E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at do 30 okt 2014 16:55 . Windows 8.1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Tom . Java x86: n/a Java x64: n/a . AV : Windows Defender [Updated - Not Running] AS : Windows Defender [Updated - Not Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 30/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Programs 30/10/2014 ##### r-h-s-d+a- C:\rsit 30/10/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes 30/10/2014 ##### r-h-s-d+a- C:\Program Files\trend micro 30/10/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware 30/10/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 30/10/2014 ##### r-h-s-d+a- C:\AdwCleaner 29/10/2014 ##### r-h+s+d+a- C:\Users\Tom\IntelGraphicsProfiles 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Roaming\Macromedia 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Roaming\Intel Corporation 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Roaming\inkscape 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Roaming\Adobe 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\VirtualStore 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Temp 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\PackageStaging 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Packages 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Microsoft 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Google 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\fontconfig 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Diagnostics 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Deployment 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\AVerMedia 28/10/2014 ##### r-h-s-d+a- C:\Users\Tom\AppData\Local\Apps 28/10/2014 ##### r-h-s-d+a- C:\ProgramData\EPSON 28/10/2014 ##### r-h-s-d+a- C:\Program Files\Inkscape 28/10/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Google 28/10/2014 ##### r-h-s+d+a- C:\Users\Tom\AppData\Roaming\Microsoft 28/10/2014 ##### r-h+s-d+a- C:\Users\Tom\AppData 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Sjablonen 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\SendTo 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Recent 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Netwerkprinteromgeving 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\NetHood 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Mijn documenten 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Menu Start 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Local Settings 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Cookies 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\Application Data 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\AppData\Local\Temporary Internet Files 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\AppData\Local\Geschiedenis 28/10/2014 ##### r-h+s+d+a- C:\Users\Tom\AppData\Local\Application Data 28/10/2014 ##### r+h-s-d+a+ C:\Users\Tom\SkyDrive 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Videos 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Searches 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Saved Games 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Pictures 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Music 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Links 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Favorites 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Downloads 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Documents 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Desktop 