~ ZHPDiag v2018.3.17.52 By Nicolas Coolman (2018/03/17) ~ Run by michael.vervecken (Administrator) (2018/03/18 22:07:53) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ Certificate ZHPDiag: Legal ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\michael.vervecken\Desktop\ZHPDiag.txt ~ Report: C:\Users\michael.vervecken\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 8.1 Enterprise, 64-bit (Build 9600) =>.Microsoft Corporation ---\\ Internet Browsers (2) - 0s ~ GCIE: Google Chrome v65.0.3325.162 ~ MSIE: Internet Explorer v11.0.9600.18698 ---\\ Windows Product Information (3) - 3s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK ---\\ System protection software (1) - 5s Windows Defender (Deactivate) ---\\ Surveillance software (3) - 5s ~ Adobe Flash Player 29 NPAPI (Surveillance) ~ Adobe Flash Player 29 PPAPI (Surveillance) ~ Adobe Acrobat Reader DC (Surveillance) ---\\ Sharing software PeerToPeer (1) - 5s ~ µTorrent v3.5.0.44294 (P2P) ---\\ Informations on the system (6) - 0s ~ Operating System: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) Total RAM: 4071.328 MB (50% free) : OK =>.RAM Value System Restore: Activé (Enable) System drive C: has 62 GB (13%) free of 475 GB : OK =>.Disk Space ---\\ Connection to the system mode (3) - 0s ~ Computer Name: BEVIL01L118665 ~ User Name: michael.vervecken ~ Logged in as Administrator ---\\ Enumeration of the disk units (1) - 0s ~ Drive C: has 62 GB free of 475 GB (System) ---\\ State of the Windows Security Center (11) - 0s [HKLM\Software\WOW6432Node\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\Software\WOW6432Node\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\Software\WOW6432Node\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] AutoConfigUrl: Modified [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (24) - 2s [MD5.81394C91B7B5A7C799E249AE82491F13] - 04/03/2014 - (.Microsoft Corporation - Windows Explorer.) -- C:\windows\Explorer.exe [2373784] =>.Microsoft Windows® [MD5.6E0BDFBEEED65B017F2E4C2C910B0520] - 22/08/2013 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\windows\System32\rundll32.exe [52736] =>.Microsoft Corporation [MD5.D9516405E05F24EDCD90B1988FAF3948] - 14/01/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\windows\System32\Wininit.exe [146944] =>.Microsoft Corporation [MD5.1AAE329190ED545F5FB02941F3644094] - 14/05/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\windows\System32\wininet.dll [3240960] =>.Microsoft Corporation [MD5.306EB21E5B480AE9065EA55AC8C35936] - 18/03/2014 - (.Microsoft Corporation - Windows Logon Application.) -- C:\windows\System32\Winlogon.exe [562176] =>.Microsoft Corporation [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - 18/03/2014 - (.Microsoft Corporation - Software Licensing Library.) -- C:\windows\System32\sppcomapi.dll [447488] =>.Microsoft Corporation [MD5.CF5FA7E4FB587B0F09BB0C143EB49797] - 09/02/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\windows\System32\dnsapi.dll [658432] =>.Microsoft Corporation [MD5.F2E67F682DDCFE2C2C170F2AA3650ED6] - 09/02/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\windows\Syswow64\dnsapi.dll [499200] =>.Microsoft Corporation [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - 30/05/2014 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\windows\System32\drivers\AFD.sys [563200] =>.Microsoft Corporation [MD5.74B14192CF79A72F7536B27CB8814FBD] - 22/08/2013 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\windows\System32\drivers\atapi.sys [26464] =>.Microsoft Windows® [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - 22/08/2013 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\windows\System32\drivers\Cdfs.sys [88576] =>.Microsoft Corporation [MD5.C6796EA22B513E3457514D92DCDB1A3D] - 22/08/2013 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\windows\System32\drivers\Cdrom.sys [164352] =>.Microsoft Corporation [MD5.4FED6AD69C9EE1EE7FD3C88437138855] - 10/01/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\windows\System32\drivers\DfsC.sys [138752] =>.Microsoft Corporation [MD5.498288DD5CA42C2D36D125893E968C53] - 18/03/2014 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\windows\System32\drivers\HDAudBus.sys [77312] =>.Microsoft Corporation [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - 22/08/2013 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\windows\System32\drivers\i8042prt.sys [107520] =>.Microsoft Corporation [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - 18/03/2014 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\drivers\IpNat.sys [142848] =>.Microsoft Corporation [MD5.E2FC654EC895E92A022794329BFC53EC] - 01/02/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\windows\System32\drivers\MRxSmb.sys [401408] =>.Microsoft Corporation [MD5.0217532E19A748F0E5D569307363D5FD] - 22/08/2013 - (.Microsoft Corporation - MBT Transport driver.) -- C:\windows\System32\drivers\netBT.sys [282624] =>.Microsoft Corporation [MD5.DA4B468EAD05860A52E00C8D5D39A2BA] - 02/04/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\windows\System32\drivers\ntfs.sys [2013016] =>.Microsoft Windows® [MD5.57DCE4FB0467986AE78E1C6FC5240D32] - 11/08/2016 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\windows\System32\drivers\Parport.sys [96256] =>.Microsoft Corporation [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - 22/08/2013 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\windows\System32\drivers\Rasl2tp.sys [120832] =>.Microsoft Corporation [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - 18/03/2014 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\windows\System32\drivers\rdpdr.sys [195584] =>.Microsoft Corporation [MD5.23DF7EBD9B782E1436CEC700565A4366] - 14/05/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\windows\System32\drivers\tdx.sys [107520] =>.Microsoft Corporation [MD5.4BB9BC49DEE1A319EC58274A7BBED663] - 06/03/2014 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\windows\System32\drivers\volsnap.sys [310616] =>.Microsoft Windows® ---\\ Non Microsoft non disabled Windows Services (26) - 2s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® O23 - Service: AVControlCenter (AVControlCenter) . (.Lenovo Corporation - Lenovo® Multimedia and Comm Subsystem Contr.) - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe =>.LENOVO® O23 - Service: LANDesk(R) Management Agent (CBA8) . (.Ivanti - Resident Agent Application.) - C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe O23 - Service: CyberGhost 6 Service (CG6Service) . (.CyberGhost S.A. - CyberGhost Service.) - C:\Program Files\CyberGhost 6\CyberGhost.Service.exe =>.CyberGhost SRL® O23 - Service: Google Update-service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc® O23 - Service: IBM Notes Diagnostics (IBM Notes Diagnostics) . (.IBM - wnsd.) - c:\Program Files (x86)\IBM\Notes\nsd.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM O23 - Service: IBM Notes Single Logon (IBM Notes Single Logon) . (.IBM Corp - IBM Notes/Domino.) - c:\Program Files (x86)\IBM\Notes\nslsvice.exe =>.International Business Machines Corporation® O23 - Service: @oem142.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) . (.Lenovo. - Lenovo Power Management Service.) - C:\windows\System32\ibmpmsvc.exe =>.Lenovo. O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\windows\System32\igfxCUIService.exe =>.Intel Corporation O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Copyright CANON INC. 2006-2017 - Inkjet Printer/Scanner/Fax Extended Survey.) - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe =>.Canon Inc.® O23 - Service: Intel Local Scheduler Service (Intel Local Scheduler Service) . (.Ivanti - LocalSch.) - C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE {212334F89B3268D4507E241B3B853644} O23 - Service: Intel PDS (Intel PDS) . (...) - C:\Windows\System32\cba\pds.exe (.not file.) O23 - Service: LANDESK Remote Control Service (ISSUSER) . (.Ivanti - Remote Control Client.) - C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} O23 - Service: LANDESK Targeted Multicast (LANDesk Targeted Multicast) . (.Ivanti - Targeted Multicast Client Service Executabl.) - C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} O23 - Service: Ivanti Endpoint Security (LDSecSvc) . (.Ivanti - Ivanti Endpoint Security.) - C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.EXE {212334F89B3268D4507E241B3B853644} O23 - Service: Lenovo Settings Service (Lenovo Settings Service) . (.Lenovo Group Limited - Lenovo Settings Service.) - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe =>.LENOVO® O23 - Service: Lenovo System Agent Service (Lenovo System Agent Service) . (.LENOVO INCORPORATED. - Lenovo System Agent Service.) - C:\Program Files\Lenovo\iMController\SystemAgentService.exe =>.LENOVO® O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\Lenovo\HOTKEY\micmute.exe =>.LENOVO® O23 - Service: IBM Notes Smart Upgrade Service (LNSUSvc) . (.IBM Corp - IBM Notes/Domino.) - c:\Program Files (x86)\IBM\Notes\SUService.exe =>.International Business Machines Corporation® O23 - Service: (LocationTaskManager) . (. - Location Task Manager.) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe =>.LENOVO® O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) . (.Trend Micro Inc. - Trend Micro Common Client Real-time Scan Se.) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe =>.Trend Micro, Inc.® O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) . (.Ivanti - LANDESK Software Monitor.) - C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe {212334F89B3268D4507E241B3B853644} O23 - Service: TeamViewer 13 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 13.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH® O23 - Service: OfficeScan NT Listener (tmlisten) . (.Trend Micro Inc. - Trend Micro Common Client Communication Ser.) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe =>.Trend Micro, Inc.® O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\Lenovo\HOTKEY\tphkload.exe =>.LENOVO® O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) . (.Cisco Systems, Inc. - VPN Agent Service.) - c:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe =>.Cisco Systems, Inc.® ---\\ Services not Microsoft (SR=Run, SS=Stop) (37) - 9s SS - Auto [09/02/2018] [ 83984] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® SS - Demand [13/03/2018] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated® SR - Auto [21/01/2015] [ 560584] AVControlCenter (AVControlCenter) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe =>.LENOVO® SR - Auto [19/06/2017] [ 197632] LANDesk(R) Management Agent (CBA8) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe SS - Auto [31/08/2017] [ 232528] CyberGhost 6 Service (CG6Service) . (.CyberGhost S.A..) - C:\Program Files\CyberGhost 6\CyberGhost.Service.exe =>.CyberGhost SRL® SS - Demand [27/10/2014] [ 280680] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel Corporation - pGFX® SR - Demand [05/04/2017] [ 8960512] Trend Micro OfficeScan Data Protection Service (DSASvc) . (.Trend Micro Inc..) - C:\windows\System32\dgagent\DSAGENT.exe =>.Trend Micro, Inc.® SS - Auto [18/03/2018] [ 153168] Google Update-service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc® SS - Demand [18/03/2018] [ 153168] Google Update-service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc® SR - Auto [08/06/2015] [ 5167896] IBM Notes Diagnostics (IBM Notes Diagnostics) . (.IBM.) - c:\Program Files (x86)\IBM\Notes\nsd.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM SR - Auto [15/10/2013] [ 57448] IBM Notes Single Logon (IBM Notes Single Logon) . (.IBM Corp.) - c:\Program Files (x86)\IBM\Notes\nslsvice.exe =>.International Business Machines Corporation® SR - Auto [17/12/2013] [ 68440] @oem142.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) . (.Lenovo..) - C:\windows\System32\ibmpmsvc.exe =>.Lenovo(Japan)Ltd.® SR - Auto [27/10/2014] [ 318568] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\windows\System32\igfxCUIService.exe =>.Intel Corporation - pGFX® SR - Auto [11/07/2017] [ 391744] Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Copyright CANON INC. 2006-2017.) - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe =>.Canon Inc.® SR - Auto [28/03/2017] [ 386240] Intel Local Scheduler Service (Intel Local Scheduler Service) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE {212334F89B3268D4507E241B3B853644} SR - Auto [02/05/2017] [ 1757112] LANDESK Remote Control Service (ISSUSER) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} SR - Auto [28/03/2017] [ 360928] LANDESK Targeted Multicast (LANDesk Targeted Multicast) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} SR - Auto [01/06/2017] [ 2827296] Ivanti Endpoint Security (LDSecSvc) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.EXE {212334F89B3268D4507E241B3B853644} SR - Auto [23/01/2015] [ 2016472] Lenovo Settings Service (Lenovo Settings Service) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe =>.LENOVO® SR - Auto [14/12/2015] [ 584664] Lenovo System Agent Service (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\Lenovo\iMController\SystemAgentService.exe =>.LENOVO® SS - Demand [21/01/2015] [ 456136] Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\cammute.exe =>.LENOVO® SR - Auto [04/06/2015] [ 111560] Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\HOTKEY\micmute.exe =>.LENOVO® SS - Demand [21/01/2015] [ 453576] Lenovo AVFramework Microphone Volume Controller and Dolby I (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe =>.LENOVO® SS - Demand [21/01/2015] [ 626120] Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe =>.LENOVO® SR - Auto [15/10/2013] [ 1654376] IBM Notes Smart Upgrade Service (LNSUSvc) . (.IBM Corp.) - c:\Program Files (x86)\IBM\Notes\SUService.exe =>.International Business Machines Corporation® SS - Demand [10/12/2014] [ 474568] Lenovo Settings Mobile Hotspot Service (LnvHotSpotSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe =>.LENOVO® SR - Auto [09/01/2015] [ 469720] (LocationTaskManager) . (...) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe =>.LENOVO® SS - Disabl [15/10/2013] [ 38504] Multi-user Cleanup Service (Multi-user Cleanup Service) . (.IBM Corp.) - c:\Program Files (x86)\IBM\Notes\ntmulti.exe =>.International Business Machines Corporation® SR - Auto [02/05/2017] [ 7573944] OfficeScan NT RealTime Scan (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe =>.Trend Micro, Inc.