E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at vr 14 nov 2014 18:10 . Windows 7 Ultimate SP 1 (32 bits) C:\Windows [NTFS - Fixed] Default Browser: Firefox 33.1 (x86 en-US) Boot mode: Normal boot User logged in: peter . Java x86: 1.7.0_06 . AV : AVG Internet Security 2014 [Updated - Running] AS : Windows Defender [Updated - Not Running] AS : AVG Internet Security 2014 [Updated - Running] FW : FW : AVG Internet Security 2014 [Updated - Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 14-11-2014 ##### r-h-s-d+a- C:\Program Files\E Dev 14-11-2014 ##### r-h+s+d+a- C:\Users\peter\AppData\Local\EmieBrowserModeList 11-11-2014 ##### r-h-s-d+a- C:\Program Files\Mozilla Firefox 10-11-2014 ##### r-h-s-d+a- C:\ProgramData\zeon 10-11-2014 ##### r-h-s-d+a- C:\ProgramData\Adobe 10-11-2014 ##### r-h-s-d+a- C:\Program Files\Adobe 08-11-2014 ##### r-h-s-d+a- C:\Users\peter\AppData\Roaming\Nuance 08-11-2014 ##### r-h-s-d+a- C:\Users\peter\AppData\Roaming\InstallShield 08-11-2014 ##### r-h-s-d+a- C:\Users\peter\AppData\Roaming\FLEXnet 08-11-2014 ##### r-h-s-d+a- C:\ProgramData\ScanSoft 08-11-2014 ##### r-h-s-d+a- C:\ProgramData\Nuance 08-11-2014 ##### r-h-s-d+a- C:\ProgramData\FLEXnet 08-11-2014 ##### r-h-s-d+a- C:\Program Files\Nuance Files Modified Last 7 days : 14-11-2014 01668596 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 14-11-2014 00745020 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 14-11-2014 00653526 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 14-11-2014 00152972 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 14-11-2014 00121398 r-h-s-d-a+ C:\Windows\system32\perfc009.dat 14-11-2014 00019680 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 14-11-2014 00019680 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 13-11-2014 100445232 r-h-s-d-a+ C:\Windows\system32\MRT.exe 13-11-2014 00277376 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT 12-11-2014 00701104 r-h-s-d-a+ C:\Windows\system32\FlashPlayerApp.exe 12-11-2014 00071344 r-h-s-d-a+ C:\Windows\system32\FlashPlayerCPLApp.cpl 07-11-2014 00341168 r-h-s-d-a+ C:\Windows\system32\iedkcs32.dll Files Created Last 7 days : 13-11-2014 164168033 r-h-s-d-a+ C:\Users\peter\stream.2014-11-13.144921.mp3 12-11-2014 19781632 r-h-s-d-a+ C:\Windows\system32\mshtml.dll 12-11-2014 12819456 r-h-s-d-a+ C:\Windows\system32\ieframe.dll 12-11-2014 04298240 r-h-s-d-a+ C:\Windows\system32\jscript9.dll 12-11-2014 02724864 r-h-s-d-a+ C:\Windows\system32\mshtml.tlb 12-11-2014 02379264 r-h-s-d-a+ C:\Windows\system32\win32k.sys 12-11-2014 02363904 r-h-s-d-a+ C:\Windows\system32\msi.dll 12-11-2014 02277376 r-h-s-d-a+ C:\Windows\system32\iertutil.dll 12-11-2014 02051072 r-h-s-d-a+ C:\Windows\system32\inetcpl.cpl 12-11-2014 01892864 r-h-s-d-a+ C:\Windows\system32\wininet.dll 12-11-2014 01310208 r-h-s-d-a+ C:\Windows\system32\urlmon.dll 12-11-2014 01237504 r-h-s-d-a+ C:\Windows\system32\msxml3.dll 12-11-2014 01155072 r-h-s-d-a+ C:\Windows\system32\mshtmlmedia.dll 12-11-2014 01059840 r-h-s-d-a+ C:\Windows\system32\lsasrv.dll 12-11-2014 00708096 r-h-s-d-a+ C:\Windows\system32\ieapfltr.dll 12-11-2014 00701440 r-h-s-d-a+ C:\Windows\system32\IMJP10K.DLL 12-11-2014 00688640 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll 12-11-2014 00683008 r-h-s-d-a+ C:\Windows\system32\ie4uinit.exe 12-11-2014 00681984 r-h-s-d-a+ C:\Windows\system32\adtschema.dll 12-11-2014 00667648 r-h-s-d-a+ C:\Windows\system32\MsSpellCheckingFacility.exe 12-11-2014 00620032 r-h-s-d-a+ C:\Windows\system32\jscript9diag.dll 12-11-2014 00571904 r-h-s-d-a+ C:\Windows\system32\oleaut32.dll 12-11-2014 00550912 r-h-s-d-a+ C:\Windows\system32\kerberos.dll 12-11-2014 00523776 r-h-s-d-a+ C:\Windows\system32\termsrv.dll 12-11-2014 00501248 r-h-s-d-a+ C:\Windows\system32\vbscript.dll 12-11-2014 00478208 r-h-s-d-a+ C:\Windows\system32\ieui.dll 12-11-2014 00475136 r-h-s-d-a+ C:\Windows\system32\audiosrv.dll 12-11-2014 00442880 r-h-s-d-a+ C:\Windows\system32\AUDIOKSE.dll 12-11-2014 00418304 r-h-s-d-a+ C:\Windows\system32\dxtmsft.dll 12-11-2014 00374784 r-h-s-d-a+ C:\Windows\system32\AudioEng.dll 12-11-2014 00341168 r-h-s-d-a+ C:\Windows\system32\iedkcs32.dll 12-11-2014 00285696 r-h-s-d-a+ C:\Windows\system32\dxtrans.dll 12-11-2014 00275968 r-h-s-d-a+ C:\Windows\system32\EncDump.dll 12-11-2014 00259584 r-h-s-d-a+ C:\Windows\system32\msv1_0.dll 12-11-2014 00248832 r-h-s-d-a+ C:\Windows\system32\schannel.dll 12-11-2014 00221184 r-h-s-d-a+ C:\Windows\system32\ncrypt.dll 12-11-2014 00195584 r-h-s-d-a+ C:\Windows\system32\AudioSes.dll 12-11-2014 00172032 r-h-s-d-a+ C:\Windows\system32\wdigest.dll 12-11-2014 00168960 r-h-s-d-a+ C:\Windows\system32\msrating.dll 12-11-2014 00146432 r-h-s-d-a+ C:\Windows\system32\msaudite.dll 12-11-2014 00115712 r-h-s-d-a+ C:\Windows\system32\ieUnatt.exe 12-11-2014 00102912 r-h-s-d-a+ C:\Windows\system32\ieetwcollector.exe 12-11-2014 00076288 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll 12-11-2014 00067584 r-h-s-d-a+ C:\Windows\system32\packager.dll 12-11-2014 00065536 r-h-s-d-a+ C:\Windows\system32\TSpkg.dll 12-11-2014 00064000 r-h-s-d-a+ C:\Windows\system32\MshtmlDac.dll 12-11-2014 00062464 r-h-s-d-a+ C:\Windows\system32\iesetup.dll 12-11-2014 00060416 r-h-s-d-a+ C:\Windows\system32\JavaScriptCollectionAgent.dll 12-11-2014 00047616 r-h-s-d-a+ C:\Windows\system32\ieetwproxystub.dll 12-11-2014 00047104 r-h-s-d-a+ C:\Windows\system32\jsproxy.dll 12-11-2014 00030720 r-h-s-d-a+ C:\Windows\system32\iernonce.dll 12-11-2014 00017408 r-h-s-d-a+ C:\Windows\system32\credssp.dll 12-11-2014 00004096 r-h-s-d-a+ C:\Windows\system32\ieetwcollectorres.dll 12-11-2014 00002048 r-h-s-d-a+ C:\Windows\system32\msxml3r.dll 10-11-2014 00225280 r-h-s-d-a- C:\Windows\system32\BrfxD05c.dll 10-11-2014 00180224 r-h-s-d-a+ C:\Windows\system32\BrMuSNMP.dll ==================== RUNNING PROCESSES ========================================= [armsvc] -SYSTEM- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated) [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD) [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD) [avgcsrvx] -SYSTEM- C:\Program Files\AVG\AVG2014\avgcsrvx.exe - (AVG Technologies CZ, s.r.o.) [avgcsrvx] -SYSTEM- C:\Program Files\AVG\AVG2014\avgcsrvx.exe - (AVG Technologies CZ, s.r.o.) [avgemcx] -SYSTEM- C:\Program Files\AVG\AVG2014\avgemcx.exe - (AVG Technologies CZ, s.r.o.) [avgfws] -SYSTEM- C:\Program Files\AVG\AVG2014\avgfws.exe - (AVG Technologies CZ, s.r.o.) [avgidsagent] -SYSTEM- C:\Program Files\AVG\AVG2014\avgidsagent.exe - (AVG Technologies CZ, s.r.o.) [avgnsx] -SYSTEM- C:\Program Files\AVG\AVG2014\avgnsx.exe - (AVG Technologies CZ, s.r.o.) [avgrsx] -SYSTEM- C:\Program Files\AVG\AVG2014\avgrsx.exe - (AVG Technologies CZ, s.r.o.) [avgui] -peter- C:\Program Files\AVG\AVG2014\avgui.exe - (AVG Technologies CZ, s.r.o.) [avgwdsvc] -SYSTEM- C:\Program Files\AVG\AVG2014\avgwdsvc.exe - (AVG Technologies CZ, s.r.o.) [BJMYPRT] -peter- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE - (CANON INC.) [BrCcUxSys] -peter- C:\Program Files\ControlCenter4\BrCcUxSys.exe - (Brother Industries, Ltd.) [BrCtrlCntr] -peter- C:\Program Files\ControlCenter4\BrCtrlCntr.exe - (Brother Industries, Ltd.) [BrotherHelp] -peter- C:\Program Files\Brother\Brother Help\BrotherHelp.exe - (Brother Industries, Ltd.) [BrStMonW] -peter- C:\Program Files\Browny02\Brother\BrStMonW.exe - (Brother Industries, Ltd.) [BrYNSvc] -SYSTEM- C:\Program Files\Browny02\BrYNSvc.exe - (Brother Industries, Ltd.) [CameraHelperShell] -peter- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe - (Logitech Inc.) [CNMNSST] -peter- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe - (CANON INC.) [CNSEMAIN] -peter- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE - (CANON INC.) [CNSEUPDT] -peter- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE - (CANON INC.) [COCIManager] -peter- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe - (Logitech Inc.) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [ctfmon] -peter- C:\Windows\system32\ctfmon.exe - (Microsoft Corporation) [Dropbox] -peter- C:\Users\peter\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) [dwm] -peter- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [DymoPnpService] -SYSTEM- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe - (Sanford, L.P.) [DymoQuickPrint] -peter- C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe - (Sanford, L.P.) [E-Peek 1.0.5] -peter- C:\Program Files\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev) [explorer] -peter- C:\Windows\Explorer.EXE - (Microsoft Corporation) [fbguard] -SYSTEM- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe - (Firebird Project) [fbserver] -SYSTEM- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe - (Firebird Project) [firefox] -peter- C:\Program Files\Mozilla Firefox\firefox.exe - (Mozilla Corporation) [FlashPlayerPlugin_15_0_0_223] -peter- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe - (Adobe Systems, Inc.) [FlashPlayerPlugin_15_0_0_223] -peter- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe - (Adobe Systems, Inc.) [FreemakeUtilsService] -SYSTEM- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe - (Freemake) [fshoster32] -peter- C:\Program Files\Internetbeveiliging\fshoster32.exe - (F-Secure Corporation) [fsorsp] -NETWORK SERVICE- C:\Program Files\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe - (F-Secure Corporation) [ijplmsvc] -SYSTEM- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE - () [ISUSPM] -peter- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe - (Acresso Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [LWS] -peter- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe - (Logitech Inc.) [mbam] -peter- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation) [mbamscheduler] -SYSTEM- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation) [mbamservice] -SYSTEM- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation) [msnmsgr] -peter- C:\Program Files\Windows Live\Messenger\msnmsgr.exe - (Microsoft Corporation) [NBService] -SYSTEM- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - (Nero AG) [NMIndexingService] -SYSTEM- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe - (Nero AG) [NMIndexStoreSvr] -peter- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe - (Nero AG) [pdfPro5Hook] -peter- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe - (Nuance Communications, Inc.) [PDFProFiltSrvPP] -SYSTEM- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe - (Nuance Communications, Inc.) [plugin-container] -peter- C:\Program Files\Mozilla Firefox\plugin-container.exe - (Mozilla Corporation) [PMBDeviceInfoProvider] -SYSTEM- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe - (Sony Corporation) [PMBVolumeWatcher] -peter- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe - (Sony Corporation) [pptd40nt] -peter- C:\Program Files\Nuance\PaperPort\pptd40nt.exe - (Nuance Communications, Inc.) [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [sidebar] -peter- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation) [Skype] -peter- C:\Program Files\Skype\Phone\Skype.exe - (Skype Technologies S.A.) [SkypeC2CAutoUpdateSvc] -SYSTEM- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe - (Microsoft Corporation) [SkypeC2CPNRSvc] -NETWORK SERVICE- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [taskeng] -peter- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskhost] -peter- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [UI0Detect] -SYSTEM- C:\Windows\system32\UI0Detect.exe - (Microsoft Corporation) [UMVPFSrv] -SYSTEM- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe - (Logitech Inc.) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.snsbank.nl/ IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = www.google.com IE03 - HKCU\Software\Microsoft\Internet Explorer\SearchUrl @ Default = hxxp://www.google.com/search?q=%s IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Goo] @ URL = hxxp://www.google.com/search?q={searc IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = www.google.com IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = www.google.com IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = www.google.com IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = www.google.com IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Firefox =================================================== FF - ProfilePath - C:\Users\peter\AppData\Roaming\Mozilla\firefox\Profiles\0u9zlke5.default FF - Ext: [ausaddonbarteopl 1003.91.748 ] - extension - ausaddonbar@teo.pl visible: True active: True FF - Ext: [2A1D5949B5194924BF628522FE0D5274 1002.42.673 ] - extension - {2A1D5949-B519-4924-BF62-8522FE0D5274} visible: True active: True FF - Ext: [tabwidthdesignnoirde 1006.79.439 ] - extension - tab-width@design-noir.de visible: True active: True FF - Ext: [Lasaoren Search 2.1.1 ] - extension - {ef8e675b-6f9f-45a0-bae1-7c026a1f477b} visible: True active: True FF - Ext: [Lasaoren 3.17 ] - extension - {0760faf4-8d0b-49d1-bbac-d05eb1ac32c7} visible: True active: True FF - Ext: [PriceFountain 1.0 ] - extension - {b6a94784-0ffb-4121-88c6-435139067ee2} visible: True active: True FF - Ext: [Default 33.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True FF - Ext: [Skype Click to Call 7.3.16540.9015 ] - extension - {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} visible: True active: False FF - PlugIn: [Adobe® Flash® Player 15.0.0.223 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll FF - PlugIn: [Adobe Shockwave Player] - C:\Windows\system32\Adobe\Director\np32dsw.dll FF - PlugIn: [EPPEX] - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - PlugIn: [DYMO Label Framework] - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ==================== Windows Host File ========================================= ==================== BHO ======================================================= BHO - [PlusIEEventHelper Class] - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} @ Default = C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY ASP01 - HKLM\..\Run @ BrHelp = C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN ASP01 - HKLM\..\Run @ BrStsMon00 = C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN ASP01 - HKLM\..\Run @ CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon ASP01 - HKLM\..\Run @ CanonSolutionMenuEx = C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon ASP01 - HKLM\..\Run @ ControlCenter4 = C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun ASP01 - HKLM\..\Run @ DLSService = "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" ASP01 - HKLM\..\Run @ F-Secure Hoster (45123) = "C:\Program Files\Internetbeveiliging\fshoster32.exe" -app -hosterid:1 ASP01 - HKLM\..\Run @ IJNetworkScannerSelectorEX = C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE ASP01 - HKLM\..\Run @ IndexSearch = "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" ASP01 - HKLM\..\Run @ LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide ASP01 - HKLM\..\Run @ NBKeyScan = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" ASP01 - HKLM\..\Run @ NeroFilterCheck = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe ASP01 - HKLM\..\Run @ PaperPort PTD = "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" ASP01 - HKLM\..\Run @ PDF5 Registry Controller = C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe ASP01 - HKLM\..\Run @ PDFHook = C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe ASP01 - HKLM\..\Run @ PMBVolumeWatcher = C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe ASP01 - HKLM\..\Run @ PPort12reminder = "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" ASP04 - HKCU\..\Run @ DymoQuickPrint = "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup ASP04 - HKCU\..\Run @ Google Update = "C:\Users\peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c ASP04 - HKCU\..\Run @ IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 ASP04 - HKCU\..\Run @ ISUSPM = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler ASP04 - HKCU\..\Run @ msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP04 - HKCU\..