E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at za 8 nov 2014 23:13 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Gebruiker . Java x86: 1.8 Java x64: n/a . AV : Microsoft Security Essentials [Updated - Running] AS : Microsoft Security Essentials [Updated - Running] AS : Windows Defender [Updated - Not Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 08/11/2014 ##### r-h-s-d+a- C:\Users\Gebruiker\AppData\Local\Secunia PSI 08/11/2014 ##### r-h-s-d+a- C:\rsit 08/11/2014 ##### r-h-s-d+a- C:\ProgramData\Oracle 08/11/2014 ##### r-h-s-d+a- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 08/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro 08/11/2014 ##### r-h-s-d+a- C:\Program Files\iTunes 08/11/2014 ##### r-h-s-d+a- C:\Program Files\iPod 08/11/2014 ##### r-h-s-d+a- C:\Program Files\CCleaner 08/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\VideoLAN 08/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Secunia 08/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\QuickTime 08/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\iTunes 08/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 08/11/2014 ##### r-h-s-d+a- C:\AdwCleaner 08/11/2014 ##### r-h+s+d+a- C:\Config.Msi 04/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\dealbomb 02/11/2014 ##### r-h-s-d+a- C:\Users\Gebruiker\AppData\Local\Ubisoft 02/11/2014 ##### r-h-s-d+a- C:\ProgramData\dealbomb 02/11/2014 ##### r-h-s-d+a- C:\ProgramData\addeal Files Modified Last 7 days : 08/11/2014 00701104 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerApp.exe 08/11/2014 00272296 r-h-s-d-a+ C:\Windows\SysWOW64\javaws.exe 08/11/2014 00176552 r-h-s-d-a+ C:\Windows\SysWOW64\javaw.exe 08/11/2014 00176552 r-h-s-d-a+ C:\Windows\SysWOW64\java.exe 08/11/2014 00098216 r-h-s-d-a+ C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 08/11/2014 00071344 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 08/11/2014 00029136 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 08/11/2014 00029136 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 08/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt Files Created Last 7 days : 08/11/2014 00772592 r-h-s-d-a+ C:\Windows\SysWOW64\npDeployJava1.dll 08/11/2014 00687600 r-h-s-d-a+ C:\Windows\SysWOW64\deployJava1.dll 08/11/2014 00098216 r-h-s-d-a+ C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== RUNNING PROCESSES ========================================= [AdblockPlusEngine] -Gebruiker- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe - (Eyeo GmbH) [AdobeARM] -Gebruiker- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - (Adobe Systems Incorporated) [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.) [ApplePhotoStreams] -Gebruiker- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe - (Apple Inc.) [APSDaemon] -Gebruiker- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe - (Apple Inc.) [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated) [ASGT] -SYSTEM- C:\Windows\SysWOW64\ASGT.exe - () [CCleaner64] -Gebruiker- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd) [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation) [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [dllhost] -Gebruiker- C:\Windows\system32\DllHost.exe - (Microsoft Corporation) [dwm] -Gebruiker- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.0.5] -Gebruiker- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev) [explorer] -Gebruiker- C:\Windows\Explorer.EXE - (Microsoft Corporation) [GfExperienceService] -SYSTEM- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe - (NVIDIA Corporation) [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation) [iCloudServices] -Gebruiker- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe - (Apple Inc.) [iexplore] -Gebruiker- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Gebruiker- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Gebruiker- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Gebruiker- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [iTunesHelper] -Gebruiker- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.) [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation) [KHALMNPR] -Gebruiker- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE - (Logitech, Inc.) [LCDClock] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe - (Logitech Inc.) [LCDCountdown] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe - (Logitech Inc.) [LCDMedia] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe - (Logitech Inc.) [LCDMovieViewer] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe - (Logitech Inc.) [LCDPictureViewer] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe - (Logitech Inc.) [LCDPOP3] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe - (Logitech Inc.) [LCDRSS] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe - (Logitech Inc.) [LCDWebCam] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe - (Logitech Inc.) [LCDYT] -Gebruiker- C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe - (Logitech Inc.) [LCore] -Gebruiker- C:\Program Files\Logitech Gaming Software\LCore.exe - (Logitech Inc.) [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [MsMpEng] -SYSTEM- c:\Program Files\Microsoft Security Client\MsMpEng.exe - (Microsoft Corporation) [msseces] -Gebruiker- C:\Program Files\Microsoft Security Client\msseces.exe - (Microsoft Corporation) [NisSrv] -LOCAL SERVICE- c:\Program Files\Microsoft Security Client\NisSrv.exe - (Microsoft Corporation) [notepad] -Gebruiker- C:\Windows\system32\NOTEPAD.EXE - (Microsoft Corporation) [NvBackend] -Gebruiker- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation) [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation) [nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation) [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation) [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation) [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation) [nvtray] -Gebruiker- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation) [PnkBstrA] -SYSTEM- C:\Windows\system32\PnkBstrA.exe - () [psi_tray] -Gebruiker- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe - (Secunia) [psia] -SYSTEM- C:\Program Files (x86)\Secunia\PSI\PSIA.exe - (Secunia) [rundll32] -SYSTEM- C:\Windows\system32\rundll32.exe - (Microsoft Corporation) [rundll32] -SYSTEM- C:\Windows\SysWOW64\rundll32.exe - (Microsoft Corporation) [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -Gebruiker- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [SetPointII] -Gebruiker- C:\Program Files\Logitech\SetPoint II\SetPointII.exe - (Logitech Inc.) [Skype] -Gebruiker- C:\Program Files (x86)\Skype\Phone\Skype.exe - (Skype Technologies S.A.) [SkypeC2CAutoUpdateSvc] -SYSTEM- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe - (Microsoft Corporation) [SkypeC2CPNRSvc] -NETWORK SERVICE- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [sua] -SYSTEM- C:\Program Files (x86)\Secunia\PSI\sua.exe - (Secunia) [taskhost] -Gebruiker- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [UNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - (Intel Corporation) [Updater] -SYSTEM- C:\Program Files (x86)\Popcorn Time\Updater.exe - (Company) [VDeck] -Gebruiker- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe - (VIA) [ViakaraokeSrv] -SYSTEM- C:\Windows\system32\viakaraokesrv.exe - () [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = www.google.com IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll IE06 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = www.google.com IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = www.google.com IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = www.google.com IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE06 x64 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = www.google.com IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe, AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Firefox =================================================== FF - ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\firefox\Profiles\4xne6vi5.default FF - Ext: [FUun2uSaavvE 4.5 ] - extension - gpq_g@wqdjuoyaiouo.edu visible: True active: True FF - Ext: [SaaveLootts 6.3 ] - extension - eg.oaui@jcngnyu.co.uk visible: True active: True FF - Ext: [Adblock Plus 2.6.4 ] - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} visible: True active: True FF - Ext: [RegoulAruDeeals 7.2 ] - extension - tzvpei7@iaoe-yg.edu visible: True active: True FF - Ext: [Default 31.0 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True FF - Ext: [Skype Click to Call 7.3.16540.9015 ] - extension - {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} visible: True active: False FF - Ext: [Snap.Do 1.1 ] - extension - {7a491354-0522-1e1d-aeb6-52b46cd19560} visible: True active: True FF - PlugIn: [Adobe® Flash® Player 15.0.0.189 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll FF - PlugIn: [Battlelog Game Launcher 2.5.1] - C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll FF - prefs.js: user_pref("keyword.URL", ""); ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Web GC - Homepage: http://feed.sonic-search.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp84xoyRpCgsNsaHR9xrsj5SZTw-dbJ7mwja9D7gZDMbAQBAV4iuQmvx5IFuVVeuRxDKm413E5XFFO1575z-g9H-jytchSSooFcQrzbyTvimFcdtSyX4Ki_La1_1UxJD GC - Default Search Provider: Google = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO - [Skype Click to Call for Internet Explorer] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} @ Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll BHO - [Adblock Plus for IE Browser Helper Object] - {FFCB3198-32F3-4E8B-9539-4324694ED664} @ Default = C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO x64 - [Skype Click to Call for Internet Explorer] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} @ Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll BHO x64 - [Adblock Plus for IE Browser Helper Object] - {FFCB3198-32F3-4E8B-9539-4324694ED664} @ Default = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ASP01 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" ASP01 - HKLM\..\Run @ HDAudDeck = C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP01 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ASP01 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ASP04 - HKCU\..\Run @ ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 - HKCU\..\Run @ iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe ASP04 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ASP01 x64 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ASP01 x64 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" ASP01 x64 - HKLM\..\Run @ HDAudDeck = C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP01 x64 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ASP01 x64 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ASP04 x64 - HKCU\..\Run @ ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 x64 - HKCU\..\Run @ iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe ASP04 x64 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ASP - Startup - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - Startup - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Productregistratie.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Protocol Hijackers - PH =================================== PH00 - Handler:skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} @ = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll # MD5 [c89f814492178585da89f452ce19b720] PH00 x64 - Handler:skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} @ = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll # MD5 [b15862b3db1f5396fd3cb27ed584b681] ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe SERV - R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe SERV - R2 - [fa6789c5] - VideoCnv - (x86)\videocnv\zet.dll [x] SERV - R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe SERV - R2 - [Secunia PSI Agent] - Secunia PSI Agent - c:\program files (x86)\secunia\psi\psia.exe SERV - R2 - [Secunia Update Agent] - Secunia Update Agent - c:\program files (x86)\secunia\psi\sua.exe SERV - R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe SERV - R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [NisSrv] - Microsoft Netwerkinspectie - c:\program files\microsoft security client\nissrv.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe SERV - Sx - [gupdate] - Google Updateservice (gupdate) - C:\Windows\system32\sysWOW64\Drivers\gupdate.sys [x] SERV - Sx - [gupdatem] - Google Update-service (gupdatem) - C:\Windows\system32\sysWOW64\Drivers\gupdatem.sys [x] *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R2 - [VIAKaraokeService] - VIA Karaoke digital mixer Service - c:\windows\system32\viakaraokesrv.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [ASGT] - ASGT - c:\windows\syswow64\asgt.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [iusb3hcs] - Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma - C:\Windows\system32\Drivers\iusb3hcs.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==================== SvcHost - White Listed ==================================== All Ok WOW - All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at za 8 nov 2014 23:13 (0 Min 28 Sec ) =======