E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2014 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at do 18 dec 2014 19:32 . Windows 8.1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Arno . Java x86: 1.8 Java x64: n/a . AV : Windows Defender [Updated - Not Running] AV : avast! Antivirus [Updated - Not Running] AS : Windows Defender [Updated - Not Running] AS : avast! Antivirus [Updated - Not Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 18/12/2014 ##### r-h-s-d+a- C:\Users\Arno\AppData\Roaming\E Dev 18/12/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services 18/12/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 14/12/2014 ##### r-h-s-d+a- C:\Program Files\CCleaner Files Modified Last 7 days : 12/12/2014 112710672 r-h-s-d-a+ C:\Windows\system32\MRT.exe Files Created Last 7 days : 15/12/2014 00146432 r-h-s-d-a+ C:\Windows\system32\poqexec.exe 15/12/2014 00129536 r-h-s-d-a+ C:\Windows\SysWOW64\poqexec.exe 12/12/2014 01970432 r-h-s-d-a+ C:\Windows\system32\crypt32.dll 12/12/2014 01612992 r-h-s-d-a+ C:\Windows\SysWOW64\crypt32.dll 12/12/2014 01091072 r-h-s-d-a+ C:\Windows\system32\MrmCoreR.dll 12/12/2014 01083392 r-h-s-d-a+ C:\Windows\system32\aeinv.dll 12/12/2014 00830464 r-h-s-d-a+ C:\Windows\system32\appraiser.dll 12/12/2014 00790528 r-h-s-d-a+ C:\Windows\SysWOW64\MrmCoreR.dll 12/12/2014 00740864 r-h-s-d-a+ C:\Windows\system32\invagent.dll 12/12/2014 00412672 r-h-s-d-a+ C:\Windows\system32\generaltel.dll 12/12/2014 00396288 r-h-s-d-a+ C:\Windows\system32\devinv.dll 12/12/2014 00227328 r-h-s-d-a+ C:\Windows\system32\aepdu.dll 12/12/2014 00192000 r-h-s-d-a+ C:\Windows\system32\aepic.dll 12/12/2014 00034304 r-h-s-d-a+ C:\Windows\system32\DeviceSetupStatusProvider.dll 12/12/2014 00028672 r-h-s-d-a+ C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 11/12/2014 01762840 r-h-s-d-a+ C:\Windows\system32\WindowsCodecs.dll 11/12/2014 01489072 r-h-s-d-a+ C:\Windows\SysWOW64\WindowsCodecs.dll ==================== RUNNING PROCESSES ========================================= [AERTSr64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE - (Andrea Electronics Corporation) [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe) [AvastSvc] -SYSTEM- C:\Program Files\AVAST Software\Avast\AvastSvc.exe - (AVAST Software) [avastui] -Arno- C:\Program Files\AVAST Software\Avast\avastui.exe - (AVAST Software) [avastui] -safe- C:\Program Files\AVAST Software\Avast\avastui.exe - (AVAST Software) [CCleaner64] -Arno- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Arno- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [ClassicStartMenu] -Arno- C:\Program Files\Classic Shell\ClassicStartMenu.exe - (IvoSoft) [ClassicStartMenu] -safe- C:\Program Files\Classic Shell\ClassicStartMenu.exe - (IvoSoft) [ClientCore] -Arno- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe - (Hewlett-Packard) [ClientCore] -safe- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe - (Hewlett-Packard) [CLMLSvc_P2G8] -safe- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe - (CyberLink) [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation) [dwm] -DWM-3- C:\Windows\System32\dwm.exe - (Microsoft Corporation) [dwm] -DWM-5- C:\Windows\system32\dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -Arno- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [explorer] -Arno- C:\Windows\Explorer.EXE - (Microsoft Corporation) [explorer] -safe- C:\Windows\Explorer.EXE - (Microsoft Corporation) [HeciServer] -SYSTEM- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe - (Intel(R) Corporation) [hkcmd] -Arno- C:\Windows\System32\hkcmd.exe - (Intel Corporation) [hkcmd] -safe- C:\Windows\System32\hkcmd.exe - (Intel Corporation) [HPMSGSVC] -Arno- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe - (Hewlett-Packard Development Company, L.P.) [HPMSGSVC] -safe- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe - (Hewlett-Packard Development Company, L.P.) [HPSA_Service] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe - (Hewlett-Packard Company) [HPWMISVC] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe - (Hewlett-Packard Development Company, L.P.) [igfxpers] -Arno- C:\Windows\System32\igfxpers.exe - (Intel Corporation) [igfxpers] -safe- C:\Windows\System32\igfxpers.exe - (Intel Corporation) [igfxsrvc] -Arno- C:\Windows\system32\igfxsrvc.exe - (Intel Corporation) [igfxsrvc] -safe- C:\Windows\system32\igfxsrvc.exe - (Intel Corporation) [jusched] -Arno- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation) [jusched] -safe- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation) [LogonUI] -SYSTEM- C:\Windows\System32\LogonUI.exe - (Microsoft Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation) [NIHardwareService] -SYSTEM- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe - (Native Instruments GmbH) [OmniServ] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe - (Softex Inc.) [OPBHOBroker] -Arno- C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe - (Hewlett-Packard) [OPBHOBroker] -safe- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe - (Hewlett-Packard) [OPBHOBrokerDsktop] -Arno- C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe - (Hewlett-Packard) [OPBHOBrokerDsktop] -safe- C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe - (Hewlett-Packard) [opvapp] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe - () [opvapp] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe - () [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor) [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor) [RtkAudioService64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe - (Realtek Semiconductor) [RtkNGUI64] -Arno- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - (Realtek Semiconductor) [RtkNGUI64] -safe- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - (Realtek Semiconductor) [RuntimeBroker] -safe- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation) [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe) [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe) [soundrec] -safe- C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_6.3.9600.20280_x64__8wekyb3d8bbwe\SoundRec.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [sqlwriter] -SYSTEM- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - (Microsoft Corporation) [SynTPEnh] -Arno- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated) [SynTPEnh] -safe- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated) [SynTPHelper] -Arno- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated) [SynTPHelper] -safe- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated) [System] -N/A- - (System) [taskhost] -Arno- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [taskhost] -LOCAL SERVICE- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [taskhostex] -Arno- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation) [taskhostex] -safe- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation) [unsecapp] -Arno- C:\Windows\system32\wbem\unsecapp.exe - (Microsoft Corporation) [unsecapp] -safe- C:\Windows\system32\wbem\unsecapp.exe - (Microsoft Corporation) [VSSVC] -SYSTEM- C:\Windows\system32\vssvc.exe - (Microsoft Corporation) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\System32\WinLogon.exe - (Microsoft Corporation) [wlanext] -SYSTEM- C:\Windows\system32\WLANExt.exe - (Microsoft Corporation) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WpcMon] -safe- C:\Windows\system32\WpcMon.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [YouCamService] -safe- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe - (CyberLink Corp.) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = hxxp://www.msn.com/?pc=AV01 Local Page = C:\Windows\SysWOW64\blank.htm Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} DisplayName = Microsoft (Bing) URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E85F2015-39A4-4AAB-BCF1-E0EAC832D6BF} DisplayName = Amazon (UK) Search Suggestions URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar {553891B7-A0D5-4526-BE18-D3CE461D6310} => HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InProcServer32 DefaultC:\Program Files\Classic Shell\ClassicExplorer32.dll ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://g.uk.msn.com/CQCON14/2 Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://g.uk.msn.com/CQCON14/2 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E85F2015-39A4-4AAB-BCF1-E0EAC832D6BF} DisplayName = Amazon (UK) Search Suggestions URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Toolbar {553891B7-A0D5-4526-BE18-D3CE461D6310} => HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InProcServer32 DefaultC:\Program Files\Classic Shell\ClassicExplorer32.dll ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe, Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: n/a GC - Default Search Provider: n/a = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {449D0D6E-2412-4E61-B68F-1CB625CD9E52} HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52} Default = ExplorerBHO Class => HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InProcServer32 Default = C:\Program Files\Classic Shell\ClassicExplorer32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security => HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll {EA801577-E6AD-4BD5-8F71-4BE0154331A4} HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4} Default = ClassicIEBHO Class => HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InProcServer32 Default = C:\Program Files\Classic Shell\ClassicIEDLL_32.dll ==================== BHO x64 =================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {449D0D6E-2412-4E61-B68F-1CB625CD9E52} HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52} Default = ExplorerBHO Class => HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InProcServer32 Default = C:\Program Files\Classic Shell\ClassicExplorer64.