\Run @ Skype = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun ASP - Startup - C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - Startup - C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ASP - Startup - C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Protocol Hijackers - PH =================================== PH00 - Handler:skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} @ = Unknown # C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll # MD5 [c89f814492178585da89f452ce19b720] PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a] ==================== Automatic Started DLL's (AS) ============================== AS00 - @ AppInit_DLLs = c:\program ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT00 - HKLM\SOFTWARE\AppDataLow\Software\Adobe EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Adobe EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe SERV - R2 - [avgfws] - AVG Firewall - c:\program files\avg\avg2014\avgfws.exe SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files\avg\avg2014\avgidsagent.exe SERV - R2 - [avgwd] - AVG WatchDog - c:\program files\avg\avg2014\avgwdsvc.exe SERV - R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe SERV - R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe SERV - R2 - [DymoPnpService] - DYMO PnP Service - c:\program files\dymo\dymo label software\dymopnpservice.exe SERV - R2 - [FirebirdGuardianDefaultInstance] - Firebird Guardian - DefaultInstance - c:\program files\firebird\firebird_2_5\bin\fbguard.exe SERV - R2 - [Freemake Improver] - Freemake Improver - c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe SERV - R2 - [fshoster] - F-Secure Dll Hoster - c:\program files\internetbeveiliging\fshoster32.exe SERV - R2 - [FSORSPClient] - F-Secure ORSP Client - c:\program files\internetbeveiliging\apps\ccf_reputation\fsorsp.exe SERV - R2 - [IJPLMSVC] - Canon Inkjet Printer/Scanner/Fax Extended Survey Program - c:\program files\canon\ijplm\ijplmsvc.exe SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe SERV - R2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe SERV - R2 - [Nero BackItUp Scheduler 3] - Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe SERV - R2 - [PDFProFiltSrvPP] - PDFProFiltSrvPP - c:\program files\nuance\paperport\pdfprofiltsrvpp.exe SERV - R2 - [PMBDeviceInfoProvider] - PMBDeviceInfoProvider - c:\program files\sony\playmemories home\pmbdeviceinfoprovider.exe SERV - R2 - [UMVPFSrv] - UMVPFSrv - c:\program files\common files\logishrd\lvmvfm\umvpfsrv.exe SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [BrYNSvc] - BrYNSvc - c:\program files\browny02\brynsvc.exe SERV - R3 - [FirebirdServerDefaultInstance] - Firebird Server - DefaultInstance - c:\program files\firebird\firebird_2_5\bin\fbserver.exe SERV - R3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\nero\lib\nmindexingservice.exe SERV - R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files\windows live\family safety\fsssvc.exe SERV - S3 - [gusvc] - Google Updater Service - c:\program files\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - R3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [AVGIDSHX] - AVGIDSHX - C:\Windows\system32\Drivers\AVGIDSHX.sys DRV - R0 - [Avglogx] - AVG Logging Driver - C:\Windows\system32\Drivers\Avglogx.sys DRV - R0 - [Avgmfx86] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx86.sys DRV - R0 - [Avgrkx86] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx86.sys DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [sptd] - sptd - C:\Windows\system32\Drivers\sptd.sys DRV - R0 - [storflt] - Schijf - Filterstuurprogramma voor Virtual Machine-busaccelerator - C:\Windows\system32\Drivers\storflt.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==================== SvcHost - White Listed ==================================== HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@GPSvcGroup GPSvc = ServiceDll = C:\Windows\System32\gpsvc.dll [e897eaf5ed6ba41e081060c9b447a673] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@ORBTR Orbiter = [e897eaf5ed6ba41e081060c9b447a673] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at vr 14 nov 2014 18:11 (0 Min 19 Sec ) ======