28/10/2014 ##### r+h-s-d+a- C:\Users\Tom\Contacts Files Modified Last 7 days : 30/10/2014 18547198 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 30/10/2014 00806500 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 30/10/2014 00802234 r-h-s-d-a+ C:\Windows\system32\perfh00C.dat 30/10/2014 00800660 r-h-s-d-a+ C:\Windows\system32\perfh00A.dat 30/10/2014 00798800 r-h-s-d-a+ C:\Windows\system32\perfh015.dat 30/10/2014 00794000 r-h-s-d-a+ C:\Windows\system32\perfh010.dat 30/10/2014 00789596 r-h-s-d-a+ C:\Windows\system32\prfh0816.dat 30/10/2014 00781168 r-h-s-d-a+ C:\Windows\system32\perfh019.dat 30/10/2014 00775740 r-h-s-d-a+ C:\Windows\system32\prfh0416.dat 30/10/2014 00755088 r-h-s-d-a+ C:\Windows\system32\perfh007.dat 30/10/2014 00743402 r-h-s-d-a+ C:\Windows\system32\perfh00E.dat 30/10/2014 00731574 r-h-s-d-a+ C:\Windows\system32\perfh005.dat 30/10/2014 00725516 r-h-s-d-a+ C:\Windows\system32\perfh01D.dat 30/10/2014 00723316 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 30/10/2014 00715654 r-h-s-d-a+ C:\Windows\system32\perfh01F.dat 30/10/2014 00542632 r-h-s-d-a+ C:\Windows\system32\perfh008.dat 30/10/2014 00508106 r-h-s-d-a+ C:\Windows\system32\perfh012.dat 30/10/2014 00498064 r-h-s-d-a+ C:\Windows\system32\perfh011.dat 30/10/2014 00456508 r-h-s-d-a+ C:\Windows\system32\perfh006.dat 30/10/2014 00450712 r-h-s-d-a+ C:\Windows\system32\prfh0404.dat 30/10/2014 00441600 r-h-s-d-a+ C:\Windows\system32\perfh014.dat 30/10/2014 00436346 r-h-s-d-a+ C:\Windows\system32\prfh0804.dat 30/10/2014 00427206 r-h-s-d-a+ C:\Windows\system32\perfh00B.dat 30/10/2014 00422260 r-h-s-d-a+ C:\Windows\system32\perfh001.dat 30/10/2014 00408958 r-h-s-d-a+ C:\Windows\system32\perfh00D.dat 30/10/2014 00177988 r-h-s-d-a+ C:\Windows\system32\perfc00E.dat 30/10/2014 00166550 r-h-s-d-a+ C:\Windows\system32\perfc00A.dat 30/10/2014 00164166 r-h-s-d-a+ C:\Windows\system32\prfc0816.dat 30/10/2014 00163682 r-h-s-d-a+ C:\Windows\system32\perfc015.dat 30/10/2014 00162500 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 30/10/2014 00161704 r-h-s-d-a+ C:\Windows\system32\perfc019.dat 30/10/2014 00159238 r-h-s-d-a+ C:\Windows\system32\perfc007.dat 30/10/2014 00159184 r-h-s-d-a+ C:\Windows\system32\perfc00C.dat 30/10/2014 00158832 r-h-s-d-a+ C:\Windows\system32\prfc0416.dat 30/10/2014 00156420 r-h-s-d-a+ C:\Windows\system32\perfc010.dat 30/10/2014 00152370 r-h-s-d-a+ C:\Windows\system32\perfc01D.dat 30/10/2014 00151818 r-h-s-d-a+ C:\Windows\system32\perfc005.dat 30/10/2014 00150298 r-h-s-d-a+ C:\Windows\system32\perfc01F.dat 30/10/2014 00135930 r-h-s-d-a+ C:\Windows\system32\perfc009.dat 30/10/2014 00135868 r-h-s-d-a+ C:\Windows\system32\prfc0804.dat 30/10/2014 00135868 r-h-s-d-a+ C:\Windows\system32\prfc0404.dat 30/10/2014 00135868 r-h-s-d-a+ C:\Windows\system32\perfc012.dat 30/10/2014 00135868 r-h-s-d-a+ C:\Windows\system32\perfc011.dat 30/10/2014 00089196 r-h-s-d-a+ C:\Windows\system32\perfc008.dat 30/10/2014 00081788 r-h-s-d-a+ C:\Windows\system32\perfc00B.dat 30/10/2014 00079760 r-h-s-d-a+ C:\Windows\system32\perfc006.dat 30/10/2014 00077252 r-h-s-d-a+ C:\Windows\system32\perfc014.dat 30/10/2014 00064964 r-h-s-d-a+ C:\Windows\system32\perfc00D.dat 30/10/2014 00064964 r-h-s-d-a+ C:\Windows\system32\perfc001.dat 29/10/2014 00344832 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT 29/10/2014 00000425 r-h-s-d-a+ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 29/10/2014 00000118 r-h-s-d-a+ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat Files Created Last 7 days : 30/10/2014 00536576 r-h-s-d-a+ C:\Windows\SysWOW64\sqlite3.dll 