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Default = avast! Online Security => HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32 Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll {EA801577-E6AD-4BD5-8F71-4BE0154331A4} HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4} Default = ClassicIEBHO Class => HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InProcServer32 Default = C:\Program Files\Classic Shell\ClassicIEDLL_64.dll ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun Facebook Update = "C:\Users\Arno\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Classic Start Menu = "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun HotKeysCmds = "C:\Windows\system32\hkcmd.exe" IgfxTray = "C:\Windows\system32\igfxtray.exe" OPBHOBroker = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe OPBHOBrokerDesktop = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe Persistence = "C:\Windows\system32\igfxpers.exe" RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s SimplePass = C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled] !DiskInfo = 4 Classic Start Menu = 2 DisableStartScreen = 4 HotKeysCmds = 6 IgfxTray = 6 OPBHOBroker = 6 OPBHOBrokerDesktop = 6 Persistence = 6 RTHDVCPL = 6 RUNFBI = 4 SimplePass = 6 SynTPEnh = 6 AvastUI.exe = 2 GrooveMonitor = 2 HPMessageService = 6 mcpltui_exe = 4 SunJavaUpdateSched = 2 HKCU\Software\Microsoft\Windows\CurrentVersion\Run CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun Facebook Update = "C:\Users\Arno\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\skypec2c CLSID = {91774881-D725-4E58-B298-07617B9B86A8} => SOFTWARE\Classes\\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll # MD5 [c89f814492178585da89f452ce19b720] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5] ==================== Protocol Hijackers x64 ==================================== HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c CLSID = {91774881-D725-4E58-B298-07617B9B86A8} => SOFTWARE\Classes\\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll # MD5 [b15862b3db1f5396fd3cb27ed584b681] ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\txe components\tcs\heciserver.exe SERV - R2 - [NIHardwareService] - NIHardwareService - c:\program files\common files\native instruments\hardware\nihardwareservice.exe SERV - R2 - [omniserv] - HP SimplePass Service - c:\program files\hewlett-packard\simplepass\omniserv.exe SERV - R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe SERV - R2 - [SQLWriter] - SQL Server VSS Writer - c:\program files\microsoft sql server\90\shared\sqlwriter.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S3 - [c2wts] - Claims voor Windows Token Service - c:\program files\windows identity foundation\v3.5\c2wtshost.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fussvc] - Windows App Certification Kit Fast User Switching Utility Service - c:\program files (x86)\windows kits\8.1\app certification kit\fussvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe SERV - S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\txe components\tcs\socketheciserver.exe SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [MSSQL$SQLEXPRESS] - SQL Server (SQLEXPRESS) - c:\program files\microsoft sql server\mssql11.sqlexpress\mssql\binn\sqlservr.exe SERV - S3 - [MSSQLFDLauncher$SQLEXPRESS] - SQL Full-text Filter Daemon Launcher (SQLEXPRESS) - c:\program files\microsoft sql server\mssql11.sqlexpress\mssql\binn\fdlauncher.exe SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [ReportServer$SQLEXPRESS] - SQL Server Reporting Services (SQLEXPRESS) - c:\program files\microsoft sql server\msrs11.sqlexpress\reporting services\reportserver\bin\reportingservicesservice.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [SQLBrowser] - SQL Server Browser - c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VsEtwService120] - Visual Studio ETW Event Collection Service - c:\program files\microsoft visual studio 12.0\common7\packages\debugger\services\vsetwservice.