E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at za 14 mrt 2015 18:13 . Windows 8.1 (64 bits) C:\WINDOWS [NTFS - Fixed] Default Browser: Internet Explorer Boot mode: Normal boot User logged in: Jonas . Java x86: n/a Java x64: n/a . AV : Windows Defender [Updated - Not Running] AV : Norton Internet Security [Updated - Not Running] AS : Norton Internet Security [Updated - Running] AS : Windows Defender [Updated - Not Running] FW : FW : Norton Internet Security [Updated - Not Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 14/03/2015 ##### r-h-s-d+a- C:\Users\Jonas\AppData\Roaming\E Dev 14/03/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 13/03/2015 ##### r-h-s-d+a- C:\zoek_backup Files Modified Last 7 days : 13/03/2015 01823174 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI 13/03/2015 00806704 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat 13/03/2015 00722476 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat 13/03/2015 00493720 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT 13/03/2015 00162170 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat 13/03/2015 00135592 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat 13/03/2015 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp 11/03/2015 122905848 r-h-s-d-a+ C:\WINDOWS\system32\MRT.exe Files Created Last 7 days : 13/03/2015 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp 11/03/2015 25021440 r-h-s-d-a+ C:\WINDOWS\system32\mshtml.dll 11/03/2015 22291584 r-h-s-d-a+ C:\WINDOWS\system32\shell32.dll 11/03/2015 19731824 r-h-s-d-a+ C:\WINDOWS\SysWOW64\shell32.dll 11/03/2015 19720192 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtml.dll 11/03/2015 14398976 r-h-s-d-a+ C:\WINDOWS\system32\ieframe.dll 11/03/2015 12827648 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieframe.dll 11/03/2015 07472960 r-h-s-d-a+ C:\WINDOWS\system32\ntoskrnl.exe 11/03/2015 06035456 r-h-s-d-a+ C:\WINDOWS\system32\jscript9.dll 11/03/2015 04300288 r-h-s-d-a+ C:\WINDOWS\SysWOW64\jscript9.dll 11/03/2015 04298240 r-h-s-d-a+ C:\WINDOWS\system32\D3DCompiler_47.dll 11/03/2015 04178944 r-h-s-d-a+ C:\WINDOWS\system32\win32k.sys 11/03/2015 03551744 r-h-s-d-a+ C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 11/03/2015 03547648 r-h-s-d-a+ C:\WINDOWS\system32\rdpcorets.dll 11/03/2015 03097600 r-h-s-d-a+ C:\WINDOWS\system32\msftedit.dll 11/03/2015 02886144 r-h-s-d-a+ C:\WINDOWS\system32\iertutil.dll 11/03/2015 02865152 r-h-s-d-a+ C:\WINDOWS\system32\actxprxy.dll 11/03/2015 02773504 r-h-s-d-a+ C:\WINDOWS\system32\authui.dll 11/03/2015 02484224 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msftedit.dll 11/03/2015 02459136 r-h-s-d-a+ C:\WINDOWS\SysWOW64\authui.dll 11/03/2015 02358784 r-h-s-d-a+ C:\WINDOWS\system32\wininet.dll 11/03/2015 02278400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iertutil.dll 11/03/2015 02257408 r-h-s-d-a+ C:\WINDOWS\system32\dwmcore.dll 11/03/2015 02207488 r-h-s-d-a+ C:\WINDOWS\SysWOW64\explorer.exe 11/03/2015 02125824 r-h-s-d-a+ C:\WINDOWS\system32\inetcpl.cpl 11/03/2015 02052608 r-h-s-d-a+ C:\WINDOWS\SysWOW64\inetcpl.cpl 11/03/2015 01943040 r-h-s-d-a+ C:\WINDOWS\SysWOW64\dwmcore.dll 11/03/2015 01888256 r-h-s-d-a+ C:\WINDOWS\SysWOW64\wininet.dll 11/03/2015 01763352 r-h-s-d-a+ C:\WINDOWS\system32\WindowsCodecs.dll 11/03/2015 01733440 r-h-s-d-a+ C:\WINDOWS\system32\ntdll.dll 11/03/2015 01548288 r-h-s-d-a+ C:\WINDOWS\system32\urlmon.dll 11/03/2015 01498360 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ntdll.dll 11/03/2015 01488896 r-h-s-d-a+ C:\WINDOWS\system32\mfc42u.dll 11/03/2015 01488040 r-h-s-d-a+ C:\WINDOWS\SysWOW64\WindowsCodecs.dll 11/03/2015 01464832 r-h-s-d-a+ C:\WINDOWS\system32\mfc42.dll 11/03/2015 01384712 r-h-s-d-a+ C:\WINDOWS\system32\msctf.dll 11/03/2015 01311232 r-h-s-d-a+ C:\WINDOWS\SysWOW64\urlmon.dll 11/03/2015 01230336 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mfc42u.dll 11/03/2015 01204224 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mfc42.dll 11/03/2015 01123848 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msctf.dll 11/03/2015 01091072 r-h-s-d-a+ C:\WINDOWS\system32\localspl.dll 11/03/2015 01090048 r-h-s-d-a+ C:\WINDOWS\system32\MrmCoreR.dll 11/03/2015 01032704 r-h-s-d-a+ C:\WINDOWS\system32\inetcomm.dll 11/03/2015 00971776 r-h-s-d-a+ C:\WINDOWS\system32\WSShared.dll 11/03/2015 00933888 r-h-s-d-a+ C:\WINDOWS\system32\calc.exe 11/03/2015 00880128 r-h-s-d-a+ C:\WINDOWS\SysWOW64\inetcomm.dll 11/03/2015 00864256 r-h-s-d-a+ C:\WINDOWS\system32\win32spl.dll 11/03/2015 00816128 r-h-s-d-a+ C:\WINDOWS\SysWOW64\calc.exe 11/03/2015 00816128 r-h-s-d-a+ C:\WINDOWS\system32\jscript.dll 11/03/2015 00814080 r-h-s-d-a+ C:\WINDOWS\system32\jscript9diag.dll 11/03/2015 00811008 r-h-s-d-a+ C:\WINDOWS\SysWOW64\WSShared.dll 11/03/2015 00801280 r-h-s-d-a+ C:\WINDOWS\system32\msfeeds.dll 11/03/2015 00800768 r-h-s-d-a+ C:\WINDOWS\system32\ieapfltr.dll 11/03/2015 00791040 r-h-s-d-a+ C:\WINDOWS\SysWOW64\MrmCoreR.dll 11/03/2015 00723072 r-h-s-d-a+ C:\WINDOWS\system32\SHCore.dll 11/03/2015 00710144 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieapfltr.dll 11/03/2015 00689152 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msfeeds.dll 11/03/2015 00664064 r-h-s-d-a+ C:\WINDOWS\SysWOW64\jscript.dll 11/03/2015 00584192 r-h-s-d-a+ C:\WINDOWS\system32\vbscript.dll 11/03/2015 00560392 r-h-s-d-a+ C:\WINDOWS\SysWOW64\SHCore.dll 11/03/2015 00503296 r-h-s-d-a+ C:\WINDOWS\SysWOW64\vbscript.dll 11/03/2015 00430080 r-h-s-d-a+ C:\WINDOWS\system32\schannel.dll 11/03/2015 00402432 r-h-s-d-a+ C:\WINDOWS\system32\WMPhoto.dll 11/03/2015 00396419 r-h-s-d-a+ C:\WINDOWS\system32\ApnDatabase.xml 11/03/2015 00374272 r-h-s-d-a+ C:\WINDOWS\system32\iedkcs32.dll 11/03/2015 00358912 r-h-s-d-a+ C:\WINDOWS\SysWOW64\schannel.dll 11/03/2015 00358912 r-h-s-d-a+ C:\WINDOWS\system32\atmfd.dll 11/03/2015 00357376 r-h-s-d-a+ C:\WINDOWS\SysWOW64\WMPhoto.dll 11/03/2015 00347136 r-h-s-d-a+ C:\WINDOWS\system32\photowiz.dll 11/03/2015 00346112 r-h-s-d-a+ C:\WINDOWS\system32\eappcfg.dll 11/03/2015 00339456 r-h-s-d-a+ C:\WINDOWS\system32\eapphost.dll 11/03/2015 00331776 r-h-s-d-a+ C:\WINDOWS\system32\eapp3hst.dll 11/03/2015 00316928 r-h-s-d-a+ C:\WINDOWS\system32\dxtrans.dll 11/03/2015 00301056 r-h-s-d-a+ C:\WINDOWS\SysWOW64\atmfd.dll 11/03/2015 00290816 r-h-s-d-a+ C:\WINDOWS\SysWOW64\photowiz.dll 11/03/2015 00285696 r-h-s-d-a+ C:\WINDOWS\SysWOW64\dxtrans.dll 11/03/2015 00278016 r-h-s-d-a+ C:\WINDOWS\SysWOW64\eappcfg.dll 11/03/2015 00274944 r-h-s-d-a+ C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 11/03/2015 00266752 r-h-s-d-a+ C:\WINDOWS\SysWOW64\eapphost.dll 11/03/2015 00262144 r-h-s-d-a+ C:\WINDOWS\system32\webcheck.dll 11/03/2015 00250880 r-h-s-d-a+ C:\WINDOWS\SysWOW64\eapp3hst.dll 11/03/2015 00230400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\webcheck.dll 11/03/2015 00210944 r-h-s-d-a+ C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 11/03/2015 00203264 r-h-s-d-a+ C:\WINDOWS\system32\ubpm.dll 11/03/2015 00145408 r-h-s-d-a+ C:\WINDOWS\system32\iepeers.dll 11/03/2015 00131584 r-h-s-d-a+ C:\WINDOWS\system32\rdpudd.dll 11/03/2015 00128000 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iepeers.dll 11/03/2015 00102912 r-h-s-d-a+ C:\WINDOWS\system32\eappgnui.dll 11/03/2015 00092160 r-h-s-d-a+ C:\WINDOWS\system32\mshtmled.dll 11/03/2015 00091648 r-h-s-d-a+ C:\WINDOWS\SysWOW64\eappgnui.dll 11/03/2015 00088064 r-h-s-d-a+ C:\WINDOWS\system32\MshtmlDac.dll 11/03/2015 00076288 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtmled.dll 11/03/2015 00075264 r-h-s-d-a+ C:\WINDOWS\system32\StorageContextHandler.dll 11/03/2015 00064000 r-h-s-d-a+ C:\WINDOWS\SysWOW64\MshtmlDac.dll 11/03/2015 00060928 r-h-s-d-a+ C:\WINDOWS\SysWOW64\StorageContextHandler.dll 11/03/2015 00046456 r-h-s-d-a+ C:\WINDOWS\system32\LockScreenContentServer.exe 11/03/2015 00044032 r-h-s-d-a+ C:\WINDOWS\system32\atmlib.dll 11/03/2015 00035840 r-h-s-d-a+ C:\WINDOWS\SysWOW64\atmlib.dll 11/03/2015 00035840 r-h-s-d-a+ C:\WINDOWS\SysWOW64\atlthunk.dll 11/03/2015 00014848 r-h-s-d-a+ C:\WINDOWS\system32\winshfhc.dll 11/03/2015 00012800 r-h-s-d-a+ C:\WINDOWS\SysWOW64\winshfhc.dll ==================== RUNNING PROCESSES ========================================= [AcroRd32] -Jonas- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - (Adobe Systems Incorporated) [AcroRd32] -Jonas- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - (Adobe Systems Incorporated) [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.) [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated) [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe) [AVControlCenter32] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe - (Lenovo Corporation) [avfaudiosw] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe - (Lenovo Corporation) [BrcmSetSecurity] -SYSTEM- C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe - (Intel) [BTHSAmpPalService] -SYSTEM- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe - (Intel Corporation) [BTHSSecurityMgr] -SYSTEM- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe - (Intel(R) Corporation) [cammute] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\cammute.exe - (Lenovo Corporation) [CAudioFilterAgent64] -Jonas- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.) [CLMLSvc] -Jonas- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe - (CyberLink) [concentr] -Jonas- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe - (Citrix Systems, Inc.) [conhost] -Jonas- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -Jonas- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -Jonas- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -Jonas- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -SYSTEM- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -SYSTEM- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -SYSTEM- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe) [CxAudMsg64] -SYSTEM- C:\windows\system32\CxAudMsg64.exe - (Conexant Systems Inc.) [daemonu] -UpdatusUser- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - (NVIDIA Corporation) [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation) [devmonsrv] -SYSTEM- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe - (Motorola Solutions, Inc.) [dllhost] -Jonas- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation) [dllhost] -Jonas- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation) [Dropbox] -Jonas- C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -Jonas- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [EvtEng] -SYSTEM- C:\Program Files\Intel\WiFi\bin\EvtEng.exe - (Intel(R) Corporation) [explorer] -Jonas- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation) [ExpressCache] -SYSTEM- C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe - (Condusiv Technologies) [extapsup] -Jonas- C:\Program Files\Lenovo\HOTKEY\extapsup.exe - (Lenovo Group Limited) [FBConsole] -Jonas- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe - (Lenovo) [FBService] -SYSTEM- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe - (Lenovo) [FlashUtil_ActiveX] -Jonas- C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe - (Adobe Systems Incorporated) [fmapp] -Jonas- C:\Program Files\CONEXANT\ForteConfig\fmapp.exe - () [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation) [HostAppService] -Jonas- C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppService.exe - (Pokki) [HostAppService] -Jonas- C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppService.exe - (Pokki) [HostAppServiceUpdater] -Jonas- C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe - (Pokki) [ibmpmsvc] -SYSTEM- C:\WINDOWS\system32\ibmpmsvc.exe - (Lenovo.) [ibtrksrv] -SYSTEM- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe - (Intel Corporation) [iexplore] -Jonas- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Jonas- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation) [iexplore] -Jonas- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation) [igfxCUIService] -SYSTEM- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation) [igfxEM] -Jonas- C:\WINDOWS\system32\igfxEM.exe - (Intel Corporation) [igfxHK] -Jonas- C:\WINDOWS\system32\igfxHK.exe - (Intel Corporation) [igfxTray] -Jonas- C:\WINDOWS\system32\igfxTray.exe - () [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.) [iSCTAgent] -SYSTEM- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe - () [iTunesHelper] -Jonas- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.) [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation) [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation) [loctaskmgr] -SYSTEM- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe - () [lpdagent] -Jonas- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe - () [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation) [lvvsst] -SYSTEM- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe - (Lenovo Group Limited) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [micmute] -SYSTEM- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe - (Lenovo Group Limited) [MobileHotspotclient] -Jonas- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe - (Lenovo) [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation) [nis] -Jonas- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [NitroPDFDriverService8x64] -SYSTEM- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe - (Nitro PDF Software) [NLSSRV32] -SYSTEM- C:\windows\SysWOW64\NLSSRV32.EXE - (Nalpeiron Ltd.) [nvvsvc] -SYSTEM- C:\WINDOWS\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\WINDOWS\system32\nvvsvc.exe - (NVIDIA Corporation) [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation) [obexsrv] -SYSTEM- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe - (Motorola Solutions, Inc.) [PDVD10Serv] -Jonas- C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe - (CyberLink Corp.) [PresentationFontCache] -LOCAL SERVICE- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation) [PWMDBSVC] -SYSTEM- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE - (Lenovo) [QuickControl] -Jonas- C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe - (Lenovo Group Limited) [QuickControlInput] -SYSTEM- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe - (Lenovo Group Limited) [QuickControlInput] -SYSTEM- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe - (Lenovo Group Limited) [QuickControlMasterSvc] -SYSTEM- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe - (Lenovo Group Limited) [QuickControlService] -SYSTEM- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe - (Lenovo Group Limited) [QuickSnipInput] -Jonas- C:\Program Files\lenovo\QuickSnipService\QuickSnipInput.exe - (Lenovo) [QuickSnipService] -SYSTEM- C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe - (LENOVO INCORPORATED.) [Receiver] -Jonas- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe - (Citrix Systems, Inc.) [redirector] -Jonas- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe - (Citrix Systems, Inc.) [RegSrvc] -SYSTEM- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - (Intel(R) Corporation) [RtsCM64] -Jonas- C:\Windows\RtsCM64.exe - (Realtek Semiconductor Corp.) [rundll32] -Jonas- C:\Windows\System32\rundll32.exe - (Microsoft Corporation) [rundll32] -Jonas- C:\WINDOWS\system32\rundll32.exe - (Microsoft Corporation) [rundll32] -SYSTEM- C:\windows\system32\rundll32.exe - (Microsoft Corporation) [RuntimeBroker] -Jonas- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation) [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation) [SelfServicePlugin] -Jonas- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe - (Citrix Systems, Inc.) [SensorDBSynch] -Jonas- C:\Program Files\Synaptics\SynFp\Shared\SensorDBSynch.exe - (Synaptics Incorporated) [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe) [SettingsService] -SYSTEM- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe - (Lenovo Group Limited) [SettingSyncHost] -Jonas- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation) [shtctky] -SYSTEM- C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE - (Lenovo Group Limited) [SkyDrive] -Jonas- C:\Windows\System32\skydrive.exe - (Microsoft Corporation) [Skype] -Jonas- C:\Program Files (x86)\Skype\Phone\Skype.exe - (Skype Technologies S.A.) [SkypeC2CAutoUpdateSvc] -SYSTEM- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe - (Microsoft Corporation) [SkypeC2CPNRSvc] -NETWORK