® SR - Demand [16/01/2015] [ 1668848] Lenovo Settings Power Service (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe =>.LENOVO® SR - Auto [22/06/2017] [ 828432] LANDesk(R) Software Monitoring Service (Softmon) . (.Ivanti.) - C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe {212334F89B3268D4507E241B3B853644} SR - Auto [05/12/2017] [10945264] TeamViewer 13 (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH® SR - Demand [18/04/2017] [ 482816] Trend Micro Unauthorized Change Prevention Service (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe =>.Trend Micro, Inc.® SR - Demand [05/04/2017] [ 1501944] OfficeScan Common Client Solution Framework (tmccsf) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe =>.Trend Micro, Inc.® SR - Auto [02/05/2017] [ 5627016] OfficeScan NT Listener (tmlisten) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe =>.Trend Micro, Inc.® SR - Auto [04/06/2015] [ 126408] Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\HOTKEY\tphkload.exe =>.LENOVO® SR - Auto [20/04/2015] [ 563088] Cisco AnyConnect Secure Mobility Agent (vpnagent) . (.Cisco Systems, Inc..) - c:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe =>.Cisco Systems, Inc.® ---\\ Task Planned Automatically (Register) (102) - 3s O38 - TASK: {006E650B-C0F4-4DA5-ADB8-C4BD9A2F842B} [64Bits][\Microsoft\Windows\Shell\FamilySafetyMonitor] - (.Microsoft Corporation - Family Safety Monitor.) -- C:\windows\System32\wpcmon.exe [3048904] =>.Microsoft Corporation O38 - TASK: {044C0ECB-D77C-4D85-A7C5-01275585901D} [64Bits][\Microsoft\Windows\Autochk\Proxy] - (.Microsoft Corporation - Autochk Proxy DLL.) -- C:\Windows\System32\acproxy.dll [12288] =>.Microsoft Corporation O38 - TASK: {0B545118-B563-42FC-8D07-B78F602FCF34} [64Bits][\Microsoft\Windows\WS\WSRefreshBannedAppsListTask] - (.Microsoft Corporation - Windows Store Licensing Client.) -- C:\Windows\System32\WSClient.dll [196096] =>.Microsoft Corporation O38 - TASK: {0CDA7F67-716F-4559-B04D-B637BE0C0E28} [64Bits][\Microsoft\Windows\Application Experience\ProgramDataUpdater] - (.Microsoft Corporation - Program Compatibility Data Updater.) -- C:\Windows\System32\aepdu.dll [591872] =>.Microsoft Corporation O38 - TASK: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} [64Bits][\Microsoft\Windows\Sysmain\WsSwapAssessmentTask] - (.Microsoft Corporation - Superfetch Service Host.) -- C:\Windows\System32\sysmain.dll [1192448] =>.Microsoft Corporation O38 - TASK: {2BC3ABA2-B9D5-4B2F-B8E7-83F1FD0B6274} [64Bits][\Microsoft\Office\OfficeTelemetryAgentFallBack] - (.Microsoft Corporation - Office Telemetry Agent.) -- C:\Program Files\Microsoft Office\Office15\msoia.exe [376496] =>.Microsoft Corporation O38 - TASK: {2BC666B2-C77B-492D-A698-30536C6C4D42} [64Bits][\Microsoft\Windows\Customer Experience Improvement Program\Consolidator] - (.Microsoft Corporation - Windows SQM Consolidator.) -- C:\windows\System32\wsqmcons.exe [376320] =>.Microsoft Corporation O38 - TASK: {36B4057A-AB5F-4DF0-A330-34AB3A2A118E} [64Bits][\LANDESK Agent Health Bootstrap Task] - (.Ivanti - LANDESK Agent Health Bootstrap.) -- C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [258728] O38 - TASK: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} [64Bits][\Microsoft\Windows\Time Zone\SynchronizeTimeZone] - (.Microsoft Corporation - TimeZone Sync Task.) -- C:\windows\system32\tzsync.exe [62976] =>.Microsoft Corporation O38 - TASK: {44076A8D-D285-466F-A0F9-34E5372ACFE6} [64Bits][\GoogleUpdateTaskMachineUA] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc. O38 - TASK: {5FB92629-7DAA-44D6-BD42-C3EF731E3B1A} [64Bits][\Adobe Flash Player PPAPI Notifier] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432] =>.Adobe Systems Incorporated O38 - TASK: {62305D1B-6C7D-4C06-A7F5-6CE0A20229AF} [64Bits][\RTKCPL] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032] =>.Realtek Semiconductor O38 - TASK: {63063500-785F-420F-9D17-9214D8DE9FCE} [64Bits][\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver] - (.Microsoft Corporation - Windows Disk Diagnostic User Resolver.) -- C:\windows\system32\DFDWiz.exe [77312] =>.Microsoft Corporation O38 - TASK: {6772B4E0-9D47-4609-AB65-86447C6365EF} [64Bits][\Microsoft\Windows\WindowsUpdate\Scheduled Start] - (.Microsoft Corporation - Service Control Manager Configuration Tool.) -- C:\Windows\System32\sc.exe [67584] =>.Microsoft Corporation O38 - TASK: {68C88A97-0314-4F5C-99B2-CA76E0C222C7} [64Bits][\Microsoft\Windows\DiskCleanup\SilentCleanup] - (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) -- C:\Windows\System32\cleanmgr.exe [216576] =>.Microsoft Corporation O38 - TASK: {6D21C8E9-C77F-4EE7-9252-2D30C930528A} [64Bits][\Microsoft\Windows\Defrag\ScheduledDefrag] - (.Microsoft Corp. - Disk Defragmenter Module.) -- C:\windows\system32\defrag.exe [183808] =>.Microsoft Corp. O38 - TASK: {73B1B253-CE67-4501-AE1A-377DD1D68B65} [64Bits][\Microsoft\Windows\Application Experience\StartupAppTask] - (.Microsoft Corporation - Startup scan task DLL.) -- C:\Windows\System32\Startupscan.dll [17408] =>.Microsoft Corporation O38 - TASK: {73D1388C-336E-40EC-B0B4-62CB862AF2BE} [64Bits][\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers] - (.Microsoft Corporation - Driver Installation Module.) -- C:\Windows\System32\drvinst.exe [110592] =>.Microsoft Corporation O38 - TASK: {75BDB765-A28D-4FBC-84D0-9D1521891486} [64Bits][\RtHDVBg_Dolby] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744] =>.Realtek Semiconductor O38 - TASK: {77AD0F7A-ECF8-4187-9F00-D8A7FE4BFF4E} [64Bits][\Microsoft\Office\Office 15 Subscription Heartbeat] - (.Microsoft Office - Task used to ensure that the Microsoft Offi.) -- C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (.not file.) [0] (.Orphan.) =>.SUP.Orphan O38 - TASK: {77F1D869-6E65-4079-A2A0-E2023408EF97} [64Bits][\Microsoft\Windows\ApplicationData\CleanupTemporaryState] - (.Microsoft Corporation - Windows Application Data API Server.) -- C:\Windows\System32\Windows.Storage.ApplicationData.dll [206128] =>.Microsoft Corporation O38 - TASK: {7A1CA63A-3611-4E61-AAFA-1B56F8746F3A} [64Bits][\Microsoft\Windows\AppID\PolicyConverter] - (.Microsoft Corporation - AppID Policy Converter Task.) -- C:\windows\system32\appidpolicyconverter.exe [193536] =>.Microsoft Corporation O38 - TASK: {7DD666D5-AC93-428A-B051-BD4F13C8356D} [64Bits][\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask] - (.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\System32\raserver.exe [117760] =>.Microsoft Corporation O38 - TASK: {84400372-B6DB-4852-B387-6CE186EAE25B} [64Bits][\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser] - (.Microsoft Corporation - Mobile Broadband Account Experience Parser.) -- C:\windows\System32\MbaeParserTask.exe [110080] =>.Microsoft Corporation O38 - TASK: {8CC813C9-712A-41EF-9512-B233444FC669} [64Bits][\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup] - (.Microsoft Corporation - AppX Deployment Client DLL.) -- C:\Windows\System32\AppxDeploymentClient.dll [252928] =>.Microsoft Corporation O38 - TASK: {90878909-5ACD-485A-B1FB-D431158E6777} [64Bits][\Adobe Flash Player NPAPI Notifier] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [1362432] =>.Adobe Systems Incorporated O38 - TASK: {9E59CEAA-BD4F-4B5D-9A20-538A97A4AED9} [64Bits][\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network] - (.Microsoft Corporation - Service Control Manager Configuration Tool.) -- C:\Windows\System32\sc.exe [67584] =>.Microsoft Corporation O38 - TASK: {9FCD1789-CF04-423B-87B2-E3B4EA209AD9} [64Bits][\GoogleUpdateTaskMachineCore] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc. O38 - TASK: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} [64Bits][\Microsoft\Windows\Bluetooth\UninstallDeviceTask] - (.Microsoft Corporation - Bluetooth Uninstall Device Task.) -- C:\Windows\System32\BthUdTask.exe [37376] =>.Microsoft Corporation O38 - TASK: {A44A1624-C719-4A46-8833-AA65471469C9} [64Bits][\Microsoft\Windows\SystemRestore\SR] - (.Microsoft Corporation - Microsoft® Windows System Protection backgr.) -- C:\windows\system32\srtasks.exe [57344] =>.Microsoft Corporation O38 - TASK: {A693A6E9-FB8C-46CA-932B-88DC7684BE1C} [64Bits][\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange] - (.Microsoft Corporation - Base Filtering Engine.) -- C:\Windows\System32\bfe.dll [827392] =>.Microsoft Corporation O38 - TASK: {AAA89DAF-1B4F-447D-AF21-7F0559AC9962} [64Bits][\Microsoft\Windows\Windows Media Sharing\UpdateLibrary] - (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\wmpnscfg.exe [68608] =>.Microsoft Corporation O38 - TASK: {ACE9E28E-C9C4-4592-8B0B-DC486C214C70} [64Bits][\Lenovo\Lenovo Settings Power] - (.Lenovo Group Limited - Lenovo Settings Power - Background Monitor.) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6377712] =>.Lenovo Group Limited O38 - TASK: {AEB4C58B-DFF5-4AB1-A895-E6DBA524CCD5} [64Bits][\Lenovo\Dependency Package Auto Update] - (.Lenovo - AutoUpdate.) -- C:\Program Files\Lenovo\iMController\AutoUpdate.exe [78808] =>.Lenovo O38 - TASK: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} [64Bits][\Microsoft\Windows\UPnP\UPnPHostConfig] - (.Microsoft Corporation - Service Control Manager Configuration Tool.) -- C:\Windows\System32\sc.exe [67584] =>.Microsoft Corporation O38 - TASK: {BC537794-54F5-4702-8CEB-06F584ECD24A} [64Bits][\Microsoft\Windows\SpacePort\SpaceAgentTask] - (.Microsoft Corporation - Storage Spaces Settings.) -- C:\windows\system32\SpaceAgent.exe [103936] =>.Microsoft Corporation O38 - TASK: {BDD77979-338A-4369-A837-2C5076E5A814} [64Bits][\Microsoft Office 15 Sync Maintenance for RICOH-EUROPE-michael.vervecken BEVIL01L118665.ad.eu.rf-group.org] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE [448704] =>.Microsoft Corporation O38 - TASK: {C2599556-050C-48B7-98E3-CD224A313FE3} [64Bits][\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck] - (.Microsoft Corporation - AppID Certificate Store Verification Task.) -- C:\windows\system32\appidcertstorecheck.exe [16896] =>.Microsoft Corporation O38 - TASK: {C915408F-9A90-40D1-BD38-46EBCDC5CB33} [64Bits][\Lenovo\Lenovo Customer Feedback Program 64] - (.Lenovo - Lenovo.TVT.CustomerFeedback.Agent.) -- C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17152] =>.Lenovo O38 - TASK: {CA539883-6F6A-4A5B-A23C-5E24C8A2B90E} [64Bits][\Adobe Flash Player Updater] - (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 29.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] =>.Adobe Systems Incorporated O38 - TASK: {CBD3EF37-0E38-431A-A6E8-607C56893A63} [64Bits][\Microsoft\Windows\MUI\LPRemove] - (.Microsoft Corporation - MUI Language pack cleanup.) -- C:\windows\system32\lpremove.exe [67584] =>.Microsoft Corporation O38 - TASK: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} [64Bits][\Microsoft\Windows\Location\Notifications] - (.Microsoft Corporation - Location Activity.) -- C:\Windows\System32\LocationNotifications.exe [86528] =>.Microsoft Corporation O38 - TASK: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} [64Bits][\Microsoft\Windows\WS\License Validation] - (.Microsoft Corporation - Windows Store Licensing Client.) -- C:\Windows\System32\WSClient.dll [196096] =>.Microsoft Corporation O38 - TASK: {DA2F33D9-CC76-44E4-BFEC-BE2553BEE0C9} [64Bits][\Microsoft\Office\OfficeTelemetryAgentLogOn] - (.Microsoft Corporation - Office Telemetry Agent.) -- C:\Program Files\Microsoft Office\Office15\msoia.exe [376496] =>.Microsoft Corporation O38 - TASK: {E075AC73-7FC0-4ACD-9F28-DD590C391C1C} [64Bits][\Microsoft\Windows\Windows Error Reporting\QueueReporting] - (.Microsoft Corporation - Windows Problem Reporting.) -- C:\Windows\System32\wermgr.exe [139984] =>.Microsoft Corporation O38 - TASK: {E15734AF-75CF-41BE-92C9-9357FD1A8BF0} [64Bits][\Synaptics TouchPad Enhancements] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608] =>.Synaptics Incorporated O38 - TASK: {EA74B20B-E591-4F35-B227-D9EC33DE341B} [64Bits][\RtHDVBg_LENOVO_MICPKEY] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744] =>.Realtek Semiconductor O38 - TASK: {EDCAD10E-42B8-45F3-AAEF-DE86F7373643} [64Bits][\Microsoft\Windows\Time Synchronization\SynchronizeTime] - (.Microsoft Corporation - Service Control Manager Configuration Tool.) -- C:\Windows\System32\sc.exe [67584] =>.Microsoft Corporation O38 - TASK: {EDF7F03A-2B9D-4AA5-8E3E-E90969FB076C} [64Bits][\Adobe Acrobat Update Task] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256] =>.Adobe Systems Incorporated O38 - TASK: {F07B95BC-D0B6-4AEB-BC04-A2749C986C3D} [64Bits][\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector] - (.Microsoft Corporation - Windows Disk Failure Diagnostic Module.) -- C:\Windows\System32\dfdts.dll [44544] =>.Microsoft Corporation O38 - TASK: {FEC0D13A-D5E8-4501-9A6A-36CB2A095F4E} [64Bits][\WLANSwitch] - (.RICOH-EUROPE\L1.Patrick.Mualaba - .) -- C:\WLANswitch\netswitch.bat [67] C:\windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - (.Microsoft Corporation.) -- C:\windows\System32\wpcmon.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy - (.Microsoft Corporation.) -- C:\Windows\System32\acproxy.dll [acproxy.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - (.Microsoft Corporation.) -- C:\Windows\System32\WSClient.dll [WSClient.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - (.Microsoft Corporation.) -- C:\Windows\System32\aepdu.dll [aepdu.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - (.Microsoft Corporation.) -- C:\Windows\System32\sysmain.dll [sysmain.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office15\msoia.exe [scan upload mininterval:2880] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - (.Microsoft Corporation.) -- C:\windows\System32\wsqmcons.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\LANDESK Agent Health Bootstrap Task - (.Ivanti.) -- C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [14400 "vulscan.exe] C:\windows\System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - (.Microsoft Corporation.) -- C:\windows\system32\tzsync.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [/ua] =>.Google Inc. C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [-check pepperplugin] =>.Adobe Systems Incorporated C:\windows\System32\Tasks\RTKCPL - (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [-s] =>.Realtek Semiconductor C:\windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - (.Microsoft Corporation.) -- C:\windows\system32\DFDWiz.