Zoek.exe v5.0.0.0 Updated 23-11-2014 Tool run by Ries van Ool on di 25-11-2014 at 8:37:38,62. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ries van Ool\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-10-29-202753.log 113372 bytes C:\zoek-results2014-11-17-143457.log 799 bytes ==== Empty Folders Check ====================== C:\Users\Ries van Ool\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-589480253-1782796221-1050078968-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe C:\Program Files\real\realplayer\Update\realsched.exe C:\Windows\vsnpstd.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Creative\Software Update 3\SoftAuto.exe C:\Program Files\DAEMON Tools Pro\DTAgent.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\AVG\AVG2015\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\ehome\ehsched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxebcoms.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Heutink ICT\deklas.nu Thuiswerken\USBDLM\USBDLM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Heutink ICT\deklas.nu Thuiswerken\USBDLM\USBDLM_usr.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\ctfmon.exe C:\Users\Ries van Ool\Desktop\zoek.exe C:\Windows\system32\conime.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Ries van Ool\Downloads\avg_free_stb_all_2015_5557_cnet.exe deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3071 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz CPU Speed: 2093,4 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 9500M GS | NVIDIA GeForce 9500M GS | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller | Intel(R) PRO/Wireless 3945ABG Network Connection CD / DVD Drives: 3x (E: | F: | G: | ) E: MATSHITADVD-RAM UJ870QJ | F: DTSOFT BDROM | G: ELBY CLONEDRIVE Ports: COM17 | COM18 | COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 149,0GB | D: 139,3GB Hard Disks - Free: C: 23,9GB | D: 5,9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/04/08 | _ASUS_ - 5000804 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. M51Sn Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Default Browser: Google Chrome 39.0.2171.65 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: (3.6.6) Google Chrome version: 39.0.2171.65 Adobe Reader version: 8.1.0.2007051100 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 15.0.0.223 Shockwave Player version: 11.6.6r636 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-10 22:53:02 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-PC_VAN_RVANOOL--(32-bit).dat ====== C:\Users\RIESVA~1\AppData\Local\Temp ==== 2014-11-25 07:34:55 EB4686F6F4BE2B00AA40978D551F66C4 43008 ----a-w- C:\Users\Ries van Ool\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6cr75c.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-11-20 09:24:53 1DE1C07B256961012DCE0674EA488DE7 499200 ----a-w- C:\Windows\System32\kerberos.dll 2014-11-14 07:49:48 51992CC4DF2DB150950C6CB505556B9A 146432 ----a-w- C:\Windows\System32\msaudite.dll 2014-11-14 07:49:47 15F315B53C69930BF907D9A0FFCB6206 619520 ----a-w- C:\Windows\System32\adtschema.dll 2014-11-14 07:49:46 DBD84E59D631569EC3E756EF144E8431 449536 ----a-w- C:\Windows\System32\termsrv.dll 2014-11-14 07:49:46 0C96812AAEDA38C89DC6C3F0AE7B6930 1259008 ----a-w- C:\Windows\System32\lsasrv.dll 2014-11-14 07:49:10 37A4DF3BCA563FB7537B881AE91BA9C4 1249280 ----a-w- C:\Windows\System32\msxml3.dll 2014-11-14 07:49:10 06A9049BA8B9F20D755CF03FD12E8AFD 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-11-14 