E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2015 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at vr 3 jul 2015 19:09 . Windows 8.1 (64 bits) C:\WINDOWS [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: acer . Java x86: 1.8 Java x64: n/a . AV : Norton 360 [Updated - Not Running] AV : Windows Defender [Updated - Not Running] AS : Windows Defender [Updated - Not Running] AS : Norton 360 [Updated - Running] FW : FW : Norton 360 [Updated - Not Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 29-06-2015 ##### r-h-s-d+a- C:\zoek_backup 29-06-2015 ##### r-h-s-d+a- C:\Users\acer\AppData\Local\Temp 29-06-2015 ##### r-h-s-d+a- C:\rsit 29-06-2015 ##### r-h-s-d+a- C:\Program Files\trend micro 29-06-2015 ##### r-h-s-d+a- C:\FRST 29-06-2015 ##### r-h-s-d+a- C:\AdwCleaner 29-06-2015 ##### r-h+s+d+a- C:\$RECYCLE.BIN 03-07-2015 ##### r-h-s-d+a- C:\Users\acer\AppData\Roaming\E Dev 03-07-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev Files Modified Last 7 days : 30-06-2015 00000018 r-h-s-d-a+ C:\WINDOWS\SysWOW64\log.txt 02-07-2015 03018070 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI 02-07-2015 00985670 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat 02-07-2015 00812350 r-h-s-d-a+ C:\WINDOWS\system32\perfh00C.dat 02-07-2015 00722476 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat 02-07-2015 00205852 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat 02-07-2015 00159412 r-h-s-d-a+ C:\WINDOWS\system32\perfc00C.dat 02-07-2015 00135592 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat Files Created Last 7 days : 03-07-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== RUNNING PROCESSES ========================================= [audiodg] -SERVICE LOCAL- C:\Windows\System32\audiodg.exe - (audiodg.exe) [BitTorrent] -acer- C:\Users\acer\AppData\Roaming\BitTorrent\BitTorrent.exe - (BitTorrent Inc.) [BrcmCardReader] -Système- C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe - (Broadcom Corp.) [CCDMonitorService] -Système- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe - (Acer Incorporated) [chrome] -acer- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -acer- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -acer- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -acer- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [conhost] -SERVICE RÉSEAU- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -Système- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [conhost] -Système- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation) [csrss] -Système- C:\Windows\System32\csrss.exe - (csrss.exe) [csrss] -Système- C:\Windows\System32\csrss.exe - (csrss.exe) [dasHost] -SERVICE LOCAL- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation) [DeviceDetector] -acer- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe - (CyberLink) [dllhost] -Système- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation) [dsiwmis] -Système- C:\Program Files (x86)\Launch Manager\dsiwmis.exe - (Dritek System Inc.) [dwm] -DWM-4- C:\WINDOWS\System32\dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -acer- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [ePowerEvent] -Système- C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe - (Acer Incorporated) [ePowerSvc] -Système- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe - (Acer Incorporated) [ePowerTray] -acer- C:\Program Files\Acer\Acer Power Management\ePowerTray.exe - (Acer Incorporated) [ETDCtrl] -acer- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.) [ETDCtrlHelper] -acer- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.) [explorer] -acer- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation) [GfExperienceService] -Système- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe - (NVIDIA Corporation) [GoogleUpdate] -Système- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.) [GWX] -acer- C:\WINDOWS\system32\GWX\GWX.exe - (Microsoft Corporation) [HeciServer] -Système- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation) [igfxCUIService] -Système- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation) [igfxEM] -acer- C:\WINDOWS\system32\igfxEM.exe - (Intel Corporation) [igfxext] -acer- C:\WINDOWS\system32\igfxext.exe - (Intel Corporation) [igfxHK] -acer- C:\WINDOWS\system32\igfxHK.exe - (Intel Corporation) [igfxTray] -acer- C:\WINDOWS\system32\igfxTray.exe - (Intel Corporation) [Jhi_service] -Système- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation) [jusched] -acer- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation) [LCore] -acer- C:\Program Files\Logitech Gaming Software\LCore.exe - (Logitech Inc.) [LManager] -acer- C:\Program Files (x86)\Launch Manager\LManager.exe - (Dritek System Inc.) [LMS] -Système- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation) [LMutilps32] -Système- C:\Program Files (x86)\Launch Manager\LMutilps32.exe - (Dritek System