E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at zo 9 nov 2014 18:18 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Wout . Java x86: 1.6.0_26 Java x64: 1.6.0_22 . AV : Norton Internet Security [Updated - Not Running] AV : BullGuard Antivirus [Updated - Not Running] AS : Norton Internet Security [Updated - Running] AS : BullGuard Antispyware [Updated - Not Running] AS : Windows Defender [Updated - Not Running] FW : FW : Norton Internet Security [Updated - Not Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 09/11/2014 ##### r-h-s-d+a- C:\rsit 09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes 09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner 02/11/2014 ##### r-h-s-d+a- C:\ProgramData\86c09b53-3259-47c2-aea9-9f1c6d6b9b47 Files Modified Last 7 days : 09/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 09/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 09/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt 05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat Files Created Last 7 days : 09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== RUNNING PROCESSES ========================================= [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [daemonu] -UpdatusUser- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe - (NVIDIA Corporation) [Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) [E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev) [igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation) [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.) [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation) [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation) [OFFICEVIRT] -SYSTEM- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe - () [PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [sftlist] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - (Microsoft Corporation) [sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation) [sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe, AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: GC - Default Search Provider: = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO - [BGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL BHO x64 - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files\Java\jre6\bin\jp2ssv.dll BHO x64 - [BGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 x64 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} = ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Downloaded Program Files - DPF ============================ DPF - HKLM - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF - HKLM - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF - HKLM - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab ==================== Protocol Hijackers - PH =================================== PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b] PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc] ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3} EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}= C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe SERV - R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe SERV - R2 - [UNS] - Intel(R) Management & Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [BgRaSvc] - BgRaSvc - c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe SERV - S3 - [BsBhvScan] - BullGuard behavioural detection service - c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe SERV - S3 - [BsScanner] - BullGuard scanning service - c:\program files\bullguard ltd\bullguard\bullguardscanner.exe SERV - S3 - [BsUpdate] - BullGuard update service - c:\program files\bullguard ltd\bullguard\bullguardupdate.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [BsBrowser] - BullGuard antiphishing service - c:\windows\system32\svchost.exe SERV - S3 - [BsFileScan] - BullGuard on-access service - c:\windows\system32\svchost.exe SERV - S3 - [BsMailProxy] - BullGuard e-mail monitoring service - c:\windows\system32\svchost.exe SERV - S3 - [BsMain] - BullGuard main service - c:\windows\system32\svchost.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R0 - [SymEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x] DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [SymDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== All Ok WOW - All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at zo 9 nov 2014 18:19 (1 Min 0 Sec ) ========