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - S4 - [SQLAgent$SQLEXPRESS] - SQL Server Agent (SQLEXPRESS) - c:\program files\microsoft sql server\mssql11.sqlexpress\mssql\binn\sqlagent.exe *** Win32ShareProcess *** SERV - R2 - [avast! Antivirus] - avast! Antivirus - c:\program files\avast software\avast\avastsvc.exe SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [Te.Service] - Te.Service - c:\program files (x86)\windows kits\8.1\testing\runtimes\taef\wex.services.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp system event\hpwmisvc.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys DRV - R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys DRV - R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [MBI] - Intel(R) Sideband Fabric Device Service - C:\Windows\system32\Drivers\MBI.sys DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys DRV - R0 - [storahci] - Microsoft Standaard SATA AHCI-stuurprogramma - C:\Windows\system32\Drivers\storahci.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@apphost apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965] w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [8e553c859c83784dec08b10afc3eac92] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@iissvcs w3svc = [8e553c859c83784dec08b10afc3eac92] was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc] ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@apphost apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965] w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [8e553c859c83784dec08b10afc3eac92] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@iissvcs w3svc = [8e553c859c83784dec08b10afc3eac92] was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\Windows\Tasks ============================= C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1001Core.job 926 bytes [ 13/10/2014 17:34:17 ] C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1001UA.job 948 bytes [ 13/10/2014 17:34:18 ] C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1004Core.job 926 bytes [ 9/11/2014 20:27:12 ] C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1004UA.job 948 bytes [ 9/11/2014 20:27:12 ] C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1084 bytes [ 11/09/2014 20:17:28 ] C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1088 bytes [ 11/09/2014 20:17:29 ] C:\Windows\Tasks\SA.DAT 6 bytes [ 22/08/2013 16:45:54 ] ==================== Job tasks at C:\Windows\system32\Tasks ==================== C:\Windows\system32\Tasks\avast! Emergency Update 4182 bytes [ 14/09/2014 14:39:54 ] => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe C:\Windows\system32\Tasks\CCleanerSkipUAC 2770 bytes [ 14/12/2014 13:54:26 ] => "C:\Program Files\CCleaner\CCleaner.exe" C:\Windows\system32\Tasks\CLMLSvc_P2G8 3160 bytes [ 25/06/2014 22:46:41 ] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Windows\system32\Tasks\CLVDLauncher 3160 bytes [ 25/06/2014 22:46:41 ] => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1001Core 3444 bytes [ 13/10/2014 17:34:17 ] => C:\Users\Arno\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1001UA 3794 bytes [ 13/10/2014 17:34:18 ] => C:\Users\Arno\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1004Core 3440 bytes [ 9/11/2014 20:27:12 ] => C:\Users\safe\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-2314833076-321424013-3845646558-1004UA 3790 bytes [ 9/11/2014 20:27:12 ] => C:\Users\safe\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3824 bytes [ 11/09/2014 20:17:29 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4060 bytes [ 11/09/2014 20:17:29 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1069096049-2312365613-697439825-500 3594 bytes [ 26/04/2014 0:11:48 ] C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500 3596 bytes [ 2/04/2014 11:35:50 ] C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2314833076-321424013-3845646558-1001 3598 bytes [ 11/09/2014 16:51:20 ] C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2314833076-321424013-3845646558-1004 3598 bytes [ 28/10/2014 7:26:34 ] C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2314833076-321424013-3845646558-500 2384 bytes [ 26/06/2014 0:08:08 ] C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2540129545-2225053549-3627349507-500 3598 bytes [ 25/06/2014 22:17:27 ] C:\Windows\system32\Tasks\User_Feed_Synchronization-{01370A31-83FF-4587-892E-1E055423385B} 3966 bytes [ 30/10/2014 17:21:38 ] => C:\Windows\system32\msfeedssync.exe C:\Windows\system32\Tasks\User_Feed_Synchronization-{51181E31-4CFF-4139-8342-CE9353E533BB} 3966 bytes [ 11/09/2014 20:15:16 ] => C:\Windows\system32\msfeedssync.exe C:\Windows\system32\Tasks\YCMServiceAgent 3156 bytes [ 25/06/2014 22:43:56 ] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe ==================== Job tasks at C:\Windows\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at do 18 dec 2014 19:33 (0 Min 57 Sec ) ======