Inc.) [lsass] -Système- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation) [mDNSResponder] -Système- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [MMDx64Fx] -acer- C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe - (Dritek System Inc.) [msiexec] -Système- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation) [n360] -acer- C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe - (Symantec Corporation) [n360] -Système- C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe - (Symantec Corporation) [NASvc] -Système- c:\Program Files (x86)\Nero\Update\NASvc.exe - (Nero AG) [NOBuAgent] -Système- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe - (Symantec Corporation) [notepad] -acer- C:\Windows\System32\notepad.exe - (Microsoft Corporation) [NvBackend] -acer- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation) [NvNetworkService] -Système- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation) [NvStreamNetworkService] -SERVICE RÉSEAU- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe - (NVIDIA Corporation) [nvstreamsvc] -Système- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation) [nvstreamsvc] -Système- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation) [nvtray] -acer- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation) [nvvsvc] -Système- C:\WINDOWS\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -Système- C:\WINDOWS\system32\nvvsvc.exe - (NVIDIA Corporation) [nvxdsync] -Système- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation) [PresentationFontCache] -SERVICE LOCAL- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation) [RAVCpl64] -acer- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor) [RfBtnHelper] -Système- C:\Program Files (x86)\RadioController\RfBtnHelper.exe - (Dritek System Inc.) [RfBtnSvc64] -Système- C:\Windows\RfBtnSvc64.exe - (Dritek System INC.) [rundll32] -acer- C:\WINDOWS\system32\RunDll32.exe - (Microsoft Corporation) [SearchIndexer] -Système- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation) [services] -Système- C:\Windows\System32\services.exe - (services.exe) [SettingSyncHost] -acer- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation) [SkyDrive] -acer- C:\Windows\System32\skydrive.exe - (Microsoft Corporation) [smss] -Système- C:\Windows\System32\smss.exe - (smss.exe) [spoolsv] -Système- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation) [Steam] -acer- C:\Program Files (x86)\Steam\Steam.exe - (Valve Corporation) [SteamService] -Système- C:\Program Files (x86)\Common Files\Steam\SteamService.exe - (Valve Corporation) [steamwebhelper] -acer- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe - (Valve Corporation) [System] -N/A- - (System) [taskeng] -Système- C:\WINDOWS\system32\taskeng.exe - (Microsoft Corporation) [taskhostex] -acer- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation) [TeamViewer_Service] -Système- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe - (TeamViewer GmbH) [UNS] -Système- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - (Intel Corporation) [unsecapp] -acer- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation) [unsecapp] -Système- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation) [unsecapp] -Système- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation) [vpnagent] -Système- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe - (Cisco Systems, Inc.) [wininit] -Système- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation) [winlogon] -Système- C:\WINDOWS\System32\WinLogon.exe - (Microsoft Corporation) [wlanext] -Système- C:\WINDOWS\system32\WLANExt.exe - (Microsoft Corporation) [WmiPrvSE] -SERVICE RÉSEAU- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [WmiPrvSE] -Système- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -SERVICE RÉSEAU- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AC55216A-6028-4AE2-8242-028503875233} DisplayName = Bing URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InProcServer32 DefaultC:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AC55216A-6028-4AE2-8242-028503875233} DisplayName = Bing URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS HKLM\Software\Microsoft\Internet Explorer\Toolbar {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InProcServer32 DefaultC:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe, Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Browsers present ========================================== Google Chrome IEXPLORE.EXE ==================== Google Chrome ============================================= GC - Local State Path: C:\Users\acer\AppData\Local\Google\Chrome\User Data\Local State GC - Profile: [Default] Name: Persoon 1 - Shortcut name: - Username: ==================== Google Chrome Profile: Default ============================ GC - Prefpath: C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences GC - Homepage: n/a GC - Ext: [ Shopping App by Ask ] version: 12.16 Description: Convenient browsing tools and links. Disabling this extension won't uninstall the associated program; for