SERVICE- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe) [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation) [StartMenuIndexer] -Jonas- C:\Users\Jonas\AppData\Local\Pokki\Engine\StartMenuIndexer.exe - (Pokki) [SwipeMonitor] -Jonas- C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe - (Validity Sensors, Inc.) [SynTPEnh] -Jonas- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated) [SynTPHelper] -Jonas- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated) [SynTPLpr] -Jonas- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - (Synaptics Incorporated) [System] -N/A- - (System) [SystemAgentService] -SYSTEM- C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe - (LENOVO INCORPORATED.) [SystemSettings] -Jonas- C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe - (Microsoft Corporation) [taskhostex] -Jonas- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation) [TeamViewer] -Jonas- C:\Program Files (x86)\TeamViewer\TeamViewer.exe - (TeamViewer GmbH) [TeamViewer_Service] -SYSTEM- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe - (TeamViewer GmbH) [tphkload] -SYSTEM- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe - (Lenovo Group Limited) [tpknrres] -Jonas- C:\Program Files\Lenovo\Communications Utility\tpknrres.exe - (Lenovo Corporation) [tpknrsvc] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe - (Lenovo Group Limited) [tpnumlkd] -SYSTEM- C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe - (Lenovo Group Limited) [tposd] -SYSTEM- C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE - (Lenovo Group Limited) [TpShocks] -Jonas- C:\Windows\System32\TpShocks.exe - (Lenovo.) [tv_w32] -SYSTEM- C:\Program Files (x86)\TeamViewer\tv_w32.exe - (TeamViewer GmbH) [tv_x64] -SYSTEM- C:\Program Files (x86)\TeamViewer\tv_x64.exe - (TeamViewer GmbH) [unsecapp] -Jonas- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation) [unsecapp] -SYSTEM- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation) [ValBioService] -SYSTEM- C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe - (Validity Sensors, Inc.) [valWBFPolicyService] -SYSTEM- C:\WINDOWS\system32\valWBFPolicyService.exe - (Synaptics Incorporated) [valWbioSyncSvc] -SYSTEM- C:\WINDOWS\system32\valWbioSyncSvc.exe - (Synaptics Incorporated) [vcamsvc] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe - (Lenovo Corporation) [vcamsvchlpr] -SYSTEM- C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe - (Lenovo Corporation) [virtscrl] -SYSTEM- C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe - (Lenovo Group Limited) [wfcrun32] -Jonas- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe - (Citrix Systems, Inc.) [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation) [WINWORD] -Jonas- C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - (Microsoft Corporation) [WINWORD] -Jonas- C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - (Microsoft Corporation) [wlanext] -SYSTEM- C:\WINDOWS\system32\WLANExt.exe - (Microsoft Corporation) [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WmiPrvSE] -SYSTEM- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation) [WWAHost] -Jonas- C:\Windows\System32\WWAHost.exe - (Microsoft Corporation) [ZeroConfigService] -SYSTEM- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe - (Intel® Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {C122F81C-F81C-42E1-AF73-8E6458909466} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C122F81C-F81C-42E1-AF73-8E6458909466} DisplayName = Bing URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar {2318C2B1-4965-11d4-9B18-009027A5CD4F} => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InProcServer32 DefaultC:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {C122F81C-F81C-42E1-AF73-8E6458909466} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{C122F81C-F81C-42E1-AF73-8E6458909466} DisplayName = Bing URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB HKLM\Software\Microsoft\Internet Explorer\Toolbar {2318C2B1-4965-11d4-9B18-009027A5CD4F} => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InProcServer32 DefaultC:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: n/a GC - Default Search Provider: n/a = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Lync Browser Helper => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Default = Norton Identity Protection => HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InProcServer32 Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Default = Skype Click to Call for Internet Explorer => HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\InProcServer32 Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL ==================== BHO x64 =================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Lync Browser Helper => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Default = Norton Identity Protection => HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InProcServer32 Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Default = Skype Click to Call for Internet Explorer => HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\InProcServer32 Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" CitrixReceiver = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup Fastboot = "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis IMSS = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" Redirector = "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Pokki = "C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce Application Restart #1 = C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Jonas\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx BTMTrayAgent = rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe ForteConfig = C:\Program Files\Conexant\ForteConfig\fmapp.exe HotKeysCmds = "C:\windows\system32\hkcmd.exe" IgfxTray = "C:\windows\system32\igfxtray.exe" LENOVO.TPKNRRES = rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub LenovoOptMouseUpdate = C:\Program Files\Lenovo\HOTKEY\extapsup.exe LnvMobHotspotClient = C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe Persistence = "C:\windows\system32\igfxpers.exe" RtsCM = RTSCM64.EXE SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe TpShocks = TpShocks.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled] RtsCM = 4 SynTPEnh = 4 HKCU\Software\Microsoft\Windows\CurrentVersion\Run Pokki = "C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Application Restart #1 = C:\Users\Jonas\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Jonas\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session Startup - C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\skypec2c CLSID = {91774881-D725-4E58-B298-07617B9B86A8} => SOFTWARE\Classes\\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll # MD5 [c89f814492178585da89f452ce19b720] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=euc-jp CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=MS936 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=MS949 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=MS950 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica; charset=UTF8 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=euc-jp CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=MS936 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=MS949 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=MS950 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\application/x-ica;charset=UTF8 CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\ica CLSID = {CFB6322E-CC85-4d1b-82C7-893888A236BC} => SOFTWARE\Classes\\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}\InProcServer32 @ Default = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml CLSID = {807583E5-5146-11D5-A672-00B0D022E945} => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown ==================== Protocol Hijackers x64 ==================================== HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c CLSID = {91774881-D725-4E58-B298-07617B9B86A8} => SOFTWARE\Classes\\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll # MD5 [b15862b3db1f5396fd3cb27ed584b681] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml CLSID = {807583E5-5146-11D5-A672-00B0D022E945} => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown ==================== Automatic Started DLL's =================================== HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll ==================== Automatic Started DLL's x64 =============================== HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe SERV - R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [AVControlCenter] - AVControlCenter - c:\program files\lenovo\communications utility\avcontrolcenter32.exe SERV - R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe SERV - R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [BrcmSetSecurity] - BrcmSetSecurity - c:\program files\intel corporation\intel widi\brcmsetsecurity.exe SERV - R2 - [BTHSSecurityMgr] - Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe SERV - R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe SERV - R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe SERV - R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe SERV - R2 - [ExpressCache] - ExpressCache - c:\program files\condusiv technologies\expresscache\expresscache.exe SERV - R2 - [FastbootService] - FastbootService - c:\program files (x86)\lenovo\rapidboot hdd accelerator\fbservice.exe SERV - R2 - [IBMPMSVC] - Lenovo PM Service - c:\windows\system32\ibmpmsvc.exe SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe SERV - R2 - [Intel(R) Wireless Bluetooth(R) 4.0 Radio Management] - Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe SERV - R2 - [ISCTAgent] - Intel(R) Smart Connect Technology Agent - c:\program files\intel\intel(r) smart connect technology agent\isctagent.exe SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe SERV - R2 - [Lenovo QuickSnip Service] - Lenovo QuickSnip Service - c:\program files\lenovo\quicksnipservice\quicksnipservice.exe SERV - R2 - [Lenovo Settings Service] - Lenovo Settings Service - c:\program files\lenovo\settingsdependency\settingsservice.exe SERV - R2 - [Lenovo System Agent Service] - Lenovo System Agent Service - c:\program files\lenovo\systemagent\systemagentservice.exe SERV - R2 - [LENOVO.MICMUTE] - Lenovo Microphone Mute - c:\program files\lenovo\hotkey\micmute.exe SERV - R2 - [Lenovo.VIRTSCRLSVC] - Lenovo Auto Scroll - c:\program files\lenovo\virtscrl\lvvsst.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [LocationTaskManager] - LocationTaskManager - c:\program files (x86)\lenovo\locationaware\loctaskmgr.exe SERV - R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe SERV - R2 - [QuickControlMasterSvc] - Lenovo QuickControl Master Service - c:\program files (x86)\lenovo\quickcontrol\quickcontrolmastersvc.exe SERV - R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe SERV - R2 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe SERV - R2 - [TPHKLOAD] - Lenovo Hotkey Client Loader - c:\program files\lenovo\hotkey\tphkload.exe SERV - R2 - [ValBioService] - ValBioService - c:\program files\lenovo fingerprint reader\valbioservice.exe SERV - R2 - [valWBFPolicyService] - Synaptics FP WBF Policy Service - c:\windows\system32\valwbfpolicyservice.exe SERV - R2 - [valWbioSyncSvc] - BiometricSensorDataSynchronization - c:\windows\system32\valwbiosyncsvc.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R2 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [LENOVO.CAMMUTE] - Lenovo AVFramework Camera Privacy Controller - c:\program files\lenovo\communications utility\cammute.exe SERV - R3 - [LENOVO.TPKNRSVC] - Lenovo AVFramework Microphone Volume Controller and Dolby Interface - c:\program files\lenovo\communications utility\tpknrsvc.exe SERV - R3 - [LENOVO.TVTVCAM] - Lenovo AVFramework Virtual Camera Controller Service - c:\program files\lenovo\communications utility\vcamsvc.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [Power Manager DBC Service] - Lenovo Settings Power Service - c:\program files (x86)\thinkpad\utilities\pwmdbsvc.exe SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe SERV - S3 - [intelsba] - Intel(R) Small Business Advantage - c:\program files\intel\intel(r) small business advantage\service\intel.smallbusinessadvantage.windowsservice.exe SERV - S3 - [LnvHotSpotSvc] - Lenovo Settings Mobile Hotspot Service - c:\program files\lenovo\lenovo mobile hotspot\lnvhotspotsvc.exe SERV - S3 - [LSCWinService] - LSCWinService - c:\program files\lenovo\lenovo solution center\app\lscwinservice.