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - (.Microsoft Corporation.) -- C:\Windows\System32\sc.exe [wuauserv] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - (.Microsoft Corporation.) -- C:\Windows\System32\cleanmgr.exe [/autoclean] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag - (.Microsoft Corp..) -- C:\windows\system32\defrag.exe [-c -h -o -$] =>.Microsoft Corp. C:\windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask - (.Microsoft Corporation.) -- C:\Windows\System32\Startupscan.dll [Startupscan.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - (.Microsoft Corporation.) -- C:\Windows\System32\drvinst.exe [6] =>.Microsoft Corporation C:\windows\System32\Tasks\RtHDVBg_Dolby - (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [/FORPCEE4] =>.Realtek Semiconductor C:\windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat - (.Microsoft Office.) -- C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (.not file.) [] (.Orphan.) =>.SUP.Orphan C:\windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - (.Microsoft Corporation.) -- C:\Windows\System32\Windows.Storage.ApplicationData.dll [Windows.Storage.ApplicationData.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter - (.Microsoft Corporation.) -- C:\windows\system32\appidpolicyconverter.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - (.Microsoft Corporation.) -- C:\Windows\System32\raserver.exe [/offerraupdate] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - (.Microsoft Corporation.) -- C:\windows\System32\MbaeParserTask.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - (.Microsoft Corporation.) -- C:\Windows\System32\AppxDeploymentClient.dll [C:\Windows\System32\AppxDeploymentClient.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [-check plugin] =>.Adobe Systems Incorporated C:\windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - (.Microsoft Corporation.) -- C:\Windows\System32\sc.exe [wuauserv] =>.Microsoft Corporation C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [/c] =>.Google Inc. C:\windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - (.Microsoft Corporation.) -- C:\Windows\System32\BthUdTask.exe [$(Arg0)] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR - (.Microsoft Corporation.) -- C:\windows\system32\srtasks.exe [ExecuteScheduledSPPCreation] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - (.Microsoft Corporation.) -- C:\Windows\System32\bfe.dll [bfe.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmpnscfg.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Lenovo\Lenovo Settings Power - (.Lenovo Group Limited.) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL] =>.Lenovo Group Limited C:\windows\System32\Tasks\Lenovo\Dependency Package Auto Update - (.Lenovo.) -- C:\Program Files\Lenovo\iMController\AutoUpdate.exe [] =>.Lenovo C:\windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig - (.Microsoft Corporation.) -- C:\Windows\System32\sc.exe [config upnphost start= auto] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - (.Microsoft Corporation.) -- C:\windows\system32\SpaceAgent.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RICOH-EUROPE-michael.vervecken BEVIL01L118665.ad.eu.rf-group.org - (.Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - (.Microsoft Corporation.) -- C:\windows\system32\appidcertstorecheck.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 - (.Lenovo.) -- C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [] =>.Lenovo C:\windows\System32\Tasks\Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] =>.Adobe Systems Incorporated C:\windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove - (.Microsoft Corporation.) -- C:\windows\system32\lpremove.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Location\Notifications - (.Microsoft Corporation.) -- C:\Windows\System32\LocationNotifications.exe [] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\WS\License Validation - (.Microsoft Corporation.) -- C:\Windows\System32\WSClient.dll [WSClient.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office15\msoia.exe [scan upload] =>.Microsoft Corporation C:\windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - (.Microsoft Corporation.) -- C:\Windows\System32\wermgr.exe [-queuereporting] =>.Microsoft Corporation C:\windows\System32\Tasks\Synaptics TouchPad Enhancements - (.Synaptics Incorporated.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [] =>.Synaptics Incorporated C:\windows\System32\Tasks\RtHDVBg_LENOVO_MICPKEY - (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [/LENOVO_MICPKEY] =>.Realtek Semiconductor C:\windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - (.Microsoft Corporation.) -- C:\Windows\System32\sc.exe [w32time task_ed] =>.Microsoft Corporation C:\windows\System32\Tasks\Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [] =>.Adobe Systems Incorporated C:\windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - (.Microsoft Corporation.) -- C:\Windows\System32\dfdts.dll [dfdts.dll] =>.Microsoft Corporation C:\windows\System32\Tasks\WLANSwitch - (.RICOH-EUROPE\L1.Patrick.Mualaba.) -- C:\WLANswitch\netswitch.bat [] ---\\ Auto loading programs from Registry and folders (14) - 1s O4 - HKLM\..\Run: [LnvMobHotspotClient] . (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe =>.LENOVO® O4 - HKLM\..\Run: [LenovoOptMouseUpdate] . (.Lenovo Group Limited - External Application Support for Optical Mo.) -- C:\Program Files\Lenovo\HOTKEY\extapsup.exe =>.LENOVO® O4 - HKLM\..\Run: [LMCSSTART1] . (.Lenovo Corporation - Lenovo® Multimedia and Communications Frame.) -- C:\Windows\SysWOW64\lmcfrundll.exe =>.LENOVO® O4 - HKLM\..\Run: [LMCSSTART2] . (.Lenovo Corporation - Lenovo® Multimedia and Communications Frame.) -- C:\Windows\SysWOW64\lmcfrundll.exe =>.LENOVO® O4 - HKLM\..\Run: [LMCSSTART3] . (.Lenovo Corporation - Lenovo® Multimedia and Communications Frame.) -- C:\Windows\SysWOW64\lmcfrundll.exe =>.LENOVO® O4 - HKLM\..\Run: [Ivanti Endpoint Security] . (.Ivanti - EPSUI.) -- C:\Program Files (x86)\LANDesk\LDClient\HIPS\EPSUI.exe {212334F89B3268D4507E241B3B853644} O4 - HKCU\..\Run: [Chatango] . (. - .) -- C:\Program Files (x86)\Chatango\Chatango.exe (.Not File.) =>.SUP.Orphan O4 - HKLM\..\Wow6432Node\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] . (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- c:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe =>.Cisco Systems, Inc.® O4 - HKLM\..\Wow6432Node\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe =>.Trend Micro, Inc.® O4 - HKLM\..\Wow6432Node\Run: [ProductUpdater] . (. - ProductUpdater.) -- C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe =>.INTERNET PROJECT LLC® O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (. - .) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.Not File.) =>.SUP.Orphan O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] . (. - .) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (.Not File.) =>.SUP.Orphan O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] . (. - .) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (.Not File.) =>.SUP.Orphan O4 - HKUS\S-1-5-21-3829815512-2678597626-704828700-263016\..\Run: [Chatango] . (. - .) -- C:\Program Files (x86)\Chatango\Chatango.exe (.Not File.) =>.SUP.Orphan ---\\ Process running (56) - 4s [MD5.00000000000000000000000000000000] - (.Lenovo. - Lenovo Power Management Service.) -- C:\windows\system32\ibmpmsvc.exe [0] [PID.996] =>.Lenovo. [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxCUIService Module.) -- C:\windows\system32\igfxCUIService.exe [0] [PID.668] =>.Intel Corporation [MD5.EFEC0329BA1A8C87DF4E8C45990C0A4D] - (.Ivanti - Ivanti Endpoint Security.) -- C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.EXE [2827296] [PID.1132] {212334F89B3268D4507E241B3B853644} [MD5.0BD37CBF66CF79F43A68F7ADEDD6769D] - (.Cisco Systems, Inc. - VPN Agent Service.) -- c:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563088] [PID.1412] =>.Cisco Systems, Inc.® [MD5.E32E7DA3F62676F2243ED0691C812390] - (.IBM Corp - IBM Notes/Domino.) -- c:\Program Files (x86)\IBM\Notes\nslsvice.exe [57448] [PID.1800] =>.International Business Machines Corporation® [MD5.70502DE460D4AE53D0BC76C3B0B98BCE] - (.Lenovo Corporation - Lenovo® Multimedia and Comm Subsystem Contr.) -- C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584] [PID.1808] =>.LENOVO® [MD5.ADC1DF8C1084143C436FC2E2A4E37E74] - (.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [197632] [PID.1508] [MD5.03ACC12A5F3FF280F11E4F7E2FB95365] - (.IBM - wnsd.) -- c:\Program Files (x86)\IBM\Notes\nsd.exe [5167896] [PID.2232] {57F3E829B9A05AD51933E9B624226ECF} =>.IBM [MD5.41D7FB8705F2333DCB8FB9F02F644031] - (.Copyright CANON INC. 2006-2017 - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe [391744] [PID.2408] =>.Canon Inc.® [MD5.508445BDFD6AB51030C3D82C101CC52F] - (.Ivanti - LocalSch.) -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [386240] [PID.2552] {212334F89B3268D4507E241B3B853644} [MD5.7C234B88F1F1E5FFAF5A701148C095E8] - (.LANDesk Software Ltd. - CBA -- Ping Discovery Service.) -- C:\Windows\SysWOW64\cba\pds.exe [32825] [PID.2608] [MD5.D2D5F1CFAFC1D4DEC5333CE27221F426] - (.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1757112] [PID.2676] {212334F89B3268D4507E241B3B853644} [MD5.584C68F54C2489E10AF0046A769CAFC9] - (.Ivanti - collector Application.) -- C:\Program Files (x86)\LANDesk\LDClient\collector.exe [412632] [PID.2732] {212334F89B3268D4507E241B3B853644} [MD5.ED3054CF49ACBEBE758C927456CB574E] - (.Ivanti - Targeted Multicast Client Service Executabl.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [360928] [PID.2744] {212334F89B3268D4507E241B3B853644} [MD5.F1E4002541DC3FF409CFF8DA653E3504] - (.Lenovo Group Limited - Lenovo Settings Service.) -- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472] [PID.2924] =>.LENOVO® [MD5.4DC782F7AE5774BA202DB1193D44D09F] - (.LENOVO INCORPORATED. - Lenovo System Agent Service.) -- C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664] [PID.2956] =>.LENOVO® [MD5.F006F98049A534B2A96D6C8632EF6E64] - (.IBM Corp - IBM Notes/Domino.) -- c:\Program Files (x86)\IBM\Notes\SUService.exe [1654376] [PID.2976] =>.International Business Machines Corporation® [MD5.18934A81F826342B03CA7DA7573A88DB] - (.Trend Micro Inc. - Trend Micro Common Client Real-time Scan Se.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe [7573944] [PID.3060] =>.Trend Micro, Inc.® [MD5.720AB8E8862B2178036D437D9CA6BA47] - (.Ivanti - LANDESK Software Monitor.) -- C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe [828432] [PID.2528] {212334F89B3268D4507E241B3B853644} [MD5.5A64A68A18C35007614B432BA9573E22] - (.TeamViewer GmbH - TeamViewer 13.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264] [PID.3128] =>.TeamViewer GmbH® [MD5.3FD04DDC522DD031A3CB53D555B1C9CA] - (.Trend Micro Inc. - Trend Micro Common Client Communication Ser.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe [5627016] [PID.3392] =>.Trend Micro, Inc.® [MD5.D6265A9008DC7B6411ACBAEB7CA26F75] - (.Lenovo Group Limited - ThinkPad Message Client Loader.) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe [126408] [PID.3620] =>.LENOVO® [MD5.521ADEA6D54C519EA3BE8202FF3EC36D] - (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe [111560] [PID.3684] =>.LENOVO® [MD5.96C4DFC0C823B41D714F2D2726DBAE53] - (.Ivanti - Launches or Stops Self Elected services bas.) -- C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe [350688] [PID.4592] {212334F89B3268D4507E241B3B853644} [MD5.15396D3B6AEABAB8B02412615A90CF50] - (.Trend Micro Inc. - Manages the Trend Micro unauthorized change.) -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [482816] [PID.5008] =>.Trend Micro, Inc.® [MD5.00000000000000000000000000000000] - (.Trend Micro Inc. - Trend Micro Data Protection Service.) -- C:\windows\system32\dgagent\DSAGENT.exe [0] [PID.4884] =>.Trend Micro Inc. [MD5.1EEF28EA8456164BE5A51A4D41FE2FAE] - (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Servi.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe [534504] [PID.5220] =>.Trend Micro, Inc.® [MD5.9973562540525D0FC97EF2ECE4405E99] - (.Trend Micro Inc. - Trend Micro Common Client Solution Framewor.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [1501944] [PID.2336] =>.Trend Micro, Inc.® [MD5.2C756AFCEA605EED6731589F34EF2D84] - (. - Location Task Manager.) -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720] [PID.5920] =>.LENOVO® [MD5.4F7E9F56019E5E4369BFFB63D21F3D5E] - (.Ivanti - Resident Agent Proxy Host.) -- C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe [450560] [PID.2324] [MD5.FA9A5B84900443A1309FE62F92C8A228] - (.Lenovo - Lenovo Settings Power Service.) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [1668848] [PID.3436] =>.LENOVO® [MD5.4F7E9F56019E5E4369BFFB63D21F3D5E] - (.Ivanti - Resident Agent Proxy Host.) -- C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe [450560] [PID.6688] [MD5.C523F0D240BEFB373AFE154F9198243A] - (.Lenovo Corporation - Lenovo® Multimedia and Comm Subsystem Audio.) -- C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe [452552] [PID.5924] =>.LENOVO® [MD5.3272A8D665B8422DA52B1BF3EFFE88C6] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608] [PID.6932] =>.Synaptics Incorporated® [MD5.3D06D97D30AC010D3A66F2EF5DE9C660] - (. - Location Task Manager LPD Access Agent.) -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe [13528] [PID.6724] =>.LENOVO® [MD5.0582C7915A7E84E385F34727656EAA9E] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe [210328] [PID.6376] =>.LENOVO® [MD5.9ED29218035B4551A1505B2FB621D89C] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\tposd.exe [528328] [PID.6640] =>.LENOVO® [MD5.B7E386AE2E2EA6162E8CE82E6F7526C8] - (.Lenovo Group Limited - ThinkPad Message Receiver for Shortcut Hot.) -- C:\Program Files\Lenovo\HOTKEY\shtctky.exe [140232] [PID.6568] =>.LENOVO® [MD5.0A989EEE70D1BABB9BCAA20552B6226D] - (.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe [474616] [PID.5940] {212334F89B3268D4507E241B3B853644} [MD5.18E119886ADDA39DEFFBAE8D423CD0CF] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [199408] [PID.5460] =>.Synaptics Incorporated® [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxEM Module.) -- C:\windows\system32\igfxEM.exe [0] [PID.2068] =>.Intel Corporation [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxHK Module.) -- C:\windows\system32\igfxHK.exe [0] [PID.7332] =>.Intel Corporation [MD5.00000000000000000000000000000000] - (.Trend Micro Inc. - Trend Micro Data Protection Application.) -- C:\windows\system32\ShowMsg.exe [0] [PID.7232] =>.Trend Micro Inc. [MD5.91145D3A842A0D6A63F935E5A202CA0D] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [202992] [PID.184] =>.Synaptics Incorporated® [MD5.75940069DDA2F1274DE2F5363564EA6C] - (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928] [PID.7648] =>.LENOVO® [MD5.B5E03509A21AD45802DBBD4936BE51E4] - (.Ivanti - EPSUI.) -- C:\Program Files (x86)\LANDesk\LDClient\HIPS\EPSUI.exe [685312] [PID.2160] {212334F89B3268D4507E241B3B853644} [MD5.285BE164DFA11842BE384E2EE4AE8A71] - (.Trend Micro Inc. - Trend Micro OfficeScan.