instructions: help.ask.com Path: aaaaahaeginbdcckocjkhbciadcafnep\12.16_0 GC - Ext: [ Search Extension by Ask v3 ] version: 14.10 Description: Convenient browsing tools and links. Disabling this extension won't uninstall the associated program; for instructions: help.ask.com Path: aaaaahlfahldnilidgnlikdckbfehhca\14.10_0 GC - Ext: [ Search App By Ask v2 ] version: 55.11 Description: Convenient browsing tools and links. Disabling this extension won't uninstall the associated program; for instructions: help.ask.com Path: aaaaaiabcopkplhgaedhbloeejhhankf\55.11_0 GC - Ext: [ Winkel ] version: 0.2 Description: Chrome Web Store Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\web_store GC - Ext: [ Bookmark Manager ] version: 0.1 Description: Bookmark Manager Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\bookmark_manager GC - Ext: [ Settings ] version: 0.2 Description: Settings Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\settings_app GC - Ext: [ Feedback ] version: 1.0 Description: User feedback extension Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\feedback GC - Ext: [ Norton Identity Safe ] version: 1.0.5 Description: Access your Identity Safe Vault, which remembers your usernames and passwords for single-click access to your favorite sites. Path: iikflkcanblccfahdhdonehdalibjnif\1.0.5_0 GC - Ext: [ CryptoTokenExtension ] version: 0.9.22 Description: CryptoToken Component Extension Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\resources\cryptotoken GC - Ext: [ Cloud Print ] version: 0.1 Description: Cloud Print Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\cloud_print GC - Ext: [ GaiaAuthExtension ] version: 0.0.1 Description: GAIA Component Extension Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\gaia_auth GC - Ext: [ Chrome ] version: 0.1 Description: Chrome as an app Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\chrome_app GC - Ext: [ Chrome PDF Viewer ] version: 1 Description: Path: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\resources\pdf GC - Ext: [ Norton Security Toolbar ] version: 2014.7.10.28 Description: Norton Safe Search and Safe Web warn you of dangerous sites when you search, shop or browse online. Path: mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.10.28_0 GC - Ext: [ Google Network Speech ] version: 1.0 Description: Component extension providing speech via the Google network text-to-speech service. Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\network_speech_synthesis GC - Ext: [ Google+ Hangouts ] version: 1.0 Description: Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\hangout_services GC - Ext: [ Google Now ] version: 1.2.0.1 Description: Integrates Google Now into Chrome. Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\resources\google_now ==================== Windows Host File ========================================= ==================== BHO ======================================================= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Default = Norton Identity Protection => HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InProcServer32 Default = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} Default = Norton Vulnerability Protection => HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\InProcServer32 Default = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll ==================== BHO x64 =================================================== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Default = Norton Identity Protection => HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InProcServer32 Default = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Cisco AnyConnect Secure Mobility Agent for Windows = "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized Norton Online Backup = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe RadioController = "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Steam = "C:\Program Files (x86)\Steam\steam.exe" -silent Xvid = C:\Program Files (x86)\Xvid\CheckUpdate.exe ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe Launch LCore = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ShadowPlay = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled] ETDCtrl = 6 HotKeysCmds = 2 IgfxTray = 2 Launch LCore = 2 Persistence = 2 RTHDVCPL = 6 Cisco AnyConnect Secure Mobility Agent for Windows = 3 mcpltui_exe = 4 Norton Online Backup = 2 RadioController = 2 HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam = "C:\Program Files (x86)\Steam\steam.exe" -silent Xvid = C:\Program Files (x86)\Xvid\CheckUpdate.exe Startup - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia HKCU\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32 => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll => HKCR\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InProcServer32 {DBC80044-A445-435B-BC74-9C25C1C588A9} = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Protocol Hijackers ======================================== HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b] HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml CLSID = {807583E5-5146-11D5-A672-00B0D022E945} => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown ==================== Protocol Hijackers x64 ==================================== HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml CLSID = {807583E5-5146-11D5-A672-00B0D022E945} => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown ==================== Automatic Started DLL's =================================== HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll ==================== Automatic Started DLL's x64 =============================== HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = C:\Windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\ClearfiCopyHook @ Default = {ED32C084-BABB-11E1-B491-D4D66088709B} => HKCR\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}\InProcServer32 @ Default = C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ Default = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} => HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32 @ Default = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [BrcmCardReader] - Broadcom Card Reader Service - c:\program files\broadcom\memorycard\brcmcardreader.exe SERV - R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe SERV - R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe SERV - R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [RfButtonDriverService] - Dritek RF Button Command Service - c:\windows\rfbtnsvc64.exe SERV - R2 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe SERV - R2 - [vpnagent] - Cisco AnyConnect Secure Mobility Agent - c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [ePowerSvc] - ePower Service - c:\program files\acer\acer power management\epowersvc.exe SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - R3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe *** Win32ShareProcess *** SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [CCDMonitorService] - CCDMonitorService - c:\program files (x86)\acer\acer cloud\ccdmonitorservice.exe SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - MUP - C:\WINDOWS\system32\Drivers\Mup.sys DRV - R0 - [SymEFA] - Symantec Extended File Attributes - C:\WINDOWS\system32\Drivers\SymEFA.sys [x] DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\WINDOWS\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys DRV - R0 - [pdc] - PDC - C:\WINDOWS\system32\Drivers\pdc.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys DRV - R0 - [SymDS] - Symantec Data Store - C:\WINDOWS\system32\Drivers\SymDS.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys DRV - S0 - [SymELAM] - Symantec ELAM Driver - C:\WINDOWS\system32\Drivers\SymELAM.sys [x] DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== WOW x64 - All Ok ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@bthaudiosvc BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@utcsvc DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [3ecb752a6963b1cbc9ad65ed89c8aced] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\WINDOWS\Tasks ============================= C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1088 bytes [ 19-09-14 22:46:10 ] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1092 bytes [ 19-09-14 22:46:12 ] C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22-08-13 16:45:54 ] ==================== Job tasks at C:\WINDOWS\system32\Tasks ==================== C:\WINDOWS\system32\Tasks\ALU 3626 bytes [ 23-05-13 06:49:22 ] => C:\Program Files (x86)\Acer\Live Updater\updater.exe C:\WINDOWS\system32\Tasks\ALUAgent 4402 bytes [ 23-05-13 06:49:23 ] => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask 3546 bytes [ 04-09-14 13:51:58 ] => C:\Windows\BrowserChoice\browserchoice.exe C:\WINDOWS\system32\Tasks\DeviceDetector 3200 bytes [ 23-05-13 06:52:52 ] => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3828 bytes [ 19-09-14 22:46:11 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4064 bytes [ 19-09-14 22:46:12 ] => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Tasks\Norton WSC Integration 3206 bytes [ 06-12-14 11:25:16 ] => "C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe" C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262041034-2454871270-514107219-1002 3598 bytes [ 04-09-14 10:26:07 ] C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262041034-2454871270-514107219-500 3594 bytes [ 18-08-13 01:38:38 ] C:\WINDOWS\system32\Tasks\Power Management 2914 bytes [ 18-08-13 01:21:37 ] => "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{EB932698-6437-45C0-BF61-B3BE15E60EF6} 3950 bytes [ 04-09-14 16:19:00 ] => C:\WINDOWS\system32\msfeedssync.exe C:\WINDOWS\system32\Tasks\{EA86F0AE-3243-43A1-BD2D-65F309E9C261} 3104 bytes [ 16-04-15 17:11:27 ] => C:\WINDOWS\system32\pcalua.exe ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at vr 3 jul 2015 19:09 (0 Min 15 Sec ) =======