E-Peek v 1.9.9.0 ENHANCED 3 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at wo 27 mei 2015 19:14 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Firefox 38.0.1 (x86 nl) Boot mode: Normal boot User logged in: Ellen . Java x86: 1.8 Java x64: n/a . AV : McAfee Antivirus en antispyware [Updated - Not Running] AS : Windows Defender [Updated - Not Running] AS : Spybot - Search and Destroy [Updated - Running] AS : McAfee Antivirus en antispyware [Updated - Not Running] FW : FW : McAfee Firewall [Updated - Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 27/05/2015 ##### r-h-s-d+a- C:\Users\Ellen\AppData\Roaming\E Dev 27/05/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services 27/05/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 21/05/2015 ##### r-h-s-d+a- C:\ProgramData\Oracle 21/05/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Java 20/05/2015 ##### r-h-s-d+a- C:\RegBackup 20/05/2015 ##### r-h-s-d+a- C:\Program Files\HitmanPro 20/05/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Mozilla Firefox 20/05/2015 ##### r-h-s-d+a- C:\FRST Files Modified Last 7 days : 27/05/2015 00024608 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 27/05/2015 00024608 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 27/05/2015 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt 21/05/2015 00097888 r-h-s-d-a+ C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 20/05/2015 00007804 r-h-s-d-a+ C:\Windows\system32\.crusader Files Created Last 7 days : 21/05/2015 00097888 r-h-s-d-a+ C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 20/05/2015 00007804 r-h-s-d-a+ C:\Windows\system32\.crusader ==================== RUNNING PROCESSES ========================================= [FlashPlayerPlugin_17_0_0_169] -Ellen- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe - (Adobe Systems, Inc.) [igfxext] -Ellen- C:\Windows\system32\igfxext.exe - (Intel Corporation) [ipoint] -Ellen- C:\Program Files\Microsoft IntelliPoint\ipoint.exe - (Microsoft Corporation) [mcsacore] -SYSTEM- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe - (McAfee, Inc.) [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation) [PsiService_2] -SYSTEM- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.) [SDFSSvc] -SYSTEM- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe - (Safer-Networking Ltd.) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskmgr] -Ellen- C:\Windows\system32\taskmgr.exe - (Microsoft Corporation) [TrustedInstaller] -SYSTEM- C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation) [unsecapp] -Ellen- C:\Windows\system32\wbem\unsecapp.exe - (Microsoft Corporation) [UpdaterService] -SYSTEM- C:\Program Files\Acer\Acer Updater\UpdaterService.exe - (Acer Incorporated) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = about:blank Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar {2318C2B1-4965-11d4-9B18-009027A5CD4F} => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = about:blank Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\Toolbar {2318C2B1-4965-11d4-9B18-009027A5CD4F} => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe, Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Browsers present ========================================== FIREFOX.EXE IEXPLORE.EXE ==================== Firefox =================================================== FF - ProfilePath - C:\Users\Ellen\AppData\Roaming\Mozilla\firefox\Profiles\vd9etfrr.default-1431286248019 FF - Ext: [McAfee WebAdvisor 4.0.0 ] - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [ visible: True # active: False] FF - Ext: [Default 38.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} [ visible: True # active: True] FF - Search: [Amazon.com] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\amazondotcom.xml [ hidden: False] FF - Search: [Bing] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml [ hidden: False] FF - Search: [bol.com] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml [ hidden: False] FF - Search: [DuckDuckGo] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml [ hidden: False] FF - Search: [eBay] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\eBay.xml [ hidden: False] FF - Search: [Google] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml [ hidden: False] FF - Search: [Marktplaats.nl] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml [ hidden: False] FF - Search: [Twitter] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\twitter.xml [ hidden: False] FF - Search: [Wikipedia (nl)] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml [ hidden: False] FF - Search: [Wikipedia (en)] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia.xml [ hidden: False] FF - Search: [Yahoo] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml [ hidden: False] FF - PlugIn: [Adobe® Flash® Player 17.0.0.169 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll FF - PlugIn: [DivX VOD Helper Plug-in] - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll FF - PlugIn: [McAfee Total Protection] - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} Default = Windows Live ID Sign-in Helper => HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32 Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll ==================== BHO x64 =================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {9030D464-4C02-4ABF-8ECC-5164760863C6} HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} Default = Windows Live ID Sign-in Helper => HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32 Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" AgentMonitor = C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" ArcadeMovieService = "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" BackupManagerTray = "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k DivXMediaServer = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe DivXUpdate = "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe LManager = C:\Program Files (x86)\Launch Manager\LManager.exe mcpltui_exe = "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mxomssmenu = "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" Norton Online Backup = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe NUSB3MON = "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" SuiteTray = "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart Google Update = "C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe" /c Spybot-S&D Cleaning = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce FlashPlayerUpdate = C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx HotKeysCmds = C:\Windows\system32\hkcmd.exe IgfxTray = C:\Windows\system32\igfxtray.exe IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" IntelTBRunOnce = wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" Persistence = C:\Windows\system32\igfxpers.exe Power Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe XboxStat = "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun HKCU\Software\Microsoft\Windows\CurrentVersion\Run EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart Google Update = "C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe" /c Spybot-S&D Cleaning = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce FlashPlayerUpdate = C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\dssrequest CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} => SOFTWARE\Classes\\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\InProcServer32 @ Default = Unknown # c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll # MD5 [4f6c34bec9698d2ee345ac9b0b56e10c] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\sacore CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} => SOFTWARE\Classes\\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\InProcServer32 @ Default = Unknown # c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll # MD5 [4f6c34bec9698d2ee345ac9b0b56e10c] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-mfe-ipt CLSID = {3EF5086B-5478-4598-A054-786C45D75692} => SOFTWARE\Classes\\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\InProcServer32 @ Default = c:\PROGRA~2\mcafee\msc\mcsniepl.dll <= Unknown ==================== Protocol Hijackers x64 ==================================== HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} => SOFTWARE\Classes\\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\InProcServer32 @ Default = Unknown # c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll # MD5 [1df0b28c33013ca06e9b67a0fc6f2f4a] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\sacore CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} => SOFTWARE\Classes\\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\InProcServer32 @ Default = Unknown # c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll # MD5 [1df0b28c33013ca06e9b67a0fc6f2f4a] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt CLSID = {3EF5086B-5478-4598-A054-786C45D75692} => SOFTWARE\Classes\\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\InProcServer32 @ Default = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL <= Unknown ==================== Automatic Started DLL's =================================== HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll ==================== Automatic Started DLL's x64 =============================== HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ Default = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} => HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32 @ Default = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [BecHelperService] - BecHelperService - c:\program files (x86)\kpn\mobiel internet software\bechelperservice.exe SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe SERV - R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe SERV - R2 - [ePowerSvc] - ePower Service - c:\program files\acer\acer epower management\epowersvc.exe SERV - R2 - [GREGService] - GREGService - c:\program files (x86)\acer\registration\gregsvc.exe SERV - R2 - [HitmanProScheduler] - HitmanPro Scheduler - c:\program files\hitmanpro\hmpsched.exe SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe SERV - R2 - [Live Updater Service] - Live Updater Service - c:\program files\acer\acer updater\updaterservice.