29/10/2014 23134208 r-h-s-d-a+ C:\Windows\system32\mshtml.dll 29/10/2014 21186352 r-h-s-d-a+ C:\Windows\system32\shell32.dll 29/10/2014 18644072 r-h-s-d-a+ C:\Windows\SysWOW64\shell32.dll 29/10/2014 18576384 r-h-s-d-a+ C:\Windows\system32\Windows.UI.Xaml.dll 29/10/2014 17073152 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll 29/10/2014 13949440 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.UI.Xaml.dll 29/10/2014 13209088 r-h-s-d-a+ C:\Windows\system32\twinui.dll 29/10/2014 12995584 r-h-s-d-a+ C:\Windows\system32\ieframe.dll 29/10/2014 11702272 r-h-s-d-a+ C:\Windows\SysWOW64\twinui.dll 29/10/2014 11220992 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll 29/10/2014 103265616 r-h-s-d-a+ C:\Windows\system32\MRT.exe 29/10/2014 07416832 r-h-s-d-a+ C:\Windows\system32\Windows.UI.Search.dll 29/10/2014 07399256 r-h-s-d-a+ C:\Windows\system32\ntoskrnl.exe 29/10/2014 06640640 r-h-s-d-a+ C:\Windows\system32\mstscax.dll 29/10/2014 06353960 r-h-s-d-a+ C:\Windows\system32\sppsvc.exe 29/10/2014 05770752 r-h-s-d-a+ C:\Windows\SysWOW64\mstscax.dll 29/10/2014 05765120 r-h-s-d-a+ C:\Windows\system32\jscript9.dll 29/10/2014 04961792 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.UI.Search.dll 29/10/2014 04604416 r-h-s-d-a+ C:\Windows\system32\d2d1.dll 29/10/2014 04240384 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll 29/10/2014 04189184 r-h-s-d-a+ C:\Windows\system32\win32k.sys 29/10/2014 04175360 r-h-s-d-a+ C:\Windows\system32\dbgeng.dll 29/10/2014 04105216 r-h-s-d-a+ C:\Windows\system32\SyncEngine.dll 29/10/2014 03936256 r-h-s-d-a+ C:\Windows\SysWOW64\d2d1.dll 29/10/2014 03532288 r-h-s-d-a+ C:\Windows\system32\wuaueng.dll 29/10/2014 03395920 r-h-s-d-a+ C:\Windows\system32\WSService.dll 29/10/2014 02896896 r-h-s-d-a+ C:\Windows\system32\msftedit.dll 29/10/2014 02873344 r-h-s-d-a+ C:\Windows\SysWOW64\dbgeng.dll 29/10/2014 02801664 r-h-s-d-a+ C:\Windows\system32\actxprxy.dll 29/10/2014 02764288 r-h-s-d-a+ C:\Windows\system32\iertutil.dll 29/10/2014 02617344 r-h-s-d-a+ C:\Windows\system32\authui.dll 29/10/2014 02570240 r-h-s-d-a+ C:\Windows\system32\SettingsHandlers.dll 29/10/2014 02397184 r-h-s-d-a+ C:\Windows\system32\d3d10warp.dll 29/10/2014 02332160 r-h-s-d-a+ C:\Windows\system32\wininet.dll 29/10/2014 02295808 r-h-s-d-a+ C:\Windows\SysWOW64\authui.dll 29/10/2014 02266624 r-h-s-d-a+ C:\Windows\SysWOW64\msftedit.dll 29/10/2014 02166272 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll 29/10/2014 02143960 r-h-s-d-a+ C:\Windows\SysWOW64\mfcore.dll 29/10/2014 02143744 r-h-s-d-a+ C:\Windows\system32\dwmcore.dll 29/10/2014 02140888 r-h-s-d-a+ C:\Windows\system32\d3d11.dll 29/10/2014 02134120 r-h-s-d-a+ C:\Windows\system32\d3d9.dll 29/10/2014 02133208 r-h-s-d-a+ C:\Windows\system32\mfcore.dll 29/10/2014 02071552 r-h-s-d-a+ C:\Windows\SysWOW64\d3d10warp.dll 29/10/2014 02065448 r-h-s-d-a+ C:\Windows\SysWOW64\explorer.exe 29/10/2014 01993728 r-h-s-d-a+ C:\Windows\system32\inetcpl.cpl 29/10/2014 01943536 r-h-s-d-a+ C:\Windows\system32\crypt32.dll 29/10/2014 01928144 r-h-s-d-a+ C:\Windows\system32\combase.dll 29/10/2014 01926656 r-h-s-d-a+ C:\Windows\SysWOW64\inetcpl.cpl 29/10/2014 01843712 r-h-s-d-a+ C:\Windows\system32\Display.dll 29/10/2014 01818112 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll 29/10/2014 01816576 r-h-s-d-a+ C:\Windows\SysWOW64\Display.dll 29/10/2014 01799944 r-h-s-d-a+ C:\Windows\SysWOW64\d3d9.dll 29/10/2014 01765384 r-h-s-d-a+ C:\Windows\SysWOW64\d3d11.dll 29/10/2014 01765376 r-h-s-d-a+ C:\Windows\SysWOW64\dwmcore.dll 29/10/2014 01756160 r-h-s-d-a+ C:\Windows\system32\WMPDMC.exe 29/10/2014 