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe [3384616] [PID.4424] =>.Trend Micro, Inc.® [MD5.2EFD6AD223D2650B9B822374EE311CCA] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744] [PID.6396] =>.Realtek Semiconductor Corp® [MD5.2EFD6AD223D2650B9B822374EE311CCA] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744] [PID.4536] =>.Realtek Semiconductor Corp® [MD5.37C6C318D6AFAFA2EBA99820EDF21DA6] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032] [PID.8044] =>.Realtek Semiconductor Corp® [MD5.D3204566260846631F8479F968239B08] - (.Lenovo Corporation - Lenovo® Multimedia and Comm Subsystem Nativ.) -- C:\Program Files\Lenovo\Communications Utility\tpknrres.exe [521672] [PID.8100] =>.LENOVO® [MD5.9CE8064B2602D5E5E7B82A1DA49A935A] - (.Ivanti - LANDESK Agent Health Bootstrap.) -- C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [258728] [PID.7420] {212334F89B3268D4507E241B3B853644} [MD5.4F7E9F56019E5E4369BFFB63D21F3D5E] - (.Ivanti - Resident Agent Proxy Host.) -- C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe [450560] [PID.6500] [MD5.4F7E9F56019E5E4369BFFB63D21F3D5E] - (.Ivanti - Resident Agent Proxy Host.) -- C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe [450560] [PID.9164] [MD5.D0E4106D502F94B0F2B5210695480809] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [1358840] [PID.2148] =>.Microsoft Windows Third Party Application Component® [MD5.215DC00F6C58816AD8D3192400605D6F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\michael.vervecken\Desktop\ZHPDiag3.exe [3037056] [PID.8024] =>.Nicolas Coolman ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 1s P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll =>.Adobe Systems Incorporated ---\\ Internet Explorer Extensions, Start, Search (16) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be =>.Google Inc. R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = http://tools.ricoh.be/ R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R3 - URLSearchHook: (no name)[HKCU] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (11.00.9600.18666 (winblue_ltsb.170415-2040)) -- C:\Windows\System32\ieframe.dll =>.Microsoft Corporation ---\\ Internet Explorer, Proxy Management (8) - 0s R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 =>.Default.Value R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 =>.Default.Value R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 =>.Default.Value R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 =>.Default.Value R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings,ProxySettingsPerUser = 1 =>.Default.Value R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [http://pac.risenet.eu/] R5 - HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings,ProxySettingsPerUser = 1 =>.Default.Value ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: Shell=C:\windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: VMApplet=C:\windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (27) ---\\ Browser Helper Object (BHO) (1) - 0s O2 - BHO: Microsoft SkyDrive Pro Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation® ---\\ Global shortcuts Startup (42) - 4s O4 - GS\Desktop [cba_anonymous]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\michael.vervecken\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [cba_anonymous]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [cba_anonymous]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [cba_anonymous]: IBM Notes.lnk . (.IBM Corp - IBM Notes/Domino.) C:\Program Files (x86)\IBM\Notes\notes.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM Corp O4 - GS\TaskBar [cba_anonymous]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O4 - GS\TaskBar [cba_anonymous]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation O4 - GS\Desktop [executive1]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\michael.vervecken\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [executive1]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [executive1]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [executive1]: IBM Notes.lnk . (.IBM Corp - IBM Notes/Domino.) C:\Program Files (x86)\IBM\Notes\notes.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM Corp O4 - GS\TaskBar [executive1]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O4 - GS\TaskBar [executive1]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\michael.vervecken\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Guest]: IBM Notes.lnk . (.IBM Corp - IBM Notes/Domino.) C:\Program Files (x86)\IBM\Notes\notes.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM Corp O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O4 - GS\TaskBar [Guest]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation O4 - GS\CommonDesktop [Public]: IBM Notes.lnk . (.IBM Corp - IBM Notes/Domino.) C:\Program Files (x86)\IBM\Notes\notes.exe {57F3E829B9A05AD51933E9B624226ECF} =>.IBM Corp O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\windows\system32\calc.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\windows\system32\mspaint.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\windows\system32\mstsc.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\windows\system32\SoundRecorder.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\windows\system32\psr.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\windows\system32\StikyNot.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\windows\system32\xpsrchvw.exe =>.Microsoft Corporation O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\windows\system32\charmap.exe =>.Microsoft Corporation O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC O4 - GS\ProgramsCommon [Public]: Camera.lnk . (.Microsoft Corporation - Camera.) C:\windows\Camera\Camera.exe =>.Microsoft Windows® O4 - GS\ProgramsCommon [Public]: FileManager.lnk . (.Microsoft Corporation - OneDrive.) C:\windows\FileManager\FileManager.exe =>.Microsoft Windows® O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\windows\System32\Control.exe =>.Microsoft Corporation O4 - GS\ProgramsCommon [Public]: Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk . (.Microsoft Corporation - Mouse and Keyboard Control Panel Applets.) C:\Windows\System32\main.cpl =>.Microsoft Corporation O4 - GS\ProgramsCommon [Public]: PhotosApp.lnk . (.Microsoft Corporation - Photos.) C:\windows\FileManager\PhotosApp.exe =>.Microsoft Windows® O4 - GS\ProgramsCommon [Public]: Search.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\windows\system32\rundll32.exe -sta {C90FB8CA-3295-4462-A721-2935E83694BA} =>..Microsoft Corporation O4 - GS\ProgramsCommon [Public]: TeamViewer 13.lnk . (.TeamViewer GmbH - TeamViewer 13.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe =>.TeamViewer GmbH® O4 - GS\ProgramsCommon [Public]: Windows Store.lnk . (...) C:\windows\WinStore\WinStore.htm =>.Microsoft Corporation ---\\ Lop.com/Domain Hijackers (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.eu.rf-group.org O17 - HKLM\System\CCS\Services\Tcpip\..\{B2DC3FA1-5348-4E86-9DC5-292DF3170B92}: DhcpNameServer = 62.197.111.140 109.88.203.3 =>.VOO O17 - HKLM\System\CCS\Services\Tcpip\..\{230175E7-83A3-4A11-A2CC-31E3567CEFA2}: Domain = ad.eu.rf-group.org ---\\ Extra protocols (18) - 1s O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation® ---\\ Software installed (70) - 12s O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>BitTorrent (P2P) O42 - Logiciel: 4K Video Downloader 4.3 - (.Open Media LLC.) [HKLM][64Bits] -- {D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F} =>.Open Media LLC O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Flash Player 29 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Adobe Flash Player 29 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824265200} =>.Adobe Systems Incorporated O42 - Logiciel: Canon Inkjet Printer/Scanner/Télécopieur Extended Survey Program - (.Canon Inc..) [HKLM][64Bits] -- CANONIJPLM100 =>.Canon Inc.® O42 - Logiciel: Canon My Image Garden - (.Canon Inc..) [HKLM][64Bits] -- Canon My Image Garden =>.Canon Inc.® O42 - Logiciel: Canon My Image Garden Design Files - (.Canon Inc..) [HKLM][64Bits] -- Canon My Image Garden Design Files =>.Canon Inc.® O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM][64Bits] -- Cisco AnyConnect Secure Mobility Client =>.Cisco Systems, Inc.® O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {F4BEF9A0-66D3-4C3C-BB0A-9726F8EE7452} =>.Cisco Systems, Inc. O42 - Logiciel: Cisco AnyConnect Start Before Login Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {5FE240B4-A41C-45FA-96BD-85DC77846FE2} =>.Cisco Systems, Inc. O42 - Logiciel: CyberGhost 6 - (.CyberGhost S.R.L..) [HKLM][64Bits] -- CyberGhost 6_is1 =>.CyberGhost SRL® O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {1D2682EA-75DD-44B6-BF2D-CD3C49EAD012} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {3117B53D-A409-4D99-A0DE-11A1A40696FA} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {4430150F-61B3-4142-BE04-EAC68C8DDA18} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {4ABFEC28-1554-493D-A84D-BEA21D8E6D6F} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {503B47A9-E34A-4841-ADD7-417191D5DB5E} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {546FF45D-2467-4950-AAFB-0A06ACBB6B2C} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {5B2190E9-199D-450A-94B3-4D6826C770C2} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {5BEFE1E1-F597-4B79-913B-15FFDB25B744} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {63DE35C9-B080-4D03-B110-99E14FD35BCE} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {65316098-0220-4D5C-B37A-6136083A0897} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Group Limited.) [HKLM][64Bits] -- {E966DBE4-5075-465E-BA81-BC9A3A3204B3} =>.Lenovo Group Limited O42 - Logiciel: Dependency Package Update - (.Lenovo Inc..) [HKLM][64Bits] -- {0788641D-D31A-478D-BB34-C41564AE9F93} =>.Lenovo Inc. O42 - Logiciel: Dependency Package Update - (.Lenovo Inc..) [HKLM][64Bits] -- {5252431C-288E-409D-ADCF-24407E0E6F70} =>.Lenovo Inc. O42 - Logiciel: Dependency Package Update - (.Lenovo Inc..) [HKLM][64Bits] -- {FFED38DF-94DC-4FF9-96C1-A6990EDA6B03} =>.Lenovo Inc. O42 - Logiciel: Freemake Video Converter version 4.1.10 - (.Ellora Assets Corporation.) [HKLM][64Bits] -- Freemake Video Converter_is1 =>.Ellora Assets Corporation O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc® O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc. O42 - Logiciel: IBM Notes 9.0.1 Social Edition - (.IBM.) [HKLM][64Bits] -- {FFEBEBC7-7761-4D1F-9C7C-562EA3752590} =>.IBM O42 - Logiciel: ISMS Addin for MS Office v1.4.0 - (.Ricoh Nederland.) [HKLM][64Bits] -- {76782734-9547-47BF-B8B7-9526E3F11926} O42 - Logiciel: LANDESK Advance Agent - (.LANDesk Software.) [HKLM][64Bits] -- {2FE36289-00E7-417F-8669-BAF0F826179E} O42 - Logiciel: LANDESK Advance Agent - (.LANDesk Software.) [HKLM][64Bits] -- {7E8833A1-AF24-4CAE-82DF-CFE14C14B94D} O42 - Logiciel: LANDESK Advance Agent - (.LANDesk Software.) [HKLM][64Bits] -- {F94C8432-A41F-41E8-90B0-A9BEDCEDB9AA} O42 - Logiciel: LANDesk(R) Common Base Agent 8 - (.LANDesk Software, Ltd.) [HKLM][64Bits] -- {45734758-4041-4EA8-8E62-DE661FC3879C} O42 - Logiciel: Lenovo Dependency Package - (.Lenovo Group Limited.) [HKLM][64Bits] -- Lenovo Dependency Package_is1 =>.Lenovo Group Limited O42 - Logiciel: Lenovo HID HW Radio Driver 1.0.0.58 - (.Lenovo.) [HKLM][64Bits] -- {E5325F32-D15A-4131-B029-4A5B7609E532}_is1 =>.Lenovo O42 - Logiciel: Lenovo Multimedia and Communications Core Runtime - (.Lenovo Corporation.) [HKLM][64Bits] -- {033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1 =>.Lenovo Corporation O42 - Logiciel: Lenovo On Screen Display - (.Lenovo.) [HKLM][64Bits] -- OnScreenDisplay =>.Lenovo O42 - Logiciel: Lenovo Patch Utility - (.Lenovo Group Limited.) [HKLM][64Bits] -- {E8F27ADF-B1ED-41AF-A7EF-D5E71778480C} =>.Lenovo Group Limited O42 - Logiciel: Lenovo Patch Utility 64 bit - (.Lenovo Group Limited.) [HKLM][64Bits] -- {49A09C2C-FFF4-478E-B397-5E0979F67F5D} =>.Lenovo Group Limited O42 - Logiciel: Lenovo Power Management Driver - (.Lenovo Group Limited.) [HKLM][64Bits] -- Power Management Driver =>.Lenovo Group Limited O42 - Logiciel: Lenovo Settings - Camera Audio - (.Lenovo Corporation.) [HKLM][64Bits] -- {88C6A6D9-324C-46E8-BA87-563D14021442}_is1 =>.Lenovo Corporation O42 - Logiciel: Lenovo Settings - Location Awareness - (.Lenovo Group Limited.) [HKLM][64Bits] -- {C79D4402-E622-4922-9C02-89F9080BF081}_is1 =>.Lenovo Group Limited O42 - Logiciel: Lenovo Settings - Power - (.Lenovo Group Limited.) [HKLM][64Bits] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405} =>.Lenovo Group Limited O42 - Logiciel: Lenovo Settings Dependency Package - (.Lenovo Group Limited.) [HKLM][64Bits] -- {3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1 =>.Lenovo Group Limited O42 - Logiciel: Lenovo Settings Mobile Hotspot - (.Lenovo.) [HKLM][64Bits] -- {42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1 =>.Lenovo O42 - Logiciel: Lenovo Settings Service - (.Lenovo Group Limited.) [HKLM][64Bits] -- {8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1 =>.Lenovo Group Limited O42 - Logiciel: Lenovo Settings UMDF driver - (.Lenovo Group Limited.) [HKLM][64Bits] -- {2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1 =>.Lenovo Group Limited O42 - Logiciel: MediaInfo 17.10 - (.MediaArea.net.) [HKLM][64Bits] -- MediaInfo =>.MediaArea.net O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp® O42 - Logiciel: Ricoh Macro Addin - (.Ricoh Family Group.) [HKLM][64Bits] -- {32F135AB-5114-443D-9FB4-1ADC97D0FB7D} O42 - Logiciel: RICOH_RicohFonts_1_DUT_RIC00122_v1.2.0 - (.RICOH.) [HKLM][64Bits] -- {98F812F9-935A-4F42-BC37-EF3B810343AD} =>.RICOH O42 - Logiciel: Streaming Video Recorder V6.2.1 - (.APOWERSOFT LIMITED.) [HKLM][64Bits] -- {01c39b1f-d465-48ca-9d71-7d5afa53b4eb}_is1 =>.APOWERSOFT LIMITED O42 - Logiciel: TAP-Windows 9.21.2 - (.OpenVPN Technologie.) [HKLM][64Bits] -- TAP-Windows =>.OpenVPN Technologie O42 - Logiciel: TeamViewer 13 - (.TeamViewer.) [HKLM][64Bits] -- TeamViewer =>.TeamViewer GmbH® O42 - Logiciel: ThinkPad UltraNav Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey =>.Synaptics Incorporated O42 - Logiciel: Trend Micro OfficeScan Agent - (.Trend Micro Inc..) [HKLM][64Bits] -- {9E6FC684-EB43-4E85-B092-1D0D34C1BA4A} =>.Trend Micro Inc. O42 - Logiciel: Trend Micro OfficeScan Agent - (.Trend Micro Inc..) [HKLM][64Bits] -- OfficeScanNT =>.Trend Micro, Inc.