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [SUService] - System Update - c:\program files (x86)\lenovo\system update\suservice.exe SERV - S3 - [TPHDEXLGSVC] - ThinkPad HDD APS Logging Service - system32\tphdexlg64.exe [x] SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe *** Win32ShareProcess *** SERV - R2 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - R2 - [NitroDriverReadSpool8] - NitroPDFDriverCreatorReadSpool8 - c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - R3 - [QuickControlService] - Lenovo QuickControl Service - c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys DRV - R0 - [excsd] - ExpressCache Storage Filter Driver - C:\WINDOWS\system32\Drivers\excsd.sys DRV - R0 - [Fastboot] - Fastboot - C:\WINDOWS\system32\Drivers\Fastboot.sys DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys DRV - R0 - [IntelHSWPcc] - IntelHSWPcc - C:\WINDOWS\system32\Drivers\IntelHSWPcc.sys [x] DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\WINDOWS\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys DRV - R0 - [Shockprf] - Shockprf - C:\WINDOWS\system32\Drivers\Shockprf.sys [x] DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys DRV - R0 - [TPDIGIMN] - TPDIGIMN - C:\WINDOWS\system32\Drivers\TPDIGIMN.sys [x] DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys DRV - S0 - [SymELAM] - Symantec ELAM Driver - C:\WINDOWS\system32\Drivers\SymELAM.sys [x] DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== WOW x64 - All Ok ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@bthaudiosvc BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\WINDOWS\Tasks ============================= C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1078 bytes [ 2/01/2015 21:45:12 ] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1082 bytes [ 2/01/2015 21:45:12 ] C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22/08/2013 15:45:54 ] C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job 264 bytes [ 2/01/2015 19:59:04 ] ==================== Job tasks at C:\WINDOWS\system32\Tasks ==================== C:\WINDOWS\system32\Tasks\Absolute Reminder 3274 bytes [ 20/04/2014 18:16:11 ] => "%PROGRAMFILES(x86)%\Absolute Software\Absolute Reminder\AbsoluteReminder.exe" C:\WINDOWS\system32\Tasks\CLMLSvc 3148 bytes [ 20/04/2014 18:11:47 ] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3818 bytes [ 2/01/2015 21:45:12 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4054 bytes [ 2/01/2015 21:45:12 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 3864 bytes [ 20/04/2014 18:23:03 ] => "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe" C:\WINDOWS\system32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon 3616 bytes [ 20/04/2014 18:23:03 ] => "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe" C:\WINDOWS\system32\Tasks\Microsoft Office 15 Sync Maintenance for JONAS-PC-Jonas Jonas-PC 5034 bytes [ 5/01/2015 16:09:38 ] => C:\Program Files\Microsoft Office\Office15\MsoSync.exe C:\WINDOWS\system32\Tasks\Norton WSC Integration 3234 bytes [ 20/04/2014 18:18:33 ] => "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe" C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856834796-3624118678-1303184682-1002 3600 bytes [ 2/01/2015 18:32:47 ] C:\WINDOWS\system32\Tasks\PMTask 2958 bytes [ 20/04/2014 18:18:55 ] => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe C:\WINDOWS\system32\Tasks\StartPowerDVDService 2890 bytes [ 20/04/2014 18:15:00 ] => "C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements 2990 bytes [ 20/04/2014 18:23:21 ] => "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5A50F2C3-C138-46AC-B602-08BB601F9AF9} 3958 bytes [ 2/01/2015 20:26:48 ] => C:\WINDOWS\system32\msfeedssync.exe ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at za 14 mrt 2015 18:13 (0 Min 19 Sec ) ======