01720560 r-h-s-d-a+ C:\Windows\system32\ntdll.dll 29/10/2014 01704448 r-h-s-d-a+ C:\Windows\system32\wucltux.dll 29/10/2014 01642016 r-h-s-d-a+ C:\Windows\system32\winload.efi 29/10/2014 01584128 r-h-s-d-a+ C:\Windows\system32\workfolderssvc.dll 29/10/2014 01581968 r-h-s-d-a+ C:\Windows\SysWOW64\crypt32.dll 29/10/2014 01506680 r-h-s-d-a+ C:\Windows\system32\winload.exe 29/10/2014 01486848 r-h-s-d-a+ C:\Windows\system32\dbghelp.dll 29/10/2014 01476184 r-h-s-d-a+ C:\Windows\system32\winresume.efi 29/10/2014 01472048 r-h-s-d-a+ C:\Windows\SysWOW64\ntdll.dll 29/10/2014 01462216 r-h-s-d-a+ C:\Windows\system32\propsys.dll 29/10/2014 01399176 r-h-s-d-a+ C:\Windows\system32\winmde.dll 29/10/2014 01394176 r-h-s-d-a+ C:\Windows\system32\urlmon.dll 29/10/2014 01391104 r-h-s-d-a+ C:\Windows\SysWOW64\WMPDMC.exe 29/10/2014 01373872 r-h-s-d-a+ C:\Windows\system32\wmpmde.dll 29/10/2014 01371824 r-h-s-d-a+ C:\Windows\SysWOW64\combase.dll 29/10/2014 01362944 r-h-s-d-a+ C:\Windows\SysWOW64\user32.dll 29/10/2014 01345536 r-h-s-d-a+ C:\Windows\system32\winresume.exe 29/10/2014 01341288 r-h-s-d-a+ C:\Windows\system32\gdi32.dll 29/10/2014 01302528 r-h-s-d-a+ C:\Windows\system32\AppXDeploymentServer.dll 29/10/2014 01287576 r-h-s-d-a+ C:\Windows\system32\kernel32.dll 29/10/2014 01238016 r-h-s-d-a+ C:\Windows\SysWOW64\dbghelp.dll 29/10/2014 01231360 r-h-s-d-a+ C:\Windows\system32\Windows.Media.dll 29/10/2014 01214976 r-h-s-d-a+ C:\Windows\system32\schedsvc.dll 29/10/2014 01204968 r-h-s-d-a+ C:\Windows\SysWOW64\winmde.dll 29/10/2014 01202888 r-h-s-d-a+ C:\Windows\SysWOW64\propsys.dll 29/10/2014 01160704 r-h-s-d-a+ C:\Windows\system32\Windows.Web.Http.dll 29/10/2014 01156608 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll 29/10/2014 01147904 r-h-s-d-a+ C:\Windows\system32\UIAutomationCore.dll 29/10/2014 01109424 r-h-s-d-a+ C:\Windows\system32\KernelBase.dll 29/10/2014 01105408 r-h-s-d-a+ C:\Windows\system32\SearchFolder.dll 29/10/2014 01104384 r-h-s-d-a+ C:\Windows\system32\IKEEXT.DLL 29/10/2014 01085952 r-h-s-d-a+ C:\Windows\system32\twinui.appcore.dll 29/10/2014 01067080 r-h-s-d-a+ C:\Windows\system32\mfasfsrcsnk.dll 29/10/2014 01067008 r-h-s-d-a+ C:\Windows\SysWOW64\gdi32.dll 29/10/2014 01057280 r-h-s-d-a+ C:\Windows\system32\rdvidcrl.dll 29/10/2014 01036288 r-h-s-d-a+ C:\Windows\SysWOW64\kernel32.dll 29/10/2014 01019392 r-h-s-d-a+ C:\Windows\SysWOW64\actxprxy.dll 29/10/2014 01011712 r-h-s-d-a+ C:\Windows\system32\TSWorkspace.dll 29/10/2014 00960512 r-h-s-d-a+ C:\Windows\system32\MFMediaEngine.dll 29/10/2014 00947712 r-h-s-d-a+ C:\Windows\system32\reseteng.dll 29/10/2014 00922624 r-h-s-d-a+ C:\Windows\system32\AppXDeploymentExtensions.dll 29/10/2014 00920064 r-h-s-d-a+ C:\Windows\SysWOW64\UIAutomationCore.dll 29/10/2014 00919040 r-h-s-d-a+ C:\Windows\system32\MrmCoreR.dll 29/10/2014 00914944 r-h-s-d-a+ C:\Windows\system32\ReAgent.dll 29/10/2014 00903168 r-h-s-d-a+ C:\Windows\system32\iphlpsvc.dll 29/10/2014 00888832 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.Media.dll 29/10/2014 00883184 r-h-s-d-a+ C:\Windows\SysWOW64\mfasfsrcsnk.dll 29/10/2014 00872840 r-h-s-d-a+ C:\Windows\system32\mfplat.dll 29/10/2014 00869888 r-h-s-d-a+ C:\Windows\SysWOW64\twinui.appcore.dll 29/10/2014 00855552 r-h-s-d-a+ C:\Windows\SysWOW64\rdvidcrl.dll 29/10/2014 00848384 r-h-s-d-a+ C:\Windows\system32\WSShared.dll 29/10/2014 00842752 r-h-s-d-a+ C:\Windows\system32\MsSpellCheckingFacility.dll 29/10/2014 00835584 r-h-s-d-a+ C:\Windows\SysWOW64\KernelBase.dll 29/10/2014 00830976 r-h-s-d-a+ C:\Windows\SysWOW64\SearchFolder.dll 29/10/2014 00830464 r-h-s-d-a+ C:\Windows\system32\samsrv.dll 29/10/2014 00828416 r-h-s-d-a+ C:\Windows\system32\BFE.DLL 29/10/2014 00802816 r-h-s-d-a+ C:\Windows\SysWOW64\MFMediaEngine.dll 29/10/2014 00795648 r-h-s-d-a+ C:\Windows\SysWOW64\TSWorkspace.dll 29/10/2014 00787968 r-h-s-d-a+ C:\Windows\system32\uDWM.dll 29/10/2014 00770560 r-h-s-d-a+ C:\Windows\SysWOW64\ReAgent.dll 29/10/2014 00764864 r-h-s-d-a+ C:\Windows\system32\mfmpeg2srcsnk.dll 29/10/2014 00762368 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.Web.Http.dll 29/10/2014 00761856 r-h-s-d-a+ C:\Windows\system32\WorkfoldersControl.dll 29/10/2014 00749056 r-h-s-d-a+ C:\Windows\system32\SettingSyncCore.dll 29/10/2014 00747008 r-h-s-d-a+ C:\Windows\system32\wlidcli.dll 29/10/2014 00716288 r-h-s-d-a+ C:\Windows\system32\swprv.dll 29/10/2014 00708616 r-h-s-d-a+ C:\Windows\system32\iuilp.dll 29/10/2014 00706016 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerApp.exe 29/10/2014 00699840 r-h-s-d-a+ C:\Windows\system32\d3d10level9.dll 29/10/2014 00698232 r-h-s-d-a+ C:\Windows\SysWOW64\mfplat.dll 29/10/2014 00695808 r-h-s-d-a+ C:\Windows\SysWOW64\WSShared.dll 29/10/2014 00669352 r-h-s-d-a+ C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 29/10/2014 00656384 r-h-s-d-a+ C:\Windows\system32\dnsapi.dll 29/10/2014 00631296 r-h-s-d-a+ C:\Windows\system32\WWAHost.exe 29/10/2014 00630272 r-h-s-d-a+ C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 29/10/2014 00628736 r-h-s-d-a+ C:\Windows\SysWOW64\MrmCoreR.dll 29/10/2014 00628736 r-h-s-d-a+ C:\Windows\system32\SettingSyncHost.exe 29/10/2014 00618496 r-h-s-d-a+ C:\Windows\SysWOW64\apphelp.dll 29/10/2014 00615936 r-h-s-d-a+ C:\Windows\system32\MDMAgent.exe 29/10/2014 00607744 r-h-s-d-a+ C:\Windows\system32\comdlg32.dll 29/10/2014 00588800 r-h-s-d-a+ C:\Windows\SysWOW64\SettingSyncCore.dll 29/10/2014 00586240 r-h-s-d-a+ C:\Windows\system32\qedit.dll 29/10/2014 00578952 r-h-s-d-a+ C:\Windows\SysWOW64\d3d10level9.dll 29/10/2014 00578560 r-h-s-d-a+ C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll 29/10/2014 00566784 r-h-s-d-a+ C:\Windows\system32\wpncore.dll 29/10/2014 00565248 r-h-s-d-a+ C:\Windows\system32\SkyDrive.exe 29/10/2014 00558080 r-h-s-d-a+ C:\Windows\system32\apphelp.dll 29/10/2014 00548864 r-h-s-d-a+ C:\Windows\system32\vbscript.dll 29/10/2014 00544768 r-h-s-d-a+ C:\Windows\SysWOW64\wlidcli.dll 29/10/2014 00533504 r-h-s-d-a+ C:\Windows\system32\AppReadiness.dll 29/10/2014 00531968 r-h-s-d-a+ C:\Windows\SysWOW64\comdlg32.dll 29/10/2014 00518656 r-h-s-d-a+ C:\Windows\SysWOW64\WWAHost.exe 29/10/2014 00516496 r-h-s-d-a+ C:\Windows\system32\dxgi.dll 29/10/2014 00492544 r-h-s-d-a+ C:\Windows\SysWOW64\dnsapi.dll 29/10/2014 00488448 r-h-s-d-a+ C:\Windows\SysWOW64\qedit.dll 29/10/2014 00481944 r-h-s-d-a+ C:\Windows\system32\mfsvr.dll 29/10/2014 00478208 r-h-s-d-a+ C:\Windows\SysWOW64\SettingSyncHost.exe 29/10/2014 00465960 r-h-s-d-a+ C:\Windows\system32\AudioSes.dll 29/10/2014 00461312 r-h-s-d-a+ C:\Windows\system32\XpsGdiConverter.dll 29/10/2014 00458616 r-h-s-d-a+ C:\Windows\system32\WerFault.exe 29/10/2014 00454656 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll 29/10/2014 00447488 r-h-s-d-a+ C:\Windows\system32\sppcomapi.dll 29/10/2014 00433664 r-h-s-d-a+ C:\Windows\system32\ipnathlp.dll 29/10/2014 00419160 r-h-s-d-a+ C:\Windows\system32\hal.dll 29/10/2014 00411648 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 29/10/2014 00408480 r-h-s-d-a+ C:\Windows\SysWOW64\WerFault.exe 29/10/2014 00407024 r-h-s-d-a+ C:\Windows\system32\Faultrep.dll 29/10/2014 00406400 r-h-s-d-a+ C:\Windows\SysWOW64\dxgi.dll 29/10/2014 00393216 r-h-s-d-a+ C:\Windows\system32\WMPhoto.dll 29/10/2014 00391512 r-h-s-d-a+ C:\Windows\system32\tsmf.dll 29/10/2014 00386722 r-h-s-d-a+ C:\Windows\system32\ApnDatabase.xml 29/10/2014 00381952 r-h-s-d-a+ C:\Windows\system32\WUSettingsProvider.dll 29/10/2014 00381168 r-h-s-d-a+ C:\Windows\SysWOW64\mfsvr.dll 29/10/2014 00376320 r-h-s-d-a+ C:\Windows\system32\pnrpsvc.dll 29/10/2014 00369280 r-h-s-d-a+ C:\Windows\SysWOW64\Faultrep.dll 29/10/2014 00358896 r-h-s-d-a+ C:\Windows\system32\dcomp.dll 29/10/2014 00348160 r-h-s-d-a+ C:\Windows\SysWOW64\WMPhoto.dll 29/10/2014 00345552 r-h-s-d-a+ C:\Windows\SysWOW64\tsmf.dll 29/10/2014 00338944 r-h-s-d-a+ C:\Windows\system32\rdpclip.exe 29/10/2014 00336896 r-h-s-d-a+ C:\Windows\SysWOW64\XpsGdiConverter.dll 29/10/2014 00335360 r-h-s-d-a+ C:\Windows\system32\eappcfg.dll 29/10/2014 00331776 r-h-s-d-a+ C:\Windows\system32\eapphost.dll 29/10/2014 00326024 r-h-s-d-a+ C:\Windows\SysWOW64\AudioSes.dll 29/10/2014 00325120 r-h-s-d-a+ C:\Windows\system32\eapp3hst.dll 29/10/2014 00317616 r-h-s-d-a+ C:\Windows\system32\wintrust.dll 29/10/2014 00303616 r-h-s-d-a+ C:\Windows\system32\sti.dll 29/10/2014 00287744 r-h-s-d-a+ C:\Windows\system32\mdmregistration.dll 29/10/2014 00286208 r-h-s-d-a+ C:\Windows\system32\pcsvDevice.dll 29/10/2014 00272896 r-h-s-d-a+ C:\Windows\SysWOW64\eappcfg.dll 29/10/2014 00262144 r-h-s-d-a+ C:\Windows\SysWOW64\eapphost.dll 29/10/2014 00255488 r-h-s-d-a+ C:\Windows\system32\dnsrslvr.dll 29/10/2014 00254464 r-h-s-d-a+ C:\Windows\system32\AppXDeploymentClient.dll 29/10/2014 00249856 r-h-s-d-a+ C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 29/10/2014 00249856 r-h-s-d-a+ C:\Windows\system32\rdpencom.dll 29/10/2014 00245248 r-h-s-d-a+ C:\Windows\SysWOW64\eapp3hst.dll 29/10/2014 00240128 r-h-s-d-a+ C:\Windows\SysWOW64\mdmregistration.dll 29/10/2014 00235960 r-h-s-d-a+ C:\Windows\SysWOW64\wintrust.dll 29/10/2014 00233920 r-h-s-d-a+ C:\Windows\system32\mfps.dll 29/10/2014 00226304 r-h-s-d-a+ C:\Windows\system32\miutils.dll 29/10/2014 00225792 r-h-s-d-a+ C:\Windows\SysWOW64\dcomp.dll 29/10/2014 00221184 r-h-s-d-a+ C:\Windows\system32\profsvc.dll 29/10/2014 00218624 r-h-s-d-a+ C:\Windows\system32\ie4uinit.exe 29/10/2014 00218112 r-h-s-d-a+ C:\Windows\SysWOW64\sti.dll 29/10/2014 00208896 r-h-s-d-a+ C:\Windows\SysWOW64\rdpencom.dll 29/10/2014 00206336 r-h-s-d-a+ C:\Windows\system32\WSClient.dll 29/10/2014 00198656 r-h-s-d-a+ C:\Windows\SysWOW64\AppXDeploymentClient.dll 29/10/2014 00197120 r-h-s-d-a+ C:\Windows\system32\scrrun.dll 29/10/2014 00189952 r-h-s-d-a+ C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 29/10/2014 00186880 r-h-s-d-a+ C:\Windows\system32\WorkFoldersShell.dll 29/10/2014 00184832 r-h-s-d-a+ C:\Windows\system32\dafWfdProvider.dll 29/10/2014 00180224 r-h-s-d-a+ C:\Windows\SysWOW64\miutils.dll 29/10/2014 00178176 r-h-s-d-a+ C:\Windows\system32\easwrt.dll 29/10/2014 00174592 r-h-s-d-a+ C:\Windows\SysWOW64\WSClient.dll 29/10/2014 00171864 r-h-s-d-a+ C:\Windows\system32\kd_02_8086.dll 29/10/2014 00160768 r-h-s-d-a+ C:\Windows\system32\AppxAllUserStore.dll 29/10/2014 00160256 r-h-s-d-a+ C:\Windows\system32\DWWIN.EXE 29/10/2014 00156672 r-h-s-d-a+ C:\Windows\SysWOW64\scrrun.dll 29/10/2014 00140800 r-h-s-d-a+ C:\Windows\SysWOW64\easwrt.dll 29/10/2014 00139776 r-h-s-d-a+ C:\Windows\SysWOW64\AppxAllUserStore.dll 29/10/2014 00139776 r-h-s-d-a+ C:\Windows\system32\poqexec.exe 29/10/2014 00138752 r-h-s-d-a+ C:\Windows\SysWOW64\DWWIN.EXE 29/10/2014 00138240 r-h-s-d-a+ C:\Windows\system32\OEMLicense.dll 29/10/2014 00134656 r-h-s-d-a+ C:\Windows\system32\psmsrv.dll 29/10/2014 00132608 r-h-s-d-a+ C:\Windows\system32\msched.dll 29/10/2014 00131160 r-h-s-d-a+ C:\Windows\system32\easinvoker.exe 29/10/2014 00124416 r-h-s-d-a+ C:\Windows\SysWOW64\poqexec.exe 29/10/2014 00115712 r-h-s-d-a+ C:\Windows\system32\winbici.dll 29/10/2014 00113152 r-h-s-d-a+ C:\Windows\system32\shsetup.dll 29/10/2014 00111616 r-h-s-d-a+ C:\Windows\system32\ieetwcollector.exe 29/10/2014 00105440 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 29/10/2014 00104320 r-h-s-d-a+ C:\Windows\system32\ncryptsslp.dll 29/10/2014 00103936 r-h-s-d-a+ C:\Windows\SysWOW64\OEMLicense.dll 29/10/2014 00103424 r-h-s-d-a+ C:\Windows\system32\WiFiDisplay.dll 29/10/2014 00101888 r-h-s-d-a+ C:\Windows\system32\eappgnui.dll 29/10/2014 00094208 r-h-s-d-a+ C:\Windows\SysWOW64\shsetup.dll 29/10/2014 00093184 r-h-s-d-a+ C:\Windows\SysWOW64\eappgnui.dll 29/10/2014 00092672 r-h-s-d-a+ C:\Windows\system32\dafBth.dll 29/10/2014 00088272 r-h-s-d-a+ C:\Windows\SysWOW64\ncryptsslp.dll 29/10/2014 00084992 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll 29/10/2014 00084480 r-h-s-d-a+ C:\Windows\system32\WSCollect.exe 29/10/2014 00083968 r-h-s-d-a+ C:\Windows\system32\TSWbPrxy.exe 29/10/2014 00069632 r-h-s-d-a+ C:\Windows\SysWOW64\mshtmled.dll 29/10/2014 00064512 r-h-s-d-a+ C:\Windows\system32\tsgqec.dll 29/10/2014 00054776 r-h-s-d-a+ C:\Windows\system32\wuauclt.exe 29/10/2014 00053248 r-h-s-d-a+ C:\Windows\SysWOW64\tsgqec.dll 29/10/2014 00053248 r-h-s-d-a+ C:\Windows\system32\ftp.exe 29/10/2014 00049152 r-h-s-d-a+ C:\Windows\SysWOW64\ftp.exe 29/10/2014 00031064 r-h-s-d-a+ C:\Windows\system32\ploptin.dll 29/10/2014 00030208 r-h-s-d-a+ C:\Windows\system32\CredentialMigrationHandler.dll 29/10/2014 00027136 r-h-s-d-a+ C:\Windows\SysWOW64\CredentialMigrationHandler.dll 29/10/2014 00018944 r-h-s-d-a+ C:\Windows\system32\pcaui.exe 29/10/2014 00017408 r-h-s-d-a+ C:\Windows\SysWOW64\pcaui.exe 29/10/2014 00009701 r-h-s-d-a+ C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms 29/10/2014 00009701 r-h-s-d-a+ C:\Windows\system32\connectedsearch-results.searchconnector-ms 29/10/2014 00000425 r-h-s-d-a+ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 29/10/2014 00000118 r-h-s-d-a+ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 28/10/2014 01855488 r-h+s+d-a+ C:\Users\Tom\ntuser.dat.LOG2 28/10/2014 01048576 r-h+s+d-a+ C:\Users\Tom\NTUSER.DAT 28/10/2014 00749568 r-h+s+d-a+ C:\Users\Tom\ntuser.dat.LOG1 28/10/2014 00524288 r-h+s+d-a+ C:\Users\Tom\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms 28/10/2014 00524288 r-h+s+d-a+ C:\Users\Tom\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms 28/10/2014 00120320 r-h-s-d-a+ C:\Windows\system32\E_ILMJBE.DLL 28/10/2014 00083968 r-h-s-d-a+ C:\Windows\system32\E_ID4BJBE.DLL 28/10/2014 00081080 r-h+s-d-a+ C:\Users\Tom\AppData\Local\IconCache.db 28/10/2014 00065536 r-h+s+d-a+ C:\Users\Tom\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf 28/10/2014 00011242 r-h-s-d-a+ C:\Users\Tom\AppData\Local\BTServer.log 28/10/2014 00010752 r-h-s-d-a+ C:\Windows\system32\E_GCINST.DLL 28/10/2014 00002294 r-h-s-d-a+ C:\Users\Tom\AppData\Local\recently-used.xbel 28/10/2014 00000020 r-h+s+d-a- C:\Users\Tom\ntuser.ini 28/10/2014 00000000 r-h-s-d-a+ C:\Users\Tom\agent.log ==================== RUNNING PROCESSES ========================================= [dllhost] -SYSTEM- C:\Windows\system32\DllHost.exe - (Microsoft Corporation) [igfxEM] -Tom- C:\Windows\system32\igfxEM.exe - (Intel Corporation) [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation) [PDVD10Serv] -Tom- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe - (CyberLink Corp.) [SettingSyncHost] -Tom- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation) [SRService] -SYSTEM- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe - (Splashtop Inc.) [taskhostex] -Tom- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://google.com/ IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://msi13.msn.com IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE10 - HKLM\..