E-Peek v 1.9.9.0 ENHANCED 3 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at ma 25 mei 2015 19:44 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Internet Explorer Boot mode: Normal boot User logged in: Hugo van Doorne . Java x86: 1.8 Java x64: n/a . AV : Emsisoft Anti-Malware [Updated - Running] AV : AVG AntiVirus Free Edition 2015 [Updated - Not Running] AS : Emsisoft Anti-Malware [Updated - Running] AS : Windows Defender [Updated - Not Running] AS : AVG AntiVirus Free Edition 2015 [Updated - Not Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 25-05-2015 ##### r-h-s-d+a- C:\Users\Hugo van Doorne\AppData\Local\Temp 25-05-2015 ##### r-h-s-d+a- C:\ProgramData\Emsisoft 25-05-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 25-05-2015 ##### r-h+s+d+a- C:\$RECYCLE.BIN 24-05-2015 ##### r-h-s-d+a- C:\Users\Hugo van Doorne\AppData\Roaming\E Dev 24-05-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services Files Modified Last 7 days : 25-05-2015 00018736 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 25-05-2015 00018736 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 23-05-2015 01670960 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 23-05-2015 00745764 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 23-05-2015 00654270 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 23-05-2015 00153716 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 23-05-2015 00122142 r-h-s-d-a+ C:\Windows\system32\perfc009.dat 23-05-2015 00000052 r-h-s-d-a+ C:\Windows\SysWOW64\DOErrors.log Files Created Last 7 days : 24-05-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== RUNNING PROCESSES ========================================= [a2service] -SYSTEM- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe - (Emsisoft Ltd) [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD) [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD) [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe) [avgui] -Hugo van Doorne- C:\Program Files (x86)\AVG\AVG2015\avgui.exe - (AVG Technologies CZ, s.r.o.) [avgwdsvc] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe - (AVG Technologies CZ, s.r.o.) [BitComet] -Hugo van Doorne- C:\Program Files (x86)\BitComet\BitComet.exe - (www.BitComet.com) [CCleaner64] -Hugo van Doorne- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [ctfmon] -Hugo van Doorne- C:\Windows\SysWOW64\ctfmon.exe - (Microsoft Corporation) [dllhost] -SYSTEM- C:\Windows\system32\DllHost.exe - (Microsoft Corporation) [dwm] -Hugo van Doorne- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -Hugo van Doorne- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [explorer] -Hugo van Doorne- C:\Windows\Explorer.EXE - (Microsoft Corporation) [FlashUtil64_17_0_0_169_ActiveX] -Hugo van Doorne- C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe - (Adobe Systems Incorporated) [hpqtra08] -Hugo van Doorne- C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) [HPSA_Service] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe - (Hewlett-Packard Company) [hpsysdrv] -Hugo van Doorne- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe - (Hewlett-Packard) [hpwuschd2] -Hugo van Doorne- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe - (Hewlett-Packard) [iexplore] -Hugo van Doorne- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Hugo van Doorne- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [jusched] -Hugo van Doorne- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation) [LightScribeControlPanel] -Hugo van Doorne- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe - (Hewlett-Packard Company) [LinksysWirelessManager64] -Hugo van Doorne- C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe - (Linksys, LLC) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [LSSrvc] -SYSTEM- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - (Hewlett-Packard Company) [LVPrcSrv] -SYSTEM- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - (Logitech Inc.) [LVPrS64H] -SYSTEM- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe - (Logitech Inc.) [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation) [nmctxth] -Hugo van Doorne- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe - (Cisco Systems, Inc.) [nmsrvc] -SYSTEM- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe - (Cisco Systems, Inc.) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [serviceManager] -Hugo van Doorne- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe - (Intel Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [System] -N/A- - (System) [taskhost] -Hugo van Doorne- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [TomTomHOMEService] -SYSTEM- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe - (TomTom) [TrustedInstaller] -SYSTEM- C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation) [UMVPFSrv] -SYSTEM- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe - (Logitech Inc.) [Vid] -Hugo van Doorne- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe - (Logitech Inc.) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WLIDSVC] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - (Microsoft Corp.) [WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [XBoxStat] -Hugo van Doorne- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = www.google.com Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = www.google.com Default_Search_URL = www.google.com Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = www.google.com Local Page = C:\Windows\System32\blank.htm Default_Page_URL = www.google.com Default_Search_URL = www.google.com Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{5E301857-0D61-49CA-A583-C3853D01B084} DisplayName = Kelkoo URL = hxxp://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935 HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{692CCB69-997C-45A2-86F2-28D2586C96C4} DisplayName = Yahoo! URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe, Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Browsers present ========================================== Google Chrome IEXPLORE.EXE ==================== Google Chrome ============================================= ==================== Windows Host File ========================================= 127.0.0.1 localhost ::1 localhost ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {0347C33E-8762-4905-BF09-768834316C61} HKCR\CLSID\{0347C33E-8762-4905-BF09-768834316C61} Default = HP Print Enhancer => HKCR\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\InProcServer32 Default = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} Default = Adobe PDF Link Helper => HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32 Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} HKCR\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} Default = BitComet Helper => HKCR\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\InProcServer32 Default = C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} Default = Aanmeldhulp voor Windows Live ID => HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32 Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} HKCR\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} Default = Windows Live Messenger Companion Helper => HKCR\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\InProcServer32 Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} HKCR\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} Default = HP Smart BHO Class => HKCR\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\InProcServer32 Default = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ==================== BHO x64 =================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {9030D464-4C02-4ABF-8ECC-5164760863C6} HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} Default = Windows Live ID Sign-in Helper => HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32 Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY Easybits Recovery = C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe emsisoft anti-malware = "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" HP Software Update = c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe hpsysdrv = c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" NeroFilterCheck = C:\Windows\system32\NeroCheck.exe nmctxth = "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" UpdatePRCShortCut = "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run BitComet = "C:\Program Files (x86)\BitComet\BitComet.exe" /tray CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden Logitech Vid = "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx Linksys Wireless Manager = "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033 XboxStat = "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun HKCU\Software\Microsoft\Windows\CurrentVersion\Run BitComet = "C:\Program Files (x86)\BitComet\BitComet.exe" /tray CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden Logitech Vid = "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\ms-itss CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} => SOFTWARE\Classes\\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll # MD5 [bbff7f0ac61f8a29241bc00b3785ccb0] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\msnim CLSID = {828030A1-22C1-4009-854F-8E305202313F} => SOFTWARE\Classes\\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\InProcServer32 @ Default = File is missing... HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [f70d4a14ab747bac68b559c046d6fbff] ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [a2AntiMalware] - Emsisoft Protection Service - c:\program files (x86)\emsisoft anti-malware\a2service.exe SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe SERV - R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2015\avgwdsvc.exe SERV - R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe SERV - R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files (x86)\common files\lightscribe\lssrvc.exe SERV - R2 - [LVPrcS64] - Process Monitor - c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe SERV - R2 - [nmservice] - Pure Networks Platform Service - c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe SERV - R2 - [UMVPFSrv] - UMVPFSrv - c:\program files (x86)\common files\logishrd\lvmvfm\umvpfsrv.exe SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2015\avgidsagent.