E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at vr 23 jan 2015 17:38 . Windows 7 Professional SP 1 (32 bits) C:\Windows [NTFS - Fixed] Default Browser: Internet Explorer Boot mode: Normal boot User logged in: francist . Java x86: 1.8 . AV : AVG AntiVirus Free Edition 2015 [Updated - Running] AS : Windows Defender [Updated - Not Running] AS : AVG AntiVirus Free Edition 2015 [Updated - Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 23/01/2015 ##### r-h-s-d+a- C:\Users\francist\AppData\Roaming\Nico Mak Computing 23/01/2015 ##### r-h-s-d+a- C:\Users\francist\AppData\Roaming\E Dev 23/01/2015 ##### r-h-s-d+a- C:\Program Files\E Dev 22/01/2015 ##### r-h-s-d+a- C:\Users\francist\AppData\Local\DriverToolkit 22/01/2015 ##### r-h-s-d+a- C:\Program Files\DriverToolkit Files Modified Last 7 days : 23/01/2015 00701616 r-h-s-d-a+ C:\Windows\system32\FlashPlayerApp.exe 23/01/2015 00071344 r-h-s-d-a+ C:\Windows\system32\FlashPlayerCPLApp.cpl 22/01/2015 00272296 r-h-s-d-a+ C:\Windows\system32\javaws.exe 22/01/2015 00176552 r-h-s-d-a+ C:\Windows\system32\javaw.exe 22/01/2015 00176552 r-h-s-d-a+ C:\Windows\system32\java.exe 22/01/2015 00096680 r-h-s-d-a+ C:\Windows\system32\WindowsAccessBridge.dll 22/01/2015 00031088 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 22/01/2015 00031088 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 18/01/2015 01669560 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 18/01/2015 00745424 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 18/01/2015 00653930 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 18/01/2015 00153376 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 18/01/2015 00121802 r-h-s-d-a+ C:\Windows\system32\perfc009.dat Files Created Last 7 days : ==================== RUNNING PROCESSES ========================================= [armsvc] -SYSTEM- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated) [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD) [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD) [audiodg] -LOCAL SERVICE- C:\Windows\system32\AUDIODG.EXE - (Microsoft Corporation) [avgcsrvx] -SYSTEM- C:\Program Files\AVG\AVG2015\avgcsrvx.exe - (AVG Technologies CZ, s.r.o.) [avgemcx] -SYSTEM- C:\Program Files\AVG\AVG2015\avgemcx.exe - (AVG Technologies CZ, s.r.o.) [avgidsagent] -SYSTEM- C:\Program Files\AVG\AVG2015\avgidsagent.exe - (AVG Technologies CZ, s.r.o.) [avgnsx] -SYSTEM- C:\Program Files\AVG\AVG2015\avgnsx.exe - (AVG Technologies CZ, s.r.o.) [avgrsx] -SYSTEM- c:\PROGRA~1\AVG\AVG2015\avgrsx.exe - (AVG Technologies CZ, s.r.o.) [avgui] -francist- C:\Program Files\AVG\AVG2015\avgui.exe - (AVG Technologies CZ, s.r.o.) [avgwdsvc] -SYSTEM- C:\Program Files\AVG\AVG2015\avgwdsvc.exe - (AVG Technologies CZ, s.r.o.) [CCleaner] -francist- C:\Program Files\CCleaner\CCleaner.exe - (Piriform Ltd) [cf3e08d747e4] -SYSTEM- C:\Program Files\0ca45c95134d\cf3e08d747e4.exe - () [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [ctfmon] -francist- C:\Windows\system32\ctfmon.exe - (Microsoft Corporation) [downloader2] -francist- C:\Program Files\RealNetworks\RealDownloader\downloader2.exe - () [dwm] -francist- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -francist- C:\Program Files\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [explorer] -francist- C:\Windows\Explorer.EXE - (Microsoft Corporation) [FlashUtil32_16_0_0_287_ActiveX] -francist- C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_287_ActiveX.exe - (Adobe Systems Incorporated) [Fuel.Service] -SYSTEM- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - (Advanced Micro Devices, Inc.) [HydraDM] -francist- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe - (AMD) [IDMan] -francist- C:\Program Files\Internet Download Manager\IDMan.exe - (Tonec Inc.) [idmBroker] -francist- C:\Program Files\Internet Download Manager\idmBroker.exe - (Internet Download Manager, Tonec Inc.) [IEMonitor] -francist- C:\Program Files\Internet Download Manager\IEMonitor.exe - (Tonec Inc.) [iexplore] -francist- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [iexplore] -francist- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [iexplore] -francist- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation) [NetworkLicenseServer] -SYSTEM- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe - (ABBYY) [oklogsvc] -SYSTEM- C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe - (Oki Data Corporation) [okwchsvc] -SYSTEM- C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe - (Oki Data Corporation) [ONENOTEM] -francist- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) [OPHCLDCS] -SYSTEM- C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE - (Oki Data Corporation) [opja0004] -SYSTEM- C:\Program Files\Okidata\Print Job Accounting\opja0004.exe - (Oki Data Corporation) [portmgrsrv] -SYSTEM- C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe - (Oki Data Corporation) [RealPlayerUpdateSvc] -SYSTEM- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe - () [realsched] -francist- C:\Program Files\Real\RealPlayer\Update\realsched.exe - (RealNetworks, Inc.) [rndlresolversvc] -SYSTEM- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - () [rpsystray] -francist- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe - (RealNetworks, Inc.) [RtHDVCpl] -francist- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe - (Realtek Semiconductor) [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [Snagit32] -francist- C:\Program