® O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN O42 - Logiciel: WinRAR 5.50 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH® ---\\ HKCU & HKLM Software Keys (106) - 12s HKLM\SOFTWARE\Adobe =>.Adobe HKLM\SOFTWARE\Apple Inc. =>.Apple Inc. HKLM\SOFTWARE\Canon =>.Canon HKLM\SOFTWARE\Canon_Inc_IC =>.Canon Inc. HKLM\SOFTWARE\Caphyon =>.Caphyon HKLM\SOFTWARE\Cisco =>.Cisco Systems, Inc. HKLM\SOFTWARE\ej-technologies =>.ej-technologies HKLM\SOFTWARE\Freemake =>.Freemake HKLM\SOFTWARE\Google =>.Google HKLM\SOFTWARE\IBM =>.IBM HKLM\SOFTWARE\Intel =>.Intel HKLM\SOFTWARE\JavaSoft =>.JavaSoft HKLM\SOFTWARE\Khronos =>.Khronos HKLM\SOFTWARE\LANDesk HKLM\SOFTWARE\Lenovo =>.Lenovo HKLM\SOFTWARE\Lotus =>.IBM Corporation HKLM\SOFTWARE\Macromedia =>.Macromedia HKLM\SOFTWARE\MOVAVI =>.Movavi HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins HKLM\SOFTWARE\Nuance =>.Nuance HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions HKLM\SOFTWARE\PEPrinter =>.Legitimate HKLM\SOFTWARE\TeamViewer =>.TeamViewer HKLM\SOFTWARE\TrendMicro =>.TrendMicro HKLM\SOFTWARE\VideoLAN =>.VideoLAN HKLM\SOFTWARE\WafCX =>.WafCX HKLM\SOFTWARE\Wondershare =>.Wondershare HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation HKLM\SOFTWARE\WOW6432Node\Adobe =>.Adobe HKLM\SOFTWARE\WOW6432Node\Apple Inc. =>.Apple Inc. HKLM\SOFTWARE\WOW6432Node\Canon =>.Canon HKLM\SOFTWARE\WOW6432Node\Canon_Inc_IC =>.Canon Inc. HKLM\SOFTWARE\WOW6432Node\Caphyon =>.Caphyon HKLM\SOFTWARE\WOW6432Node\Cisco =>.Cisco Systems, Inc. HKLM\SOFTWARE\WOW6432Node\ej-technologies =>.ej-technologies HKLM\SOFTWARE\WOW6432Node\Freemake =>.Freemake HKLM\SOFTWARE\WOW6432Node\Google =>.Google HKLM\SOFTWARE\WOW6432Node\IBM =>.IBM HKLM\SOFTWARE\WOW6432Node\Intel =>.Intel HKLM\SOFTWARE\WOW6432Node\JavaSoft =>.JavaSoft HKLM\SOFTWARE\WOW6432Node\Khronos =>.Khronos HKLM\SOFTWARE\WOW6432Node\LANDesk HKLM\SOFTWARE\WOW6432Node\Lenovo =>.Lenovo HKLM\SOFTWARE\WOW6432Node\Lotus =>.IBM Corporation HKLM\SOFTWARE\WOW6432Node\Macromedia =>.Macromedia HKLM\SOFTWARE\WOW6432Node\MOVAVI =>.Movavi HKLM\SOFTWARE\WOW6432Node\MozillaPlugins =>.MozillaPlugins HKLM\SOFTWARE\WOW6432Node\Nuance =>.Nuance HKLM\SOFTWARE\WOW6432Node\ODBC =>.DB Connectivity Solutions HKLM\SOFTWARE\WOW6432Node\PEPrinter =>.Legitimate HKLM\SOFTWARE\WOW6432Node\TeamViewer =>.TeamViewer HKLM\SOFTWARE\WOW6432Node\TrendMicro =>.TrendMicro HKLM\SOFTWARE\WOW6432Node\VideoLAN =>.VideoLAN HKLM\SOFTWARE\WOW6432Node\WafCX =>.WafCX HKLM\SOFTWARE\WOW6432Node\Wondershare =>.Wondershare HKLM\SOFTWARE\WOW6432Node\RegisteredApplications =>.Microsoft Corporation HKCU\SOFTWARE\4kdownload.com =>.4kdownload.com HKCU\SOFTWARE\Adobe =>.Adobe HKCU\SOFTWARE\Apowersoft =>.Apowersoft HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation HKCU\SOFTWARE\Betternet HKCU\SOFTWARE\BitComet =>.BitComet (P2P) HKCU\SOFTWARE\BitTorrent =>.BitTorrent (P2P) HKCU\SOFTWARE\Canon =>.Canon HKCU\SOFTWARE\Chromium =>.Chromium HKCU\SOFTWARE\Cisco =>.Cisco Systems, Inc. HKCU\SOFTWARE\CyberGhost =>.CyberGhost S.R.L HKCU\SOFTWARE\Dalton HKCU\SOFTWARE\ej-technologies =>.ej-technologies HKCU\SOFTWARE\Famatech =>.Famatech HKCU\SOFTWARE\Freemake =>.Freemake HKCU\SOFTWARE\Garmin =>.Garmin Ltd HKCU\SOFTWARE\Google =>.Google HKCU\SOFTWARE\IBM =>.IBM HKCU\SOFTWARE\Intel =>.Intel HKCU\SOFTWARE\JavaSoft =>.JavaSoft HKCU\SOFTWARE\LANDESK HKCU\SOFTWARE\Lenovo =>.Lenovo HKCU\SOFTWARE\Lotus =>.IBM Corporation HKCU\SOFTWARE\Macromedia =>.Macromedia HKCU\SOFTWARE\Magnet =>.Magnet HKCU\SOFTWARE\MediaArea HKCU\SOFTWARE\Mine =>.Microsoft Corporation HKCU\SOFTWARE\mIRC =>.mIRC Co. Ltd. HKCU\SOFTWARE\MOVAVI =>.Movavi HKCU\SOFTWARE\MunSoft =>.MunSoft HKCU\SOFTWARE\Netscape =>.Netscape HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions HKCU\SOFTWARE\Open Media LLC =>.Open Media LLC HKCU\SOFTWARE\paint.net =>.Rick Brewster HKCU\SOFTWARE\ProtonVPN =>.ProtonVPN AG HKCU\SOFTWARE\QtProject =>.QtProject HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp. HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation HKCU\SOFTWARE\RICOH =>.RICOH HKCU\SOFTWARE\SimonTatham =>.Simon Tatham HKCU\SOFTWARE\Synaptics =>.Synaptics HKCU\SOFTWARE\TeamViewer =>.TeamViewer HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation HKCU\SOFTWARE\VideoLAN =>.VideoLAN HKCU\SOFTWARE\WinRAR =>.WinRAR HKCU\SOFTWARE\WinRAR SFX =>.RarLab HKCU\SOFTWARE\Wondershare =>.Wondershare HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation HKCU\SOFTWARE\ZHP =>.Nicolas Coolman HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation ---\\ Contents of the Common Files folders (218) - 6s O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Attachmate O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation O43 - CFD: 10/11/2017 - [] D -- C:\Program Files\CyberGhost 6 =>.CyberGhost S.R.L O43 - CFD: 10/01/2018 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation O43 - CFD: 14/07/2017 - [] D -- C:\Program Files\FileZilla FTP Client =>.Tim Kosse O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation O43 - CFD: 29/06/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Lenovo =>.Lenovo O43 - CFD: 29/10/2017 - [] D -- C:\Program Files\MediaInfo =>.Jérôme Martinez O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Realtek =>.Realtek O43 - CFD: 29/05/2017 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated® O43 - CFD: 18/11/2017 - [] D -- C:\Program Files\TAP-Windows =>.OpenVPN Technologie O43 - CFD: 22/08/2013 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation O43 - CFD: 29/06/2017 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation O43 - CFD: 24/07/2014 - [] D -- C:\Program Files\Windows Journal =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation O43 - CFD: 29/06/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation O43 - CFD: 31/05/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation O43 - CFD: 25/08/2017 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH® O43 - CFD: 07/11/2017 - [] D -- C:\Program Files (x86)\4KDownload =>.Open Media LLC® O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated® O43 - CFD: 09/11/2017 - [] D -- C:\Program Files (x86)\Apowersoft =>.Apowersoft O43 - CFD: 18/03/2018 - [] D -- C:\Program Files (x86)\Belgium Identity Card =>.Belgium Identity Card O43 - CFD: 04/03/2018 - [] D -- C:\Program Files (x86)\Canon =>.Canon Inc.® O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc. O43 - CFD: 29/01/2018 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation O43 - CFD: 04/11/2017 - [] D -- C:\Program Files (x86)\Freemake =>.Freemake O43 - CFD: 18/03/2018 - [] D -- C:\Program Files (x86)\Google =>.Google Inc® O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\IBM =>.IBM O43 - CFD: 29/05/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield O43 - CFD: 29/06/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation O43 - CFD: 16/08/2017 - [] D -- C:\Program Files (x86)\LANDesk O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Lenovo =>.Lenovo O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\MSECache =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Ricoh Family Group O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Ricoh Nederland O43 - CFD: 17/02/2018 - [] D -- C:\Program Files (x86)\TeamViewer =>.TeamViewer GmbH O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\TempFolder O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\ThinkPad =>.LENOVO® O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Trend Micro =>.Trend Micro O43 - CFD: 10/06/2017 - [] D -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team O43 - CFD: 29/06/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation O43 - CFD: 29/06/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation O43 - CFD: 29/06/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools O43 - CFD: 09/11/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft =>.Apowersoft O43 - CFD: 04/03/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc. O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco =>.Cisco Systems, Inc. O43 - CFD: 09/11/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 =>.CyberGhost S.R.L O43 - CFD: 04/11/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake =>.Freemake O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Applications =>.IBM Corporation O43 - CFD: 16/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ivanti Management O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.Microsoft Corporation O43 - CFD: 17/03/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 14 =>.Movavi O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation O43 - CFD: 18/03/2014 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Agent =>.Trend Micro O43 - CFD: 10/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team O43 - CFD: 25/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR O43 - CFD: 15/06/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe O43 - CFD: 26/11/2017 - [] D -- C:\ProgramData\Apowersoft =>.Apowersoft O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation O43 - CFD: 18/03/2018 - [0] D -- C:\ProgramData\Belgium Identity Card =>.Belgium Identity Card O43 - CFD: 09/11/2017 - [] D -- C:\ProgramData\Betternet O43 - CFD: 04/03/2018 - [] D -- C:\ProgramData\Canon =>.Canon O43 - CFD: 26/11/2017 - [] HD -- C:\ProgramData\CanonBJ =>.Canon Inc. O43 - CFD: 13/03/2018 - [] D -- C:\ProgramData\CanonIJPLM =>.Canon Inc. O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Cisco =>.Cisco Systems, Inc. O43 - CFD: 24/12/2017 - [0] D -- C:\ProgramData\dbg =>.DBG O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation O43 - CFD: 04/11/2017 - [] D -- C:\ProgramData\Freemake =>.Freemake O43 - CFD: 16/03/2018 - [] D -- C:\ProgramData\Garmin =>.Garmin Ltd O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\IBM =>.IBM O43 - CFD: 15/08/2017 - [] D -- C:\ProgramData\LANDesk O43 - CFD: 18/03/2018 - [] D -- C:\ProgramData\LdSec O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Lenovo =>.Lenovo O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Lotus =>.Lotus Development Corporation O43 - CFD: 18/10/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Microsoft Help =>.Microsoft Corporation O43 - CFD: 23/12/2017 - [] D -- C:\ProgramData\Movavi Video Editor 14 =>.Movavi O43 - CFD: 09/06/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle O43 - CFD: 16/03/2018 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation O43 - CFD: 09/11/2017 - [] D -- C:\ProgramData\ProtonVPN O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] HD -- C:\ProgramData\RICOH_DRV =>.Ricoh Company, Ltd O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\ProgramData\Trend Micro =>.Trend Micro O43 - CFD: 07/12/2017 - [] D -- C:\ProgramData\vulScan O43 - CFD: 29/01/2018 - [] D -- C:\ProgramData\Wondershare =>.Wondershare O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer O43 - CFD: 04/11/2017 - [] D -- C:\Program Files (x86)\Common Files\Freemake Shared =>.Ellora Assets Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Lenovo =>.Lenovo O43 - CFD: 16/03/2018 - [] D -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\Adobe =>.Adobe O43 - CFD: 17/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\Apowersoft =>.Apowersoft O43 - CFD: 17/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\Google =>.Google O43 - CFD: 16/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\Macromedia =>.Macromedia O43 - CFD: 18/03/2018 - [] SD -- C:\Users\michael.vervecken\AppData\Roaming\Microsoft =>.Microsoft Corporation O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\Totusoft =>.Totusoft O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\vlc =>.VideoLan Team O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 07/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\4kdownload.com =>.4kdownload.com O43 - CFD: 14/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Adobe =>.Adobe O43 - CFD: 29/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\Local\Application Data =>.Microsoft Corporation O43 - CFD: 06/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\ArchiFacile =>.Jérôme Saynes O43 - CFD: 23/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Audacity =>.Audacity O43 - CFD: 15/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Caphyon =>.Caphyon O43 - CFD: 18/06/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\CEF =>.CEF O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Cisco =>.Cisco Systems, Inc. O43 - CFD: 09/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\CyberGhost =>.CyberGhost S.R.L O43 - CFD: 15/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Diagnostics =>.Microsoft Corporation O43 - CFD: 09/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Downloaded Installations =>.Microsoft Corporation O43 - CFD: 24/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\drmingw O43 - CFD: 15/02/2018 - [0] D -- C:\Users\michael.vervecken\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation O43 - CFD: 30/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr O43 - CFD: 30/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr O43 - CFD: 04/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\FreemakeVideoConverter =>.Freemake O43 - CFD: 10/01/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd O43 - CFD: 30/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Google =>.Google O43 - CFD: 29/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\Local\History =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\IBM =>.IBM O43 - CFD: 09/11/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\IsolatedStorage =>.id Software O43 - CFD: 27/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\JDownloader 2.0 =>.JDownloader O43 - CFD: 27/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\JDownloader v2.0 =>.JDownloader O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\LANDesk O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Lenovo =>.Lenovo O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Microsoft =>.Microsoft Corporation O43 - CFD: 