HKU\S-1-5-21-137795412-2995498740-2956586938-1001\...\Run: [zCHePCbpLP] => C:\Users\rodri\AppData\Local\aIiXJGQusj\explorer.exe [2285560 2018-05-18] (Intel Corporation) <==== ATTENTION
C:\Users\rodri\AppData\Local\aIiXJGQusj
HKU\S-1-5-21-137795412-2995498740-2956586938-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5852920 2018-05-02] (NordVPN)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
2018-06-12 23:16 - 2018-06-12 23:16 - 000003562 _____ C:\WINDOWS\System32\Tasks\SVC Update
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{00537a91-a687-4b0d-b480-0cb72ca00cd3}: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{10e26a94-a500-40f9-bba4-e4dd78eff6e4}: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
Internet Explorer:
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=&PTAG=ICO-799919a6","hxxps://search.yahoo.com/?type=903578&fr=yo-yhp-ch","search.mpc.am","hxxp://www.google.com/","hxxp://www.palikan.com/?f=7&a=plk_coinisre_16_43&cd=2XzuyEtN2Y1L1QzutCtBtByCyD0E0F0EtB0EzzyE0D0C0EyBtN0D0Tzu0StCyByDzytN1L2XzutAtFtByEtFtCtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0F0DtA0FtA0CtAtGyDtC0EyEtGyBtAyC0FtGyE0A0FyEtG0DtC0FyDyByC0B0FtAtA0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyD0DyEtC0D0ByEtGyEyC0C0FtGyEtD0EtDtGzz0Dzy0BtGtC0Ezz0F0EtDtDtDtDyD0AyC2QtN0A0LzuyE&cr=1222219241&ir=&uref=chmm"
CHR Extension: (Better Tab) - C:\Users\rodri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckpnalffccocpippngobngbcjmdoppg [2018-06-08]
VirusTotal: C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe2018-05-18 17:15 - 2018-06-01 16:16 - 000733184 _____ () C:\Users\rodri\AppData\Roaming\tmp.exe
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2018-04-09] (The OpenVPN Project)
S3 tapipvanish; C:\WINDOWS\System32\drivers\tapipvanish.sys [45552 2016-09-23] (The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project)ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {940C5F29-F0B6-4FC6-B64A-519007B20602} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "hxxp://sh.st/AeotZ" <==== ATTENTION
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {7391DE40-D912-4A41-A1EE-4D764EE7AED4}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {E7E86FB8-5E93-4003-96D8-FFA7C8EE1F3C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {7391DE40-D912-4A41-A1EE-4D764EE7AED4}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{7391DE40-D912-4A41-A1EE-4D764EE7AED4} /F:UpdateWORKGROUP\DESKTOP-D84CFS3$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {E7E86FB8-5E93-4003-96D8-FFA7C8EE1F3C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{E7E86FB8-5E93-4003-96D8-FFA7C8EE1F3C} /F:UpdateWORKGROUP\DESKTOP-D84CFS3$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
ResetHosts:
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"