Files\TechSmith\Snagit 11\Snagit32.exe - (TechSmith Corporation) [SnagPriv] -francist- C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe - (TechSmith Corporation) [soffice.bin] -francist- C:\Program Files\OpenOffice.org 3\program\soffice.bin - (OpenOffice.org) [soffice] -francist- C:\Program Files\OpenOffice.org 3\program\soffice.exe - (OpenOffice.org) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [System] -N/A- - (System) [taskeng] -francist- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskhost] -francist- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [TrustedInstaller] -SYSTEM- C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation) [VSSVC] -SYSTEM- C:\Windows\system32\vssvc.exe - (Microsoft Corporation) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKCU\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://www.google.com/ Local Page = C:\Windows\system32\blank.htm Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = Bing URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497} => HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32 Default = C:\Windows\System32\ieframe.dll HKLM\Software\Microsoft\Internet Explorer\Main Start Page = about:blank Local Page = C:\Windows\System32\blank.htm Default_Page_URL = about:blank Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416471174&from=smt&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms} Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1416471174&from=smt&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E575578555785&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} DisplayName = Google URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} DisplayName = default-search.net URL = hxxp://www.default-search.net/search?sid=476&aid=135&itype=n&ver=14591&tm=537&src=ds&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} ==================== Auto Load ================================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = Explorer.exe ==================== Firefox =================================================== FF - ProfilePath - C:\Users\francist\AppData\Roaming\Mozilla\firefox\Profiles\u38188c5.default-1422026848436 FF - Ext: [IDM CC 7.3.69 ] - extension - mozilla_cc@internetdownloadmanager.com visible: True active: False FF - Ext: [Default 33.0.3 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True FF - Ext: [Belgium eID 1.0.18 ] - extension - belgiumeid@eid.belgium.be visible: True active: False FF - PlugIn: [Adobe® Flash® Player 16.0.0.280 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_280.dll ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\francist\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: hxxp://www.google.be/ GC - Default Search Provider: n/a GC - Ext: [ Bitdefender QuickScan ] Description: version: 203 Path: ..\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\203 = Known Disabled Extensions = GC - Ext: [ Bitdefender QuickScan ] Description: version :203 Path: C:\Users\francist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\203 ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {0055C089-8582-441B-A0BF-17B458C2A3A8} HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} Default = IDM integration (IDMIEHlprObj Class) => HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InProcServer32 Default = C:\Program Files\Internet Download Manager\IDMIECC.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} Default = RealNetworks Download and Record Plugin for Internet Explorer => HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\InProcServer32 Default = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Default = IETabPage Class => HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InProcServer32 Default = C:\Program Files\SupTab\SupTab.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll {95B7759C-8C7F-4BF1-B163-73684A933233} HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Default = [No Name] {B4F3A835-0E21-4959-BA22-42B3008E02FF} HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll ==================== Auto Start Programs ======================================= HKLM\Software\Microsoft\Windows\CurrentVersion\Run AVG_UI = "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices RealDownloader = C:\Program Files\RealNetworks\RealDownloader\downloader2.exe RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun TkBellExe = "c:\program files\real\realplayer\Update\realsched.exe" -osboot HKCU\Software\Microsoft\Windows\CurrentVersion\Run CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR HydraVisionDesktopManager = "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" IDMan = C:\Program Files\Internet Download Manager\IDMan.exe /onboot Startup - C:\Users\francist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk Startup - C:\Users\francist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml CLSID = {807573E5-5146-11D5-A672-00B0D022E945} => SOFTWARE\Classes\\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCU\SOFTWARE\AppDataLow\Software\Crossrider HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\Microsoft HKCU\SOFTWARE\AppDataLow\Software\RealNetworks HKCU\SOFTWARE\AppDataLow\Software\SpeeditUp HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [ABBYY.Licensing.FineReader.Professional.10.0] - ABBYY FineReader 10 PE Licensing Service - c:\program files\common files\abbyy\finereader\10.00\licensing\pe\networklicenseserver.exe SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe SERV - R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files\avg\avg2015\avgidsagent.exe SERV - R2 - [avgwd] - AVG WatchDog - c:\program files\avg\avg2015\avgwdsvc.exe SERV - R2 - [OKI OPHC DCS Loader] - OKI OPHC DCS Loader - c:\windows\system32\spool\drivers\w32x86\3\ophcldcs.exe SERV - R2 - [OkiJaSvc] - Print Job Accounting - c:\program files\okidata\print job accounting\oklogsvc.exe SERV - R2 - [OkiWchSvc] - Print Job Accounting Watch Service - c:\program files\okidata\print job accounting\okwchsvc.exe SERV - R2 - [opja0004] - Print Job Accounting opja0004 - c:\program files\okidata\print job accounting\opja0004.exe SERV - R2 - [OpLclSrv] - OKI Local Port Manager - c:\program files\okidata\common\extend3\portmgrsrv.exe SERV - R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files\realnetworks\realdownloader\rndlresolversvc.exe SERV - R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - c:\program files\real\updateservice\realplayerupdatesvc.exe SERV - R2 - [UniversalUpdater] - Universal Updater Service - c:\program files\0ca45c95134d\cf3e08d747e4.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe SERV - S3 - [gusvc] - Google Updater Service - c:\program files\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [RealPlayer Cloud Service] - RealPlayer Cloud Service - c:\program files\real\realplayer\rpds\bin\rpdsvc.exe *** Win32ShareProcess *** SERV - R2 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [AVGIDSHX] - AVGIDSHX - C:\Windows\system32\Drivers\AVGIDSHX.sys DRV - R0 - [Avglogx] - AVG Logging Driver - C:\Windows\system32\Drivers\Avglogx.sys DRV - R0 - [Avgmfx86] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx86.sys DRV - R0 - [Avgrkx86] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx86.sys DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [storflt] - Schijf - Filterstuurprogramma voor Virtual Machine-busaccelerator - C:\Windows\system32\Drivers\storflt.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==================== SvcHost - White Listed ==================================== HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@ORBTR Orbiter = ServiceDll = C:/Program Files/ORBTR/orbiter.dll [File not exists] ==================== SigCheck x86 Fast ========================================= c:\windows\system32\user32.dll - Publisher:Microsoft Corporation [7bd7f45ff37fa0669cd32ca0ef46e22c] ==================== Job tasks at C:\Windows\Tasks ============================= C:\Windows\Tasks\Adobe Flash Player Updater.job 940 bytes [ 11/10/2014 19:18:00 ] C:\Windows\Tasks\DriverToolkit Autorun.job 352 bytes [ 22/01/2015 10:21:23 ] C:\Windows\Tasks\KGPKVLD.job 1696 bytes [ 20/11/2014 9:24:13 ] C:\Windows\Tasks\QHMDS.job 1348 bytes [ 20/11/2014 9:24:57 ] C:\Windows\Tasks\SA.DAT 6 bytes [ 14/07/2009 6:53:47 ] C:\Windows\Tasks\SCHEDLGU.TXT 32580 bytes [ 14/07/2009 6:53:46 ] ==================== Job tasks at C:\Windows\system32\Tasks ==================== C:\Windows\system32\Tasks\Adobe Acrobat Update Task 3874 bytes [ 4/01/2015 18:37:27 ] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\Tasks\Adobe Flash Player Updater 3878 bytes [ 11/10/2014 19:18:00 ] => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Tasks\CCleanerSkipUAC 2778 bytes [ 6/09/2013 15:29:56 ] => "C:\Program Files\CCleaner\CCleaner.exe" C:\Windows\system32\Tasks\CreateChoiceProcessTask 3540 bytes [ 5/09/2013 8:40:52 ] => C:\Windows\System32\browserchoice.exe C:\Windows\system32\Tasks\KGPKVLD 4726 bytes [ 20/11/2014 9:24:13 ] => C:\Users\francist\AppData\Roaming\KGPKVLD.exe C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1378240423 3816 bytes [ 6/06/2014 7:38:26 ] => C:\Program Files\Opera\launcher.exe C:\Windows\system32\Tasks\QHMDS 4378 bytes [ 20/11/2014 9:24:57 ] => C:\Users\francist\AppData\Roaming\QHMDS.exe C:\Windows\system32\Tasks\RealDownloader Update Check 3416 bytes [ 10/12/2014 18:49:29 ] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3730078115-3281393171-2249441152-1000 3374 bytes [ 15/01/2014 12:39:55 ] => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe C:\Windows\system32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3730078115-3281393171-2249441152-1000 3226 bytes [ 15/01/2014 12:39:56 ] => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3730078115-3281393171-2249441152-1000 3354 bytes [ 15/01/2014 12:39:55 ] => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3730078115-3281393171-2249441152-1000 3204 bytes [ 15/01/2014 7:42:00 ] => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3730078115-3281393171-2249441152-1000 3332 bytes [ 11/11/2014 19:03:52 ] => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe C:\Windows\system32\Tasks\SidebarExecute 3230 bytes [ 18/09/2013 14:51:08 ] => C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\Tasks\{2E3BC6B7-6C96-4940-8B7E-BF505AA17EFA} 3162 bytes [ 20/11/2014 9:33:08 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{DDBD2AD1-B132-4D7F-9DA3-442165275904} 3106 bytes [ 12/10/2014 10:54:56 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{E2D57E2C-544E-4C2B-89DF-3B5A9EF8E7FB} 3206 bytes [ 12/10/2014 10:59:30 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{FCC2367D-24A1-490C-B2C4-CFC8ABC4CA51} 3108 bytes [ 20/11/2014 9:40:23 ] => C:\Windows\system32\pcalua.exe ==================== End scanning at vr 23 jan 2015 17:39 (0 Min 49 Sec ) ======