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [Autodesk Licensing Service] - Autodesk Licensing Service - c:\program files (x86)\common files\autodesk shared\service\adskscsrv.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe SERV - S3 - [GameConsoleService] - GameConsoleService - c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe SERV - S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - R2 - [TomTomHOMEService] - TomTomHOMEService - c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\Windows\system32\Drivers\AVGIDSHA.sys DRV - R0 - [Avgloga] - AVG Logging Driver - C:\Windows\system32\Drivers\Avgloga.sys DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx64.sys DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx64.sys DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [nvstor64] - nvstor64 - C:\Windows\system32\Drivers\nvstor64.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@hpdevmgmt hpqcxs08 = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [0a3c6aa4a9fc38c20ba4eac2c3351c05] hpqddsvc = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [f3f72a2a86c22610bca5439fa789dd52] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@netsvcs ezSharedSvc = ServiceDll = C:\Windows\System32\ezsvc7.dll [File not exists] ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@HPService HPSLPSVC = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [f37882f128efacefe353e0bae2766909] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@HPZ12 Pml Driver HPZ12 = ServiceDll = C:\Windows\system32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce] Net Driver HPZ12 = ServiceDll = C:\Windows\system32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@LocalServiceAndNoImpersonation Mcx2Svc = ServiceDll = C:\Windows\system32\Mcx2Svc.dll [0be09cd858abf9df6ed259d57a1a1663] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@utcsvc DiagTrack = ServiceDll = C:\Windows\system32\diagtrack.dll [ea8a3e8c674b03cb4afa1d344dbd7bc1] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\Windows\Tasks ============================= C:\Windows\Tasks\Adobe Flash Player Updater.job 940 bytes [ 23-3-2013 12:40:19 ] C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1052 bytes [ 25-3-2011 14:45:08 ] C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1056 bytes [ 25-3-2011 14:45:09 ] C:\Windows\Tasks\PCDRScheduledMaintenance.job 552 bytes [ 28-11-2009 14:13:37 ] C:\Windows\Tasks\SA.DAT 6 bytes [ 14-7-2009 7:08:49 ] C:\Windows\Tasks\SCHEDLGU.TXT 32600 bytes [ 14-7-2009 7:08:49 ] ==================== Job tasks at C:\Windows\system32\Tasks ==================== C:\Windows\system32\Tasks\Adobe Flash Player Updater 3878 bytes [ 23-3-2013 12:40:19 ] => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Tasks\CCleanerSkipUAC 2792 bytes [ 13-9-2014 21:01:32 ] => "C:\Program Files\CCleaner\CCleaner.exe" C:\Windows\system32\Tasks\CreateChoiceProcessTask 3566 bytes [ 29-4-2010 15:32:07 ] => C:\Windows\System32\browserchoice.exe C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3800 bytes [ 25-3-2011 14:45:08 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4052 bytes [ 25-3-2011 14:45:09 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\PCDRScheduledMaintenance 5030 bytes [ 28-11-2009 14:13:37 ] => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe C:\Windows\system32\Tasks\SidebarExecute 3230 bytes [ 21-7-2011 12:04:08 ] => C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\Tasks\User_Feed_Synchronization-{CAF0FE16-3772-4604-B5C9-8D23D88BED9F} 4018 bytes [ 7-5-2015 8:47:40 ] => C:\Windows\system32\msfeedssync.exe C:\Windows\system32\Tasks\{0A3207BA-2A44-4A10-A907-1EDA5B938A26} 2876 bytes [ 10-7-2010 21:53:14 ] => C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\Tasks\{40A19F5F-3D4B-40FB-8974-EB6AA78DF716} 2984 bytes [ 13-12-2009 12:34:57 ] => C:\Program Files (x86)\AutoCAD 2007\acad.exe C:\Windows\system32\Tasks\{5D8FAD56-CFFB-4ACC-8F8C-FB9E750F8C8B} 2984 bytes [ 13-12-2009 12:34:37 ] => C:\Program Files (x86)\AutoCAD 2007\acad.exe C:\Windows\system32\Tasks\{F9AA4596-2F1B-4877-AC43-8E0ABBB74EBE} 3150 bytes [ 25-6-2011 11:53:14 ] => C:\Windows\system32\pcalua.exe ==================== Job tasks at C:\Windows\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at ma 25 mei 2015 19:45 (0 Min 44 Sec ) ======