23/09/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Microsoft Help =>.Microsoft Corporation O43 - CFD: 23/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Movavi =>.Movavi O43 - CFD: 08/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Packages =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\panagenda O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Programs =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\RicohMacros O43 - CFD: 07/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\TeamViewer =>.TeamViewer GmbH O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Temp =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\Local\Temporary Internet Files =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\Trend Micro =>.Trend Micro O43 - CFD: 23/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\VideoEditor =>.Oposoft.com O43 - CFD: 27/12/2017 - [] D -- C:\Users\michael.vervecken\AppData\Local\VirtualStore =>.Microsoft Corporation O43 - CFD: 29/01/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\Wondershare =>.Wondershare O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\Local\ZHP =>.Nicolas Coolman O43 - CFD: 29/05/2017 - [0] D -- C:\Users\michael.vervecken\AppData\Local\Programs\Common =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\michael.vervecken\AppData\LocalLow\Adobe =>.Adobe O43 - CFD: 30/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\LocalLow\EmieSiteList =>.Enterprise mode Site List Mgr O43 - CFD: 30/05/2017 - [0] SHD -- C:\Users\michael.vervecken\AppData\LocalLow\EmieUserList =>.Enterprise mode Site List Mgr O43 - CFD: 29/05/2017 - [] SD -- C:\Users\michael.vervecken\AppData\LocalLow\Microsoft =>.Microsoft Corporation O43 - CFD: 03/10/2017 - [] D -- C:\Users\michael.vervecken\AppData\LocalLow\Temp =>.Microsoft Corporation O43 - CFD: 11/03/2018 - [] D -- C:\Users\michael.vervecken\AppData\LocalLow\uTorrent O43 - CFD: 18/03/2018 - [] D -- C:\Users\michael.vervecken\Desktop\F1 O43 - CFD: 04/07/2017 - [] D -- C:\Users\michael.vervecken\Desktop\Liste End date machines O43 - CFD: 09/03/2018 - [] D -- C:\Users\michael.vervecken\Desktop\New folder O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default\AppData\Local\Cisco =>.Cisco Systems, Inc. O43 - CFD: 24/07/2014 - [] SHD -- C:\Users\Default\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr O43 - CFD: 24/07/2014 - [] SHD -- C:\Users\Default\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default\AppData\Local\IBM =>.IBM O43 - CFD: 24/07/2014 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [0] D -- C:\Users\Default\AppData\Local\Microsoft Help =>.Microsoft Corporation O43 - CFD: 24/07/2014 - [] D -- C:\Users\Default\AppData\Local\Packages =>.Microsoft Corporation O43 - CFD: 24/07/2014 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default\AppData\Local\Trend Micro =>.Trend Micro O43 - CFD: 24/07/2014 - [0] D -- C:\Users\Default\AppData\Local\VirtualStore =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default User\AppData\Local\Cisco =>.Cisco Systems, Inc. O43 - CFD: 24/07/2014 - [] SHD -- C:\Users\Default User\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr O43 - CFD: 24/07/2014 - [] SHD -- C:\Users\Default User\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default User\AppData\Local\IBM =>.IBM O43 - CFD: 24/07/2014 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [0] D -- C:\Users\Default User\AppData\Local\Microsoft Help =>.Microsoft Corporation O43 - CFD: 24/07/2014 - [] D -- C:\Users\Default User\AppData\Local\Packages =>.Microsoft Corporation O43 - CFD: 24/07/2014 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation O43 - CFD: 22/08/2013 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] D -- C:\Users\Default User\AppData\Local\Trend Micro =>.Trend Micro O43 - CFD: 24/07/2014 - [0] D -- C:\Users\Default User\AppData\Local\VirtualStore =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [0] -- C:\windows\System32\Config\systemprofile\AppData\Local\Application Data =>.Microsoft Corporation O43 - CFD: 11/01/2018 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\assembly =>.Assembly O43 - CFD: 29/05/2017 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Cisco =>.Cisco Systems, Inc. O43 - CFD: 10/01/2018 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd O43 - CFD: 29/05/2017 - [0] -- C:\windows\System32\Config\systemprofile\AppData\Local\History =>.Microsoft Corporation O43 - CFD: 09/11/2017 - [] D -- C:\windows\System32\Config\systemprofile\AppData\Local\IsolatedStorage =>.id Software O43 - CFD: 15/08/2017 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\LANDESK O43 - CFD: 10/01/2018 - [] D -- C:\windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Programs =>.Microsoft Corporation O43 - CFD: 19/06/2017 - [0] -- C:\windows\System32\Config\systemprofile\AppData\Local\Temp =>.Microsoft Corporation O43 - CFD: 29/05/2017 - [0] -- C:\windows\System32\Config\systemprofile\AppData\Local\Temporary Internet Files =>.Microsoft Corporation O43 - CFD: 10/10/2017 - [] -- C:\windows\System32\Config\systemprofile\AppData\Roaming\Macromedia =>.Macromedia O43 - CFD: 29/05/2017 - [] SD -- C:\windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation ---\\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s O106 - SIOI: [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\windows\System32\cscui.dll =>.Microsoft Corporation ---\\ Search Context Menu Handlers (SCMH) (29) - 3s O108 - CMH1: BriefcaseMenu [64Bits] - {85BBD920-42A0-1069-A2E4-08002B30309D} . (.Microsoft Corporation - Windows Briefcase.) -- C:\Windows\System32\syncui.dll =>.Microsoft Corporation O108 - CMH1: OfficeScan NT [64Bits] - {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} . (.Trend Micro Inc. - libCNTTm Dynamic Link Library.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll =>.Trend Micro, Inc.® O108 - CMH1: Open With [64Bits] - {09799AFB-AD67-11d1-ABCD-00C04FC30936} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH1: Open With EncryptionMenu [64Bits] - {A470F8CF-A1E8-4f65-8335-227475AA5C46} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH1: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation O108 - CMH1: WinRAR [64Bits] - {B41DB860-64E4-11D2-9906-E49FADC173CA} . (.Alexander Roshal - WinRAR shell extension.) -- C:\Program Files\WinRAR\RarExt.dll =>.win.rar GmbH® O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) O108 - CMH1: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - Microsoft (C) Work Folders Shell Extension.) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation O108 - CMH2: OpenContainingFolderMenu [64Bits] - {37ea3a21-7493-4208-a011-7f9ea79ce9f5} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH3: CopyAsPathMenu [64Bits] - {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH3: SendTo [64Bits] - {7BA4C740-9E81-11CF-99D3-00AA004AE837} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH4: EncryptionMenu [64Bits] - {A470F8CF-A1E8-4f65-8335-227475AA5C46} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH4: OfficeScan NT [64Bits] - {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} . (.Trend Micro Inc. - libCNTTm Dynamic Link Library.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll =>.Trend Micro, Inc.® O108 - CMH4: Offline Files [64Bits] - {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} . (.Microsoft Corporation - Client Side Caching UI.) -- C:\windows\System32\cscui.dll =>.Microsoft Corporation O108 - CMH4: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation O108 - CMH4: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - Microsoft (C) Work Folders Shell Extension.) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation O108 - CMH5: igfxDTCM [64Bits] - {9B5F5829-A529-4B12-814A-E81BCB8D93FC} . (.Intel Corporation - igfxDTCM Module.) -- C:\windows\system32\igfxDTCM.dll =>.Intel Corporation O108 - CMH5: New [64Bits] - {D969A300-E7FF-11d0-A93B-00A0C90F2719} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH5: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation O108 - CMH5: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - Microsoft (C) Work Folders Shell Extension.) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation O108 - CMH6: BriefcaseMenu [64Bits] - {85BBD920-42A0-1069-A2E4-08002B30309D} . (.Microsoft Corporation - Windows Briefcase.) -- C:\Windows\System32\syncui.dll =>.Microsoft Corporation O108 - CMH6: Library Location [64Bits] - {3dad6c5d-2167-4cae-9914-f99e41c12cfa} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH6: Offline Files [64Bits] - {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} . (.Microsoft Corporation - Client Side Caching UI.) -- C:\windows\System32\cscui.dll =>.Microsoft Corporation O108 - CMH6: PintoStartScreen [64Bits] - {470C0EBD-5D73-4d58-9CED-E91E22E23282} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows® O108 - CMH6: WinRAR [64Bits] - {B41DB860-64E4-11D2-9906-E49FADC173CA} . (.Alexander Roshal - WinRAR shell extension.) -- C:\Program Files\WinRAR\RarExt.dll =>.win.rar GmbH® O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) O108 - CMH7: EnhancedStorageShell [64Bits] - {2854F705-3548-414C-A113-93E27C808C85} . (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation O108 - CMH7: OfficeScan NT [64Bits] - {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} . (.Trend Micro Inc. - libCNTTm Dynamic Link Library.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll =>.Trend Micro, Inc.® O108 - CMH7: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation ---\\ Image File Execution Options (10) - 1s O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows® O50 - IFEO:C:\Windows\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation O50 - IFEO:C:\windows\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation O50 - IFEO:C:\windows\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation ---\\ System Drivers List (72) - 11s O58 - SDL:2013/08/22 13:43:41 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\windows\System32\drivers\3ware.sys [108896] =>.Microsoft Windows® O58 - SDL:2015/04/20 11:26:00 RA . (.Cisco Systems, Inc. - Cisco AnyConnect Kernel Driver Framework So.) -- C:\windows\System32\drivers\acsock64.sys [112496] =>.Cisco Systems, Inc.® O58 - SDL:2013/08/22 13:43:41 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\windows\System32\drivers\adp80xx.sys [782176] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:41 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\windows\System32\drivers\amdsata.sys [79200] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:41 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\windows\System32\drivers\amdsbs.sys [259424] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:40 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\windows\System32\drivers\amdxata.sys [25952] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:41 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\windows\System32\drivers\arcsas.sys [114016] =>.Microsoft Windows® O58 - SDL:2013/08/13 00:25:46 A . (. - BCM Function 2 Device Driver.) -- C:\windows\System32\drivers\bcmfn2.sys [17624] =>.Broadcom Corporation® O58 - SDL:2014/03/14 17:30:12 A . (.Broadcom Corporation. - Broadcom NFC I2C Driver.) -- C:\windows\System32\drivers\BcmNfcIc.sys [77528] =>.Broadcom Corporation® O58 - SDL:2014/03/14 17:30:12 A . (.Broadcom Corporation. - Broadcom SMBus Controller Driver.) -- C:\windows\System32\drivers\bcmsmbsp.sys [40152] =>.Broadcom Corporation® O58 - SDL:2013/08/22 13:43:41 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\windows\System32\drivers\bxvbda.sys [531296] =>.Microsoft Windows® O58 - SDL:2015/03/24 16:45:24 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\windows\System32\drivers\e1d64x64.sys [394520] =>.Intel Corporation® O58 - SDL:2013/06/18 15:45:26 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\windows\System32\drivers\e1i63x64.sys [460288] =>.Intel Corporation O58 - SDL:2013/08/22 13:43:45 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\windows\System32\drivers\evbda.sys [3357024] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:45 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\windows\System32\drivers\HpSAMD.sys [64352] =>.Microsoft Windows® O58 - SDL:2013/07/30 19:47:35 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\windows\System32\drivers\iaLPSSi_GPIO.sys [24568] =>.Intel Corporation - Software and Firmware Products® O58 - SDL:2013/07/25 20:05:39 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\windows\System32\drivers\iaLPSSi_I2C.sys [99320] =>.Intel Corporation - Software and Firmware Products® O58 - SDL:2013/11/16 05:59:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\windows\System32\drivers\iaStorA.sys [632168] =>.Intel Corporation - Intel® Rapid Storage Technology® O58 - SDL:2013/08/10 01:39:30 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\windows\System32\drivers\iaStorAV.sys [651248] =>.Intel Corporation - Intel® Rapid Storage Technology® O58 - SDL:2013/08/22 13:43:45 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\windows\System32\drivers\iaStorV.sys [412000] =>.Microsoft Windows® O58 - SDL:2013/12/17 18:59:54 A . (.Lenovo. - Lenovo Power Management Driver.) -- C:\windows\System32\drivers\ibmpmdrv.sys [57144] =>.Lenovo(Japan)Ltd.® O58 - SDL:2014/10/27 03:21:38 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\windows\System32\drivers\igdkmd64.sys [3828152] =>.Intel Corporation - pGFX® O58 - SDL:2014/10/27 03:21:32 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\windows\System32\drivers\IntcDAud.sys [454416] =>.Intel Corporation - Client Components Group® O58 - SDL:2014/08/01 21:18:33 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\windows\System32\drivers\intelaud.sys [38296] =>.Intel Wireless Display® O58 - SDL:2013/10/04 20:56:02 A . (.Intel Corporation - Intel Collaborative Processor Performance C.) -- C:\windows\System32\drivers\IntelPcc.sys [77992] =>.Intel(R) Software® O58 - SDL:2013/08/08 11:01:32 A . (.Copyright (C) 2011-2012 - Intel(R) Smart Connect Technology Device Dr.) -- C:\windows\System32\drivers\ISCTD64.sys [46568] =>.Intel(R) Smart Connect software® O58 - SDL:2014/08/01 21:18:33 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\windows\System32\drivers\iwdbus.sys [27032] =>.Intel Wireless Display® O58 - SDL:2017/06/01 09:04:00 A . (.Ivanti - Ivanti Endpoint Security Driver.) -- C:\windows\System32\drivers\LDSecDrv.sys [168552] {04E7F852193763C520A1A94220CD2DF8} =>.Rovi Corporation O58 - SDL:2014/04/07 17:02:04 A . (.Lenovo - Lenovo HID Mini-driver for Hardware Radio S.) -- C:\windows\System32\drivers\LnvHIDHW.sys [29496] =>.Lenovo(Japan)Ltd.