windows Media Center - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Serviço Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Coordenador de Transacções Distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Sistema Anfitrião de DLLs de Contadores de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Localizador de 'Chamada de procedimento remoto' (RPC) - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - Trap SNMP - c:\windows\system32\snmptrap.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia sombra de volume - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Serviço de Tecnologias de Activação do Windows - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Serviço do Motor de Cópia de Segurança de Nível de Bloqueio - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S4 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe S4 - [aspnet_state] - Serviço de Estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe S4 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe S4 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S4 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe S4 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe S4 - [NVSvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe S4 - [OODefragAgent] - O&O Defrag - c:\program files\oo software\defrag\oodag.exe S4 - [PSI_SVC_2_x64] - Corel License Validation Service V2 x64, Powered by arvato - c:\program files\common files\protexis\license service\psiservice_2.exe S4 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S4 - [SpyHunter 4 Service] - SpyHunter 4 Service - c:\program files\enigma software group\spyhunter\sh4service.exe [x] S4 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe S4 - [TunnelBearMaintenance] - TunnelBear Maintenance - c:\program files (x86)\tunnelbear\tbear.maintenance.exe S4 - [TurboBoost] - Intel(R) Turbo Boost Technology Monitor - c:\program files\intel\turboboost\turboboost.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Controlador Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Controlador Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Controlador ACPI da Microsoft - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - Canal IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Registo Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Compbatt] - Controlador de Bateria Composta da Microsoft - C:\Windows\system32\Drivers\Compbatt.sys R0 - [Disk] - Controlador de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Controlador de Filtro da Encriptação de Unidade BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys R0 - [KL1] - KL1 - C:\Windows\system32\Drivers\KL1.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gestor de Ponto de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Controlador de Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys R0 - [partmgr] - Gestor de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - Controlador de barramento PCI - C:\Windows\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [storflt] - Controlador de Filtro de Aceleração de Barramento de Máquina Virtual para Discos - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Controlador do protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Controlador de Enumerador de Unidades Virtuais da Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [vmbus] - Barramento de Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys R0 - [volmgr] - Controlador do gestor de volume - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gestor de Volumes Dinâmicos - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Serviço da Arquitetura de Controlador de Modo de Kernel - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Controlador de Suporte NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Windows 10 Upgrader"="C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe /delay" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Windows 10 Upgrader"="C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe /delay" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\!SASCORE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AFBAgent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HitmanProScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NitroUpdateService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nlsX86cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NVSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OODefragAgent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2_x64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SpyHunter 4 Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TunnelBearMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TurboBoost] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23-09-2015 17:41] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1943314416-2941298927-1049153985-1000Core.job --a------ C:\Users\Hugo Lucas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 15:51] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1943314416-2941298927-1049153985-1000UA.job --a------ C:\Users\Hugo Lucas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 15:51] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 13:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 13:19] C:\Windows\tasks\JustWrite.job --a------ C:\programdata\96927d2a-f853-3c20-9692-27d2af85f4ab\worldunlock codes calculator 4.4.exe [] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ab5e085-bad6-4185-863c-d23856c0782c.job --a------ [Undetermined Task] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e7f5e881-4f56-4592-8e95-20ef1580bf89.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [07-11-2013 21:08] C:\Windows\tasks\TechSmith Updater.job --a------ C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [17-04-2014 15:02] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1943314416-2941298927-1049153985-1000Core" [C:\Users\Hugo Lucas\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1943314416-2941298927-1049153985-1000UA" [C:\Users\Hugo Lucas\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PandaUSBVaccine" ["C:\Program Files (x86)\Panda\RunInteractiveWin.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com"] "C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 0ab5e085-bad6-4185-863c-d23856c0782c" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task e7f5e881-4f56-4592-8e95-20ef1580bf89" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\SysNative\tasks\TechSmith Updater" [C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{46816050-8160-4457-916C-EE6E0EDBD07A}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{205C4F18-EEDE-46C8-86B7-FAD294B36BAA}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\HUGOLU~1\AppData\Roaming\Mozilla\Firefox\Profiles\f8jktn16.default user_pref("browser.search.selectedEngine", "Yahoo:"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\HUGOLU~1\AppData\Roaming\Mozilla\Firefox\Profiles\f8jktn16.default - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Undetermined - %ProfilePath%\extensions\jid1-f7dnBeTj8ElpOQ@jetpack.xpi - Undetermined - %ProfilePath%\extensions\jid1-f7dnBeTj8ElpWQ@jetpack.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Hugo Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f8jktn16.default 0015C790161C5698FDDC22613C19533B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director 1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.71 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12-10-2015 09:31] Google Slides - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Skype Click to Call - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Hugo Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Start Page Redirect Cache"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Start Page Redirect Cache"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost #[IPv6] O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: (no name) - {8E50E49D-1422-4BC7-8CDC-67ACA0B02E12} - (no file) ==== EOF on 18-10-2015 at 19:20:39,12 ======================