E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at za 7 mrt 2015 17:49 . Windows 8.1 Professional (64 bits) C:\WINDOWS [NTFS - Fixed] Default Browser: Firefox 36.0.1 (x86 nl) Boot mode: Normal boot User logged in: T . Java x86: 1.7.0_67 Java x64: n/a . AV : Avira Desktop [Updated - Not Running] AV : Windows Defender [Updated - Not Running] AS : Avira Desktop [Updated - Not Running] AS : Windows Defender [Updated - Not Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 07-03-2015 ##### r-h-s-d+a- C:\Users\T\AppData\Roaming\E Dev 07-03-2015 ##### r-h-s-d+a- C:\rsit 07-03-2015 ##### r-h-s-d+a- C:\Program Files\trend micro 07-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services 07-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 06-03-2015 ##### r-h-s-d+a- C:\Users\T\AppData\Roaming\Avira 06-03-2015 ##### r-h-s-d+a- C:\Users\T\AppData\Local\GHISLER 06-03-2015 ##### r-h-s-d+a- C:\ProgramData\Avira 06-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Avira 05-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Mozilla Firefox 04-03-2015 ##### r-h-s-d+a- C:\ProgramData\InstallMate 04-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\ISA2 04-03-2015 ##### r-h-s-d+a- C:\Program Files (x86)\e-Sword 02-03-2015 ##### r-h-s-d+a- C:\Users\T\AppData\Roaming\GHISLER 02-03-2015 ##### r-h-s-d+a- C:\totalcmd Files Modified Last 7 days : 07-03-2015 01971078 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI 07-03-2015 00860420 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat 07-03-2015 00768728 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat 07-03-2015 00187142 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat 07-03-2015 00154844 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat 06-03-2015 00638392 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT 03-03-2015 00295552 r-h-s-d-a- C:\WINDOWS\system32\MpSigStub.exe Files Created Last 7 days : 07-03-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 03-03-2015 06041600 r-h-s-d-a+ C:\WINDOWS\system32\jscript9.dll 03-03-2015 04300800 r-h-s-d-a+ C:\WINDOWS\SysWOW64\jscript9.dll ==================== RUNNING PROCESSES ========================================= [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated) [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD) [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD) [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe) [avgnt] -T- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe - (Avira Operations GmbH & Co. KG) [avguard] -SYSTEM- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe - (Avira Operations GmbH & Co. KG) [avshadow] -SYSTEM- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe - (Avira Operations GmbH & Co. KG) [CCC] -T- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation) [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -T- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [ETDCtrl] -T- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.) [ETDCtrlHelper] -T- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.) [ETDGesture] -T- C:\Program Files\Elantech\ETDGesture.exe - (ELAN Microelectronics Corp.) [ETDService] -SYSTEM- C:\Program Files\Elantech\ETDService.exe - (ELAN Microelectronics Corp.) [explorer] -T- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation) [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.) [HydraDM] -T- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe - (AMD) [HydraDM64] -T- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe - (AMD) [livecomm] -T- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe - (Microsoft Corporation) [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation) [MOM] -T- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - (Advanced Micro Devices Inc.) [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation) [ONENOTEM] -T- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) [PhotosApp] -T- C:\WINDOWS\FileManager\PhotosApp.exe - (Microsoft Corporation) [RuntimeBroker] -T- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation) [sched] -SYSTEM- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe - (Avira Operations GmbH & Co. KG) [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe) [SettingSyncHost] -T- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation) [SkyDrive] -T- C:\Windows\System32\skydrive.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe) [SonicFocusTray] -T- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe - (Virage Logic Corporation / Sonic Focus) [splwow64] -T- C:\WINDOWS\splwow64.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation) [System] -N/A- - (System) [taskeng] -SYSTEM- C:\WINDOWS\system32\taskeng.exe - (Microsoft Corporation) [taskhost] -T- C:\WINDOWS\system32\taskhost.exe - (Microsoft Corporation) [taskhostex] -T- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation) [VSSVC] -SYSTEM- C:\WINDOWS\system32\vssvc.exe - (Microsoft Corporation) [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation) [WmiPrvSE] -SYSTEM- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\WINDOWS\System32\Userinit.exe, Shell = explorer.exe ==================== Firefox =================================================== FF - ProfilePath - C:\Users\T\AppData\Roaming\Mozilla\firefox\Profiles\uawlfi8e.default FF - Ext: [Mp3Olimp widget initial.rev102 ] - extension - jid0-SlJAN1IqVQffaO5onLnWK2zcA1Q@jetpack visible: True active: True FF - Ext: [StartPage Site Search v1.0.0.0 ] - extension - jid0-Ah0CrdmFQuvYtoNKD1ABdh39ysI@jetpack visible: True active: True FF - Ext: [Walnut for Firefox 2.0.30 ] - theme - {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} visible: True active: False FF - Ext: [Default 36.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True FF - PlugIn: [Adobe® Flash® Player 16.0.0.305 Plugin] - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll FF - PlugIn: [Ag Player] - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: n/a GC - Default Search Provider: n/a = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {72853161-30C5-4D22-B7F9-0BBC1D38A37E} HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" SonicMasterTray = C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch RtHDVBg = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled] Logitech Download Assistant = 2 RtHDVBg = 3 RtHDVCpl = 3 Adobe ARM = 2 avgnt = 2 GrooveMonitor = 2 SonicMasterTray = 2 StartCCC = 2 SunJavaUpdateSched = 3 HKCU\Software\Microsoft\Windows\CurrentVersion\Run HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background Startup - C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.3 .lnk Startup - C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia HKCU\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32 => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files (x86)\Java\jre7\bin\ssv.dll => HKCR\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32 {DBC80044-A445-435B-BC74-9C25C1C588A9} = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a] ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe SERV - R2 - [AntiVirSchedulerService] - Avira Planner - c:\program files (x86)\avira\antivir desktop\sched.exe SERV - R2 - [AntiVirService] - Avira Real-Time Protection - c:\program files (x86)\avira\antivir desktop\avguard.exe SERV - R2 - [ETDService] - Elan Service - c:\program files\elantech\etdservice.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S2 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys DRV - R0 - [storahci] - Microsoft Standaard SATA AHCI-stuurprogramma - C:\WINDOWS\system32\Drivers\storahci.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== WOW x64 - All Ok ==================== SvcHost x64 - White Listed ================================ All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\WINDOWS\Tasks ============================= C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 940 bytes [ 3-12-2014 21:24:38 ] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1092 bytes [ 13-11-2014 12:33:42 ] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1096 bytes [ 13-11-2014 12:33:42 ] C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ] ==================== Job tasks at C:\WINDOWS\system32\Tasks ==================== C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 3828 bytes [ 3-12-2014 21:24:38 ] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3832 bytes [ 13-11-2014 12:33:42 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4068 bytes [ 13-11-2014 12:33:42 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3057933925-990916983-583638778-1001 3102 bytes [ 30-11-2014 19:52:50 ] => %localappdata%\Microsoft\OneDrive\OneDrive.exe C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3057933925-990916983-583638778-1001 3596 bytes [ 3-11-2014 13:17:05 ] C:\WINDOWS\system32\Tasks\{B373AC22-4C9D-424C-9165-7CB2C7332F28} 3158 bytes [ 30-11-2014 20:10:59 ] => "c:\program files (x86)\mozilla firefox\firefox.exe" ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at za 7 mrt 2015 17:49 (0 Min 9 Sec ) ========