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe SERV - R2 - [McAPExe] - McAfee AP Service - c:\program files\mcafee\msc\mcapexe.exe SERV - R2 - [mccspsvc] - McAfee CSP Service - c:\program files\common files\mcafee\csp\1.3.374.0\mccspservicehost.exe SERV - R2 - [mfecore] - McAfee Anti-Malware Core - c:\program files\common files\mcafee\amcore\mcshield.exe SERV - R2 - [mfefire] - McAfee Firewall Core Service - c:\program files\common files\mcafee\systemcore\\mfefire.exe SERV - R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe SERV - R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe SERV - R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe SERV - R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe SERV - R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe SERV - R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - c:\program files (x86)\common files\egistec\services\egisticketservice.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [McAWFwk] - McAfee Activation Service - c:\progra~1\mcafee\msc\mcawfwk.exe SERV - S3 - [McODS] - McAfee Scanner - c:\program files\mcafee\virusscan\mcods.exe SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [TurboBoost] - Intel(R) Turbo Boost Technology Monitor 2.0 - c:\program files\intel\turboboost\turboboost.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe SERV - S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe *** Win32ShareProcess *** SERV - R2 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - R2 - [HomeNetSvc] - McAfee Home Network - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [McMPFSvc] - McAfee Personal Firewall Service - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [McNaiAnn] - McAfee VirusScan Announcer - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [mcpltsvc] - McAfee Platform Services - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [McProxy] - McAfee Proxy Service - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [MSK80Service] - McAfee Anti-Spam Service - c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [McOobeSv] - McAfee OOBE Service - c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Maxtor Sync Service] - Maxtor Service - c:\program files (x86)\maxtor\sync\syncservices.exe SERV - R2 - [NTI IScheduleSvc] - NTI IScheduleSvc - c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [ServiceLayer] - ServiceLayer - c:\program files (x86)\pc connectivity solution\servicelayer.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mfehidk] - McAfee Inc. mfehidk - C:\Windows\system32\Drivers\mfehidk.sys DRV - R0 - [mfewfpk] - McAfee Inc. mfewfpk - C:\Windows\system32\Drivers\mfewfpk.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==================== SvcHost - White Listed ==================================== WOW x64 - All Ok ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@LocalServiceAndNoImpersonation Mcx2Svc = ServiceDll = C:\Windows\system32\Mcx2Svc.dll [0be09cd858abf9df6ed259d57a1a1663] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@utcsvc DiagTrack = ServiceDll = C:\Windows\system32\diagtrack.dll [ea8a3e8c674b03cb4afa1d344dbd7bc1] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\Windows\Tasks ============================= C:\Windows\Tasks\Adobe Flash Player Updater.job 940 bytes [ 31/03/2012 22:39:56 ] C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1052 bytes [ 14/12/2011 10:07:29 ] C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1056 bytes [ 14/12/2011 10:07:29 ] C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001Core.job 1014 bytes [ 19/12/2013 20:16:58 ] C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001Core1d090c12f6414dd.job 1014 bytes [ 17/05/2015 18:47:39 ] C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001UA1cf30c418896b74.job 1066 bytes [ 23/02/2014 19:21:40 ] C:\Windows\Tasks\Norton Security Scan for Ellen.job 406 bytes [ 16/01/2012 18:06:24 ] C:\Windows\Tasks\SA.DAT 6 bytes [ 14/07/2009 7:08:49 ] C:\Windows\Tasks\SCHEDLGU.TXT 32610 bytes [ 14/07/2009 7:08:49 ] ==================== Job tasks at C:\Windows\system32\Tasks ==================== C:\Windows\system32\Tasks\Adobe ARM 2732 bytes [ 12/08/2011 10:53:57 ] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Windows\system32\Tasks\Adobe Flash Player Updater 3878 bytes [ 31/03/2012 22:39:56 ] => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\system32\Tasks\Adobe Reader Speed Launcher 2730 bytes [ 12/08/2011 10:53:57 ] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" C:\Windows\system32\Tasks\clear.fi 3418 bytes [ 17/09/2011 8:19:54 ] => "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" C:\Windows\system32\Tasks\clear.fiAgent 