® O58 - SDL:2013/08/22 13:43:44 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sas.sys [109408] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sas2.sys [93536] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:44 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sas3.sys [81760] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sss.sys [82784] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\windows\System32\drivers\megasas.sys [56672] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:45 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\windows\System32\drivers\megasr.sys [575840] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:49 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\windows\System32\drivers\mvumis.sys [63840] =>.Microsoft Windows® O58 - SDL:2013/10/21 15:33:30 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\windows\System32\drivers\NETwbw02.sys [3607520] =>.Intel Corporation-Mobile Wireless Group® O58 - SDL:2017/08/03 09:15:58 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\windows\System32\drivers\npf.sys [36600] =>.Riverbed Technology, Inc.® O58 - SDL:2017/03/28 13:15:48 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\windows\System32\drivers\npf64.sys [36600] =>.Riverbed Technology, Inc.® O58 - SDL:2013/08/22 13:43:31 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\windows\System32\drivers\nvraid.sys [150368] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\windows\System32\drivers\nvstor.sys [168288] =>.Microsoft Windows® O58 - SDL:2013/08/13 18:55:18 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth AVRCP Driver.) -- C:\windows\System32\drivers\RtkAvrcp.sys [57560] =>.Realtek Semiconductor Corp® O58 - SDL:2013/06/21 08:44:06 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Avrcp Controller Driver.) -- C:\windows\System32\drivers\RtkAvrcpCtrlr.sys [69848] =>.Realtek Semiconductor Corp® O58 - SDL:2014/03/04 21:31:10 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\windows\System32\drivers\RTKVHD64.sys [3882456] =>.Realtek Semiconductor Corp® O58 - SDL:2013/07/24 16:53:12 A . (.Realsil Semiconductor Corporation - RTS PCIE READER Driver.) -- C:\windows\System32\drivers\RtsPer.sys [423128] =>.Realtek Semiconductor Corp® O58 - SDL:2017/03/31 00:38:30 A . (.Trend Micro Inc. - Trend Micro Data Loss Prevention Driver.) -- C:\windows\System32\drivers\sakfile.sys [123096] =>.Trend Micro, Inc.® O58 - SDL:2013/08/22 16:35:09 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\windows\System32\drivers\secdrv.sys [23040] =>.Rovi Corporation O58 - SDL:2013/08/22 13:43:31 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\windows\System32\drivers\sisraid2.sys [44896] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:32 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\windows\System32\drivers\sisraid4.sys [81760] =>.Microsoft Windows® O58 - SDL:2014/04/07 13:01:40 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\windows\System32\drivers\Smb_driver_AMDASF.sys [29936] =>.Synaptics Incorporated® O58 - SDL:2014/04/07 13:01:40 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\windows\System32\drivers\Smb_driver_Intel.sys [31472] =>.Synaptics Incorporated® O58 - SDL:2014/03/18 16:49:42 A . (.Sunplus - AVStream.) -- C:\windows\System32\drivers\SPUVCBv_x64.sys [1521312] =>.SunPlus O58 - SDL:2013/08/22 13:43:32 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\windows\System32\drivers\stexstor.sys [31072] =>.Microsoft Windows® O58 - SDL:2014/04/07 13:01:42 A . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) -- C:\windows\System32\drivers\SynTP.sys [554224] =>.Synaptics Incorporated® O58 - SDL:2017/09/06 16:45:26 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\windows\System32\drivers\tap-tb-0901.sys [38656] =>.TunnelBear, Inc.® O58 - SDL:2016/04/21 10:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\windows\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project O58 - SDL:2017/08/24 20:21:08 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\windows\System32\drivers\tapprotonvpn.sys [36792] {0A8AD5306ABE75354AFB6367F4CD6841} =>.The OpenVPN Project O58 - SDL:2013/12/03 14:36:42 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\windows\System32\drivers\TeeDriverx64.sys [100824] =>.Intel Corporation - Intel® Management Engine Firmware® O58 - SDL:2017/04/05 23:42:40 A . (.Trend Micro Inc. - TrendMicro Activity Monitor Module.) -- C:\windows\System32\drivers\tmactmon.sys [131760] =>.Trend Micro, Inc.® O58 - SDL:2017/04/07 01:40:56 A . (.Trend Micro Inc. - TrendMicro Common Module.) -- C:\windows\System32\drivers\tmcomm.sys [434896] =>.Trend Micro, Inc.® O58 - SDL:2016/04/21 12:08:08 A . (.Trend Micro Inc. - Trend Micro early boot driver.) -- C:\windows\System32\drivers\TMEBC64.sys [72504] =>.Trend Micro, Inc.® O58 - SDL:2016/07/15 06:48:26 A . (.Trend Micro Inc. - Trend Micro EagleEye Driver (VW) (amd64-fre.) -- C:\windows\System32\drivers\tmeevw.sys [143072] =>.Trend Micro, Inc.® O58 - SDL:2015/06/23 10:49:48 A . (.Trend Micro Inc. - TrendMicro ELAM Driver (64-Bit).) -- C:\windows\System32\drivers\tmel.sys [39056] =>.Microsoft Windows Early Launch Anti-malware Publisher® O58 - SDL:2017/04/05 23:42:42 A . (.Trend Micro Inc. - TrendMicro Event Management Module.) -- C:\windows\System32\drivers\tmevtmgr.sys [93336] =>.Trend Micro, Inc.® O58 - SDL:2016/06/24 15:58:42 A . (.Trend Micro Inc. - Trend Micro NCIE Scanner (amd64-fre).) -- C:\windows\System32\drivers\tmnciesc.sys [561952] =>.Trend Micro, Inc.® O58 - SDL:2017/02/15 02:31:50 A . (.Trend Micro Inc. - Trend Micro UMH Driver x64.) -- C:\windows\System32\drivers\TMUMH.sys [113880] =>.Trend Micro, Inc.® O58 - SDL:2016/07/15 15:54:42 A . (.Trend Micro Inc. - Trend Micro Osprey Scanner Driver (amd64-fr.) -- C:\windows\System32\drivers\tmusa.sys [131808] =>.Trend Micro, Inc.® O58 - SDL:2015/01/16 06:49:00 A . (.Lenovo Group Limited - Power Manager.) -- C:\windows\System32\drivers\TPPWR64V.SYS [20736] =>.LENOVO(JAPAN)LTD.® O58 - SDL:2013/08/22 13:43:34 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\windows\System32\drivers\viaide.sys [19808] =>.Microsoft Windows® O58 - SDL:2015/04/20 11:27:26 A . (.Cisco Systems, Inc. - Cisco AnyConnect Secure Mobility Client Vir.) -- C:\windows\System32\drivers\vpnva64-6.sys [52592] =>.Cisco Systems, Inc.® O58 - SDL:2013/08/22 13:43:34 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\windows\System32\drivers\vsmraid.sys [168800] =>.Microsoft Windows® O58 - SDL:2013/08/22 13:43:34 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\windows\System32\drivers\VSTXRAID.SYS [305504] =>.Microsoft Windows® ---\\ Last modified or created user files (1) - 2s O61 - LFC: 2018/03/17 03:14:55 A . (..) -- C:\Users\michael.vervecken\AppData\Roaming\Apowersoft\ApowersoftVideoHelper.dll [7859008] ---\\ File Associations Shell Spawning (10) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (...) -- C:\Windows\System32\WScript.exe "%1" %* =>.Default.Value O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S =>.Default.Value ---\\ Start Menu Internet (8) - 0s O68 - StartMenuInternet: [64Bits][HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® O68 - StartMenuInternet: [64Bits][HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation ---\\ Search Browser Infection (2) - 0s O69 - SBI: SearchScopes [HKCU] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com O69 - SBI: SearchScopes [HKLM] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com ---\\ Search Svchost Services (36) - 1s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\windows\System32\aelupsvc.dll [208896] =>.Microsoft Corporation O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [158720] =>.Microsoft Corporation O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [158720] =>.Microsoft Corporation O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [323072] =>.Microsoft Corporation O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [1362432] =>.Microsoft Corporation O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [1063424] =>.Microsoft Corporation O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [903168] =>.Microsoft Corporation O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [30720] =>.Microsoft Corporation O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [110080] =>.Microsoft Corporation O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [151040] =>.Microsoft Corporation O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [107008] =>.Microsoft Corporation O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [1214976] =>.Microsoft Corporation O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [220672] =>.Microsoft Corporation O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [70656] =>.Microsoft Corporation O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [134144] =>.Microsoft Corporation O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [225280] =>.Microsoft Corporation O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [342016] =>.Microsoft Corporation O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [81408] =>.Microsoft Corporation O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [97792] =>.Microsoft Corporation O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [339456] =>.Microsoft Corporation O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [491520] =>.Microsoft Corporation O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1576960] =>.Microsoft Corporation O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [50688] =>.Microsoft Corporation O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [201728] =>.Microsoft Corporation O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [164352] =>.Microsoft Corporation O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [101376] =>.Microsoft Corporation O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [534528] =>.Microsoft Corporation O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [223744] =>.Microsoft Corporation O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [71680] =>.Microsoft Corporation O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [433664] =>.Microsoft Corporation O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [3714560] =>.Microsoft Corporation O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [1017856] =>.Microsoft Corporation O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [629760] =>.Microsoft Corporation O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [183296] =>.Microsoft Corporation O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [90464] =>.Microsoft Windows® ---\\ Firewall Active Exception List (63) - 6s O87 - FAEL: "{76E8A0F2-6ACD-4FE5-8657-7E5AC980A5EC}" [In-None-P6-TRUE] .(.LANDesk Software Ltd. - CBA -- Ping Discovery Service.) -- C:\Windows\SysWOW64\cba\pds.exe O87 - FAEL: "{B8F4667B-433A-46A9-95DA-1A44C665F20D}" [In-None-P17-TRUE] .(.LANDesk Software Ltd. - CBA -- Ping Discovery Service.) -- C:\Windows\SysWOW64\cba\pds.exe O87 - FAEL: "{3D7BE10F-58D6-4CBD-8300-CA4464482D18}" [In-None-P6-TRUE] .(.LANDesk Software Ltd. - CBA -- Ping Discovery Service.) -- C:\Windows\SysWOW64\cba\pds.exe O87 - FAEL: "{91D01AB4-9949-4CC4-88EB-2A4225F2B2BB}" [In-None-P17-TRUE] .(.LANDesk Software Ltd. - CBA -- Ping Discovery Service.) -- C:\Windows\SysWOW64\cba\pds.exe O87 - FAEL: "{43516C05-639A-48D2-B15A-1E0BD476FAAD}" [In-None-P6-TRUE] .(.LANDesk Software Ltd. - CBA -- Message System.) -- C:\Windows\SysWOW64\msgsys.exe O87 - FAEL: "{19CD3766-48E4-429C-8167-F8170459484E}" [In-None-P17-TRUE] .(.LANDesk Software Ltd. - CBA -- Message System.) -- C:\Windows\SysWOW64\msgsys.exe O87 - FAEL: "{1903C4B6-3BEF-44E5-B3D7-3714E2B8A23A}" [In-None-P6-TRUE] .(.LANDesk Software Ltd. - CBA -- Message System.) -- C:\Windows\SysWOW64\msgsys.exe O87 - FAEL: "{36DFD70C-55DE-4B70-8CB2-1C85A906DDFB}" [In-None-P17-TRUE] .(.LANDesk Software Ltd. - CBA -- Message System.) -- C:\Windows\SysWOW64\msgsys.exe O87 - FAEL: "{1D70979F-457D-4621-90B1-C82196D9DD17}" [In-None-P6-TRUE] .(.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{81FC1E15-AE4C-48C1-8DA8-CC37D3A5F293}" [In-None-P17-TRUE] .(.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{7B69DA5D-18CF-4054-BCCD-6602F26ECF6A}" [In-None-P6-TRUE] .(.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{FA2A2A7A-5321-478F-97B3-F4EAF2D60D7F}" [In-None-P17-TRUE] .(.Ivanti - Remote Control Client.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{298FAA59-CDF3-4CC4-BE9F-596F1173428C}" [In-None-P6-TRUE] .(.Ivanti - Targeted Multicast Client Service Executabl.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{CA1DE356-5A61-4476-9B9E-CDC3F348CCF4}" [In-None-P17-TRUE] .(.Ivanti - Targeted Multicast Client Service Executabl.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{EC252815-05B5-472A-AD2F-53653C482FEB}" [In-None-P6-TRUE] .(.Ivanti - Targeted Multicast Client Service Executabl.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{7EF673CA-86ED-452B-883B-C3780111C2AD}" [In-None-P17-TRUE] .(.Ivanti - Targeted Multicast Client Service Executabl.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe {212334F89B3268D4507E241B3B853644} O87 - FAEL: "{6F7A4E28-3CC1-43E3-92E6-84E97654B68E}" [In-None-P6-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{68CB86AB-7313-420E-944D-A80E4CCFC9F5}" [In-None-P17-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{50C1A58D-1B0F-464D-90E2-F561E605582F}" [In-None-P6-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{F3D1EB66-1B4D-42C4-BEE6-98FD2BF34911}" [In-None-P17-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{302698EB-648C-4D99-992C-021B0C3AD661}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Simple Port Tester\spt.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{624A6685-80DD-4230-BC77-B2110A22E088}" [Out-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Simple Port Tester\spt.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "TCP Query User{D2D53B80-2B1C-469A-87E7-5C062366EB71}C:\program files (x86)\videolan\vlc\vlc.exe" [In-None-P6-TRUE] .(.VideoLAN - VLC media player.) -- C:\program files (x86)\videolan\vlc\vlc.exe =>.VideoLAN® O87 - FAEL: "UDP Query User{E5DC4019-D51F-4DE7-ABB5-7DBBACEDB87F}C:\program files (x86)\videolan\vlc\vlc.exe" [In-None-P17-TRUE] .