\SearchScopes {5A15F02B-5D0A-49B6-AB4E-F9F499AB8C7C} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS; IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://google.com/ IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://msi13.msn.com IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE10 x64 - HKLM\..\SearchScopes {5A15F02B-5D0A-49B6-AB4E-F9F499AB8C7C} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS; ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: GC - Default Search Provider: n/a = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" ASP01 - HKLM\..\Run @ Sound Blaster Cinema = "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r ASP01 - HKLM\..\Run @ UpdReg = C:\Windows\UpdReg.EXE ASP04 - HKCU\..\Run @ EPLTarget\P0000000000000000 = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-700 Series" ASP04 - HKCU\..\Run @ GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010 = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window ASP04 - HKCU\..\Run @ RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe ASP01 x64 - HKLM\..\Run @ RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" ASP01 x64 - HKLM\..\Run @ Sound Blaster Cinema = "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r ASP01 x64 - HKLM\..\Run @ UpdReg = C:\Windows\UpdReg.EXE ASP04 x64 - HKCU\..\Run @ EPLTarget\P0000000000000000 = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-700 Series" ASP04 x64 - HKCU\..\Run @ GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010 = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window ASP04 x64 - HKCU\..\Run @ RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe ASP - Startup - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Protocol Hijackers - PH =================================== PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5] ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [BTDevManager] - BTDevManager - c:\program files (x86)\realtek\realtek bluetooth\btdevmgr.exe SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - R2 - [SplashtopRemoteService] - Splashtop® Remote Service - c:\program files (x86)\splashtop\splashtop remote\server\srservice.exe SERV - R2 - [SSUService] - Splashtop Software Updater Service - c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe SERV - R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [AVerRemote] - AVerRemote - c:\program files (x86)\common files\avermedia\service\averremote.exe SERV - R2 - [AVerScheduleService] - AVerScheduleService - c:\program files (x86)\common files\avermedia\service\averscheduleservice.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - R2 - [WMI_Hook_Service] - WMI_Hook_Service - c:\program files\quicksetting\quicksettingfn\wmi_hook_service.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R0 - [WdFilter] - Windows Defender Mini-Filter Driver - C:\Windows\system32\Drivers\WdFilter.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - S0 - [WdBoot] - Windows Defender Boot Driver - C:\Windows\system32\Drivers\WdBoot.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== All Ok WOW - All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at do 30 okt 2014 16:55 (0 Min 12 Sec ) ======