3348 bytes [ 17/09/2011 8:19:54 ] => "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" C:\Windows\system32\Tasks\DMREngine 3366 bytes [ 17/09/2011 8:19:55 ] => "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" C:\Windows\system32\Tasks\EgisUpdate 3340 bytes [ 12/08/2011 10:51:19 ] => "C:\Program Files\EgisTec IPS\EgisUpdate.exe" C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3800 bytes [ 14/12/2011 10:07:29 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4052 bytes [ 14/12/2011 10:07:29 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001Core 3640 bytes [ 19/12/2013 20:16:58 ] => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001Core1d090c12f6414dd 3640 bytes [ 17/05/2015 18:47:39 ] => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-889363557-2036165539-3501339599-1001UA1cf30c418896b74 4036 bytes [ 23/02/2014 19:21:40 ] => C:\Users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_IPoint_exe 3040 bytes [ 5/11/2011 15:35:13 ] => C:\Program Files\Microsoft IntelliPoint\IPoint.exe C:\Windows\system32\Tasks\Norton Security Scan for Ellen 3572 bytes [ 16/01/2012 18:06:24 ] => C:\PROGRA~2\NORTON~2\Engine\361~1.11\Nss.exe C:\Windows\system32\Tasks\PMMUpdate 3272 bytes [ 12/08/2011 10:51:20 ] => "C:\Program Files\EgisTec IPS\PMMUpdate.exe" C:\Windows\system32\Tasks\{04723BCD-A704-4DA8-902A-B9FCA297C818} 2894 bytes [ 20/11/2011 15:37:56 ] => D:\null.exe C:\Windows\system32\Tasks\{13FD9912-B0E7-4B8D-8E38-E26D92B29222} 2898 bytes [ 31/03/2012 17:30:54 ] => D:\Setup.exe C:\Windows\system32\Tasks\{15B64F3A-3C51-41AD-A48A-47389ABBEB11} 2894 bytes [ 20/11/2011 15:39:48 ] => D:\null.exe C:\Windows\system32\Tasks\{1BDF09E0-593A-4A91-99CE-9124C928EEFF} 2998 bytes [ 11/08/2013 19:44:33 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{2A6C7684-58E5-4FA6-AEC5-DB1C7DC7245F} 3050 bytes [ 27/11/2014 20:35:24 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{2DCA050C-F515-4036-A958-1974A77B13C7} 2998 bytes [ 11/08/2013 19:46:06 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{4A2720A3-9E22-439E-92EC-A2862A4D16FB} 2998 bytes [ 11/08/2013 19:43:08 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{54238986-0ED6-4026-BF11-3BEB8ED817DF} 2974 bytes [ 18/12/2013 18:38:44 ] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\Tasks\{5CD0E584-6F75-40B4-911B-784DE8C74B3D} 2998 bytes [ 11/08/2013 19:45:56 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{5FD999AE-5362-4F2F-B55E-D0A94892944D} 2894 bytes [ 20/11/2011 15:40:13 ] => D:\null.exe C:\Windows\system32\Tasks\{6B2B115C-A67B-451B-AD23-3372CF7E600C} 3052 bytes [ 14/09/2013 14:20:31 ] => C:\Program Files (x86)\Mindscape\Robbie Konijn Kleuter Buitelen in ballonstad!\TLCRUN.EXE C:\Windows\system32\Tasks\{7079E755-01FC-43B6-A14D-8E5A89253484} 3028 bytes [ 31/03/2012 17:39:59 ] => C:\Program Files (x86)\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\Windows\system32\Tasks\{7F49821B-EB17-4560-BF97-E62AAA312C29} 2898 bytes [ 31/03/2012 17:14:08 ] => D:\Setup.exe C:\Windows\system32\Tasks\{86E4FB26-6148-4B5E-A9B7-A96501050682} 2998 bytes [ 10/08/2013 20:06:55 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{8B28DA43-F1EF-47A6-AD6A-34BEC9F0C704} 2998 bytes [ 14/08/2013 14:52:30 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{98CB24B7-1F3D-4D09-8276-2B12AB45E6AD} 3028 bytes [ 31/03/2012 17:39:09 ] => C:\Program Files (x86)\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\Windows\system32\Tasks\{A9D653F9-4E69-4828-A9B6-F7C06E96F92E} 3152 bytes [ 29/08/2013 12:18:56 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{AFD7A244-5D38-455D-B1FF-BF9D766959CB} 2998 bytes [ 10/08/2013 20:08:16 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{C472E4F2-F22B-4568-8F08-9CF73D74DB75} 2894 bytes [ 20/11/2011 15:37:51 ] => D:\null.exe C:\Windows\system32\Tasks\{D43CBB7D-897B-40CD-8DB2-A517F37B6ACC} 2998 bytes [ 10/08/2013 20:08:10 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{DB566621-20DD-4DD7-A0FD-716A60556D15} 2998 bytes [ 11/08/2013 19:46:49 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{E0B74425-B6B5-4298-A082-FB565BE084C4} 2998 bytes [ 11/08/2013 19:45:25 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{F24A48A7-B3CA-4BC2-84D0-230DC60C2A69} 2998 bytes [ 10/08/2013 20:08:45 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{F29A516C-95F3-458A-A0C7-7356BB4756C8} 2998 bytes [ 11/08/2013 19:44:23 ] => C:\Program Files (x86)\Nobilis\The Secrets of Da Vinci\SDV.exe C:\Windows\system32\Tasks\{F2D8CA20-BDA9-4F6B-ADD9-946F1792B701} 3116 bytes [ 27/06/2013 10:29:27 ] => C:\Windows\system32\pcalua.exe C:\Windows\system32\Tasks\{F550CC36-5AC3-4062-B4FC-998C715ACFB0} 3052 bytes [ 14/09/2013 14:20:25 ] => C:\Program Files (x86)\Mindscape\Robbie Konijn Kleuter Buitelen in ballonstad!\TLCRUN.EXE ==================== Job tasks at C:\Windows\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at wo 27 mei 2015 19:14 (0 Min 33 Sec ) ======