(.VideoLAN - VLC media player.) -- C:\program files (x86)\videolan\vlc\vlc.exe =>.VideoLAN® O87 - FAEL: "TCP Query User{B230B335-DC1A-40D5-A221-2951591F3D6F}C:\program files\serviio\jre\bin\javaw.exe" [In-None-P6-TRUE] .(...) -- C:\program files\serviio\jre\bin\javaw.exe (.not file.) =>.Serviio O87 - FAEL: "UDP Query User{74DC4D09-5A44-4C3F-B527-7935BE12A779}C:\program files\serviio\jre\bin\javaw.exe" [In-None-P17-TRUE] .(...) -- C:\program files\serviio\jre\bin\javaw.exe (.not file.) =>.Serviio O87 - FAEL: "TCP Query User{15881A0C-9A38-429C-87D0-4A8FE7B7252E}C:\program files\vuze\jre\bin\java.exe" [In-None-P6-TRUE] .(...) -- C:\program files\vuze\jre\bin\java.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "UDP Query User{B34D13D8-DBD3-4103-8A61-8F10CE08FDAA}C:\program files\vuze\jre\bin\java.exe" [In-None-P17-TRUE] .(...) -- C:\program files\vuze\jre\bin\java.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{2C736BA8-2132-4047-9F9E-1682C0468010}" [In-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{A0687D42-0744-4A77-B71C-6752DFB87005}" [In-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{2904AEEB-E353-49E9-8B69-2C6091231F28}" [Out-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{DB6A4098-6A6A-45F7-B020-BC7C0CBF0A22}" [Out-None-P17-TRUE] .(.Ellora Assets Corporation - Freemake Video Converter Setup.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{37B1E639-DF9A-4087-BCB3-AE0E933A7CD7}" [In-None-P17-TRUE] .(.Ellora Assets Corporation - Freemake Video Converter Setup.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{5A3A87E6-703D-4E89-B7E4-323791FAAFAF}" [In-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{7A3F0640-670C-418B-A498-D4062C9341EE}" [In-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{33A0968C-E261-4AAF-8A52-29E4E45A4AC1}" [Out-None-P17-TRUE] .(.Freemake - Freemake Video Converter.) -- C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe =>.INTERNET PROJECT LLC® O87 - FAEL: "{8CFBFB66-D5BC-484C-9E02-99C7FCCFB1A5}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{D2413371-D475-468F-BC6E-7F150DD4388E}" [Out-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{DBEE9401-9A73-483F-8276-0C88220D5FCA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{9448941F-6546-4F46-A715-C6E5C77AFB42}" [Out-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{2F7C7719-C10D-4045-B02C-9E3E57E84C99}" [In-None-P17-TRUE] .(.Apowersoft - Streaming Video Recorder 6.) -- C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe =>.Apowersoft Ltd® O87 - FAEL: "{C26068F6-8715-475B-8299-43D4A455D665}" [Out-None-P17-TRUE] .(.Apowersoft - Streaming Video Recorder 6.) -- C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe =>.Apowersoft Ltd® O87 - FAEL: "{67AF406D-03B7-4936-B5A6-92356A96CA97}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe =>.Apowersoft Ltd® O87 - FAEL: "{82944204-E637-4B6C-A1D8-291022E52970}" [Out-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe =>.Apowersoft Ltd® O87 - FAEL: "{A849D281-429B-4228-B8DB-5F3E9D5EBA90}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 13.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe =>.TeamViewer GmbH® O87 - FAEL: "{F720E750-AA9B-4E7F-A7FD-283EF43EE35E}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 13.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe =>.TeamViewer GmbH® O87 - FAEL: "{F251A4F1-4CAB-411E-AD53-FB1D95689F5B}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 13.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH® O87 - FAEL: "{0BF554ED-52DC-4D72-A392-5E04C07749FE}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 13.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH® O87 - FAEL: "TCP Query User{A79B9B45-C310-49D4-A147-CC609A75EC5A}C:\program files (x86)\kodi\kodi.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\kodi\kodi.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "UDP Query User{43DD2F85-D069-4330-B540-9AD50E6E869F}C:\program files (x86)\kodi\kodi.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\kodi\kodi.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "TCP Query User{DB77A0E5-7F29-4B81-AE7B-37E97017A7EC}C:\users\michael.vervecken\appdata\local\jdownloader 2.0\jdownloader2.exe" [In-None-P6-TRUE] .(...) -- C:\users\michael.vervecken\appdata\local\jdownloader 2.0\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "UDP Query User{A693462B-6D10-4850-AEB8-4AD47F92B884}C:\users\michael.vervecken\appdata\local\jdownloader 2.0\jdownloader2.exe" [In-None-P17-TRUE] .(...) -- C:\users\michael.vervecken\appdata\local\jdownloader 2.0\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "TCP Query User{9B8C0661-5999-4F72-829F-CF7B0E3ECD8A}C:\users\michael.vervecken\downloads\jd2 fully loaded 24-12-2017\jd2 fully loaded 24-12-2017\jdownloader2 install and play [premium accounts added]\jdownloader2.exe" [In-None-P6-TRUE] .(...) -- C:\users\michael.vervecken\downloads\jd2 fully loaded 24-12-2017\jd2 fully loaded 24-12-2017\jdownloader2 install and play [premium accounts added]\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "UDP Query User{17A0566A-EB61-4F95-A747-434D44D80838}C:\users\michael.vervecken\downloads\jd2 fully loaded 24-12-2017\jd2 fully loaded 24-12-2017\jdownloader2 install and play [premium accounts added]\jdownloader2.exe" [In-None-P17-TRUE] .(...) -- C:\users\michael.vervecken\downloads\jd2 fully loaded 24-12-2017\jd2 fully loaded 24-12-2017\jdownloader2 install and play [premium accounts added]\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "TCP Query User{1B478467-DB67-43E2-8D5B-B2F277C0659D}C:\users\michael.vervecken\downloads\jdownloader\jdownloader\jdownloader\jdownloader2.exe" [In-None-P6-TRUE] .(...) -- C:\users\michael.vervecken\downloads\jdownloader\jdownloader\jdownloader\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "UDP Query User{3BDBE387-A368-40F3-9B5D-CCE0E45DF23B}C:\users\michael.vervecken\downloads\jdownloader\jdownloader\jdownloader\jdownloader2.exe" [In-None-P17-TRUE] .(...) -- C:\users\michael.vervecken\downloads\jdownloader\jdownloader\jdownloader\jdownloader2.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{A5F471A0-9BF2-4A74-8D25-F354CFC42AEB}" [In-None-P6-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{C5C7183A-2EC4-465D-A86A-EE6AB14ABD56}" [In-None-P17-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{CBCE431B-A1F0-4452-B39E-76893AF153CD}" [In-None-P6-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{37C35714-4F50-44C8-AE19-37B84E1678FE}" [In-None-P17-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{E943F73A-244E-464B-BFE1-6326EF7988B8}" [In-None-P6-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{1C86D483-CCE4-4CA0-8426-015957EFD9F4}" [In-None-P17-TRUE] .(.Ivanti - Resident Agent Application.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe O87 - FAEL: "{B3997E12-3D99-4639-A43C-4A24D1C6DA2C}" [In-None-P17-TRUE] .(.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc® ---\\ Windows Installer Scan (42) - 38s [MD5.7F9BBDB60B98B6AB6A09446AFADA65CB] [WIS][2018/02/28 02:13:51] (.Adobe Systems Incorporated - Adobe ARM Installer.) -- C:\windows\Installer\12d487a2.msi [884736] =>.Adobe Systems Incorporated [MD5.85F537A750819E7B4BD4CBC23F7AAFF2] [WIS][2014/01/09 17:52:56] (.PeterZeng; lenovo - Lenovo Patch Utility.) -- C:\windows\Installer\16ed5.msi [5131776] [MD5.23BA2801E46109F4E70457A9B27A78BF] [WIS][2014/01/09 17:52:56] (.Peter Zeng,Lenovo - Lenovo Patch Utility 64 bit.) -- C:\windows\Installer\16ed9.msi [5286400] =>.Peter Zeng,Lenovo [MD5.7402ECD4AC81CFF020C076BD2404BA53] [WIS][2014/08/01 14:19:30] (.Lenovo Group Limited - Lenovo System Agent Plugin.) -- C:\windows\Installer\16ee5.msi [1205248] =>.Lenovo Group Limited [MD5.F627375216F920E368B5B829805B8D35] [WIS][2013/10/22 13:06:48] (.IBM - IBM Notes/Domino.) -- C:\windows\Installer\187d6.msi [7114752] =>.IBM [MD5.DB9874CC1A4ECAB0585737B229D536DA] [WIS][2015/04/20 16:48:00] (.Cisco Systems, Inc. - Cisco AnyConnect Secure Mobility Client.) -- C:\windows\Installer\187dd.msi [4884992] =>.Cisco Systems, Inc. [MD5.54E6F3F354BA35AB75C1FD7DF3C9BA55] [WIS][2015/04/20 16:48:42] (.Cisco Systems, Inc. - Cisco AnyConnect Start Before Login Module.) -- C:\windows\Installer\187e1.msi [739840] =>.Cisco Systems, Inc. [MD5.DC9342A0DB11329A2EBDF3AB84BB02ED] [WIS][2016/12/08 14:24:55] (.Trend Micro Inc. - InstallShield® 2015 - Premier Edition with .) -- C:\windows\Installer\213877.msi [328225792] =>.Trend Micro Inc. [MD5.0AD72CF2781A58B7455E9AE20CEC7B6D] [WIS][2017/08/14 10:15:54] (..) -- C:\windows\Installer\4e08a187.msi [3754600] [MD5.681D41CCD6197174268BAA14E1D0D5D9] [WIS][2017/08/15 15:11:49] (..) -- C:\windows\Installer\4f110db5.msi [3754600] [MD5.BA5AAD2801C17F97A4B942CC2391A520] [WIS][2017/05/29 14:08:59] (.Lenovo Group Limited - Lenovo System Agent Service.) -- C:\windows\Installer\4f68e.msi [2857472] =>.Lenovo Group Limited [MD5.4186079D6C02931F832D1A6FD216D825] [WIS][2017/05/29 14:10:17] (.Lenovo Group Limited - Lenovo iM Controller Driver.) -- C:\windows\Installer\4f697.msi [8338432] =>.Lenovo Group Limited [MD5.0ACF55233546C05DA71233600159D1E1] [WIS][2017/05/29 14:10:30] (.Lenovo Group Limited - File Copy.) -- C:\windows\Installer\4f69e.msi [973824] =>.Lenovo Group Limited [MD5.F4D075697175541E6313C1632F820DFF] [WIS][2017/05/29 14:10:33] (.Lenovo Group Limited - Machine Information.) -- C:\windows\Installer\4f6a2.msi [1069056] =>.Lenovo Group Limited [MD5.D6D1ED57DD90FFEC1D78FF3EA822944F] [WIS][2017/05/29 14:10:38] (.Lenovo Group Limited - Warranty.) -- C:\windows\Installer\4f6a6.msi [985600] =>.Lenovo Group Limited [MD5.311114DF69F79C9AC33DBCE49D404551] [WIS][2017/05/29 14:10:43] (.Lenovo Group Limited - LaunchProxy.) -- C:\windows\Installer\4f6aa.msi [947200] =>.Lenovo Group Limited [MD5.0F26BE1159F00B5FB02CD19358F4518C] [WIS][2017/05/29 14:10:50] (.Lenovo Group Limited - Intel Notifications.) -- C:\windows\Installer\4f6ae.msi [976896] =>.Lenovo Group Limited [MD5.7EFE8FCEC81DC93768CC51293E413AC4] [WIS][2017/05/29 14:10:55] (.Lenovo Group Limited - Intel Notifications.) -- C:\windows\Installer\4f6b2.msi [971264] =>.Lenovo Group Limited [MD5.C180A998B4E9CF2AD2453847E354E484] [WIS][2017/05/29 14:11:02] (.Lenovo Group Limited - QueryWlan.) -- C:\windows\Installer\4f6b6.msi [981504] =>.Lenovo Group Limited [MD5.438B28834B0C2F85D9E46018DAA6E89D] [WIS][2017/05/29 14:11:15] (.Lenovo Group Limited - Active Directory patch.) -- C:\windows\Installer\4f6ba.msi [972800] =>.Lenovo Group Limited [MD5.115CE939D61899E4D94F9B7D4B2133EE] [WIS][2017/05/29 14:11:21] (.Lenovo Group Limited - LSC patch.) -- C:\windows\Installer\4f6be.msi [971776] =>.Lenovo Group Limited [MD5.67B2F45762AAD3427BD7C176D6CFB796] [WIS][2017/05/29 14:11:28] (.Lenovo Group Limited - LSU patch.) -- C:\windows\Installer\4f6c2.msi [968192] =>.Lenovo Group Limited [MD5.68F4984710CA65C246C7ED0CD9A41856] [WIS][2017/05/29 14:11:34] (.Lenovo Group Limited - Windows Update patch.) -- C:\windows\Installer\4f6c6.msi [983552] =>.Lenovo Group Limited [MD5.24C7F3A79C073830E4D5247677183D8E] [WIS][2015/06/04 10:44:38] (.Ricoh Family Group.) -- C:\windows\Installer\4f6cc.msi [1250304] [MD5.3C0E13FEEFC5E91E57A1B020BBAAF58C] [WIS][2015/06/08 22:37:36] (.Ricoh Nederland.) -- C:\windows\Installer\4f6d1.msi [2400768] [MD5.96895C5AC631EC5A2551D23641C10147] [WIS][2017/05/29 15:36:19] (.Lenovo Group Limited - Lenovo Messenger.) -- C:\windows\Installer\526df7.msi [1818112] =>.Lenovo Group Limited [MD5.F4ADCD74E59D8B48AAE5B7B731A28067] [WIS][2017/06/19 10:03:48] (.LANDesk Software, Ltd.) -- C:\windows\Installer\54a11fb6.msi [4930560] [MD5.BFD887F5123FA7F7EF06E3791ACAF989] [WIS][2017/08/16 08:25:38] (..) -- C:\windows\Installer\54a11fba.msi [420456] [MD5.23B97F4BEDD554D3F629B60637AFC936] [WIS][2015/03/17 09:42:22] (.Adobe Systems Incorporated.) -- C:\windows\Installer\61afaab.msi [2792960] =>.Adobe Systems Incorporated [MD5.4FC2CD74E134206B2D7AA37D647518A4] [WIS][2009/08/27 08:11:48] (.Sogeti Nederland B.V..) -- C:\windows\Installer\7c7d4.msi [1152512] [MD5.3F2885D0B48ABA34AF4CAC268CF74A40] [WIS][2017/11/07 17:44:57] (.Open Media LLC - 4K Video Downloader 4.3 Installer.) -- C:\windows\Installer\afd8608.msi [28614656] =>.Open Media LLC [MD5.F0EE2E7F283866A2A0FEA9BE2D12A979] [WIS][2018/03/18 20:50:00] (.Google Inc. - Google Update Helper.) -- C:\windows\Installer\c772aa.msi [40960] =>.Google Inc. [MD5.77AB51250501ADDD4D491DECDB6121FD] [WIS][2017/08/28 17:40:46] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\13867c75.msp [2424832] =>.Adobe Systems, Incorporated [MD5.A58EAEAA86B7D4FA1891CA2EEDDCA3DD] [WIS][2018/02/12 15:26:08] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\17a3bf2.msp [103362560] =>.Adobe Systems, Incorporated [MD5.0762EDB0E4C8D62A4328C3360BC7AD2C] [WIS][2017/07/11 05:57:12] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\1cd55cbf.msp [1732608] =>.Adobe Systems, Incorporated [MD5.3617A09ABC822D955214EBE86A991CF3] [WIS][2017/11/29 11:42:28] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\205a298.msp [1355776] =>.Adobe Systems, Incorporated [MD5.AEEED5F2BB5ED9A586D1FC293387AF32] [WIS][2017/02/21 13:33:42] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\2814c215.msp [77639680] =>.Adobe Systems, Incorporated [MD5.CF478CA41BB57CA934019B65FCD35FB2] [WIS][2017/08/11 11:05:31] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\3fbdd19d.msp [100052992] =>.Adobe Systems, Incorporated [MD5.82F476D2A7125BB7EBF5A2A657BAB293] [WIS][2017/11/13 05:26:16] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\487154f.msp [23506944] =>.Adobe Systems, Incorporated [MD5.9A90F75504F5C7736959925773C5F4B7] [WIS][2016/10/01 02:09:46] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\61afaac.msp [75145216] =>.SUP.Obsolete.Adobe [MD5.A9095FC652E0273E10F1D9481C59067D] [WIS][2018/02/23 14:25:19] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\8511888.msp [1343488] =>.Adobe Systems, Incorporated [MD5.CECF2A7991F74C858965EA972A43CE3F] [WIS][2017/04/10 06:34:32] (.Adobe Systems, Incorporated.) -- C:\windows\Installer\9ae9fb7.msp [57815040] =>.Adobe Systems, Incorporated ---\\ Additional Scan (O88) (5) - 6s HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent =>BitTorrent (P2P) HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>.SUP.Orphan HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan C:\windows\Installer\61afaac.msp =>.SUP.Obsolete.Adobe ---\\ Summary of the elements found (3) - 0s https://nicolascoolman.eu/2017/09/12/origine-lignes-orphelines/ =>.SUP.Orphan https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe ~ Unselected Options: O82, ~ End of the scan, 6279 items in 02mn19s (1159)(0)