07:47:53 C0D56D9E570D8C294D1D9B2B32D4C857 278528 ----a-w- C:\Windows\System32\schannel.dll 2014-11-14 07:47:19 BC4C024BDC8B676CC58BCE1D5BA7BC04 67072 ----a-w- C:\Windows\System32\packager.dll 2014-11-14 07:46:34 FD7A26BF790751B527E632BD9346DDFD 729600 ----a-w- C:\Windows\System32\IMJP10K.DLL 2014-11-14 07:44:00 BE377621E2D2B483F8EF447079E55585 396800 ----a-w- C:\Windows\System32\AudioEng.dll 2014-11-14 07:44:00 A0344CD5E3F552340AB226E864E1710B 170496 ----a-w- C:\Windows\System32\EncDump.dll 2014-11-14 07:44:00 8E98A99187FF17FC1D48E6FAFFD870BE 316928 ----a-w- C:\Windows\System32\audiosrv.dll 2014-11-14 07:44:00 56B73070DB745E192307EB7AB6C55CD5 274432 ----a-w- C:\Windows\System32\AUDIOKSE.dll 2014-11-14 07:43:33 2908C2D90B78FDC24326B7854079E44E 564224 ----a-w- C:\Windows\System32\oleaut32.dll 2014-11-14 07:36:59 2833F623494FC1EFC0EAC4401CBBF2F2 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-11-13 06:26:19 F832CFAFA6015E21B33A583C7B2CA19A 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-11-13 06:26:19 ECED64B195BF217D5CFD65698BC9727D 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2014-11-13 06:26:19 DE0269B69861CD68EC8D29AD4A01894E 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-11-13 06:26:19 565188FD523603C94FD7619E14FB7E32 421376 ----a-w- C:\Windows\System32\vbscript.dll 2014-11-13 06:26:19 2A60B15FFD6EEDFBA73728593171AA19 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-11-13 06:26:19 27FA9CA22666E0AFB03F4433A4CEA5B7 1139712 ----a-w- C:\Windows\System32\urlmon.dll 2014-11-13 06:26:18 D07699ACF5301E45006AFD7566769E1B 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-11-13 06:26:18 556F78D100D031073A7A01992B74E98E 717824 ----a-w- C:\Windows\System32\jscript.dll 2014-11-13 06:26:18 348F63C1CD7952B1433691D4F8E8B1A8 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-11-13 06:26:17 C94AEBE5CCA3F390E7CBC64D2FF30CDF 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-13 06:26:17 BF493C48DF485DF0DE5F10EFA1BAA1D2 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2014-11-13 06:26:17 BE27559260267DD7431F9E01F0BF87B6 1802752 ----a-w- C:\Windows\System32\iertutil.dll 2014-11-13 06:26:17 B6260FAA9ACF8AC13312C739B23BD0BE 1129472 ----a-w- C:\Windows\System32\wininet.dll 2014-11-13 06:26:17 AB9015D5B288898E7298BE0DC93BFF0E 176640 ----a-w- C:\Windows\System32\ieui.dll 2014-11-13 06:26:17 5C4AE6F46A4307CC5885FF000EEF3A5D 231936 ----a-w- C:\Windows\System32\url.dll 2014-11-13 06:26:17 4AF7834C2D41512749BE5FB46CF6EF37 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-11-13 06:26:17 3A98C11FD14209D9D3A0B4E2943B302C 9739776 ----a-w- C:\Windows\System32\ieframe.dll 2014-11-13 06:26:17 08E805C724637412C73A57E50212DBEC 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-11-13 06:26:14 9F702DD4CE7AC7C5FD3D8E10D012AC06 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2014-11-13 06:26:13 0484379BFC58E440EF432D2C80CF0912 1810944 ----a-w- C:\Windows\System32\jscript9.dll 2014-11-13 06:26:12 5BDCC7129C2F0A25F8A8FF6A3BDD9896 12366848 ----a-w- C:\Windows\System32\mshtml.dll ====== C:\Windows\system32\drivers ===== 2014-10-29 20:34:52 5C238CDA802ECA79D7C05EEDDEA7001B 213784 ----a-w- C:\Windows\System32\drivers\avgidsdriverx.sys ====== C:\Windows\Tasks ====== 2014-11-21 18:18:37 E0BB60D4D98F3CDE9C5A61B4D99CC205 3354 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-589480253-1782796221-1050078968-1000 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-20 09:27:05 -------- d-----w- C:\Program Files\Speccy 2014-11-13 16:08:10 -------- d-----w- C:\Program Files\Recuva 2014-11-10 22:49:25 -------- d-----w- C:\Program Files\Tweaking.com 2014-11-06 11:55:27 -------- d-----w- C:\Program Files\MKVToolNix 2014-10-29 19:37:03 -------- d-----w- C:\Program Files\Common Files\Java 2014-10-28 14:09:46 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Ries van Ool\AppData\Roaming ====== 2014-11-21 13:33:49 -------- d-----w- C:\Users\Ries van Ool\AppData\Roaming\AVG2015 2014-11-21 13:33:01 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2015 2014-11-21 13:29:00 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2015 2014-11-21 13:05:26 -------- d-----w- C:\Users\Ries van Ool\AppData\Local\Avg2015 2014-11-20 09:29:29 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2014-11-20 09:27:31 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2014-10-29 20:20:27 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-10-29 20:20:27 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-10-29 20:20:26 -------- d-----w- C:\Users\Ries van Ool\AppData\Local\Temp 2014-10-29 20:20:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-10-29 19:15:27 -------- d-----w- C:\Users\Ries van Ool\AppData\Roaming\Oracle ====== C:\Users\Ries van Ool ====== 2014-11-21 13:36:17 -------- d-----r- C:\Windows\system32\config\systemprofile\Downloads 2014-11-21 13:36:17 -------- d-----r- C:\Windows\system32\config\systemprofile\Documents 2014-11-21 13:32:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-21 13:31:20 -------- d-----w- C:\ProgramData\AVG2015 2014-11-20 09:25:22 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Ries van Ool\Downloads\spsetup126 (1).exe 2014-11-13 16:06:48 3F9C12E62A0AE1D7A9DBB252195C4C54 4210920 ----a-w- C:\Users\Ries van Ool\Downloads\rcsetup151.exe 2014-11-11 15:12:02 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Ries van Ool\Downloads\spsetup126.exe 2014-11-10 22:49:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-11-06 11:55:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 2014-10-29 19:36:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-11-23 06:02:39 DBDC93187B17D055F0B17838C7D264BE 6838864 ----a-w- C:\Users\Ries van Ool\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.65\39.0.2171.65_38.0.2125.111_chrome_updater.exe 2014-11-20 09:25:22 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Ries van Ool\Downloads\spsetup126 (1).exe === C: other files == 2014-11-24 14:59:17 6FAA8F6F3864C9AC5955FECDD2DE55E7 15335 ----a-w- C:\Users\Ries van Ool\Downloads\b8c837c7c1af2c0f1e9d482e8e79dfd68c00675b.zip 2014-11-24 14:58:41 95E16A0CD2944692DE4EF3F45A39B718 14689 ----a-w- C:\Users\Ries van Ool\Downloads\7deb2db28c00cc92dfa3e4c861ff036041a6e4e3.zip 2014-11-24 14:57:51 2B9A7F3E4834E4FECBDA0463DEA87B12 16467 ----a-w- C:\Users\Ries van Ool\Downloads\resurrection.will.(2014).dut.1cd.(5874665).zip 2014-11-24 14:56:21 BDF7C140B2DCE6DD395EA77FFEB6DB87 16120 ----a-w- C:\Users\Ries van Ool\Downloads\resurrection.old.scars.(2014).dut.1cd.(5867111).zip 2014-11-24 14:55:36 3B3A5C17E22357549B35CBF52221674C 14981 ----a-w- C:\Users\Ries van Ool\Downloads\ea89e561ee21f4dc9f954a01dcc6503d01eaeb82.zip 2014-11-24 14:55:05 F73794EE4D171314DD1B9FA0EEA23E61 12871 ----a-w- C:\Users\Ries van Ool\Downloads\2150ad16088c7030a5c2fc4ca98f85cbed3c9ddd.zip 2014-11-24 14:54:00 C3653E1312C293904699ABF6AA09E3CC 14686 ----a-w- C:\Users\Ries van Ool\Downloads\resurrection.revelation.(2014).dut.1cd.(5840283).zip 2014-11-20 11:34:50 4D8726034FA47A443CDE08A8C02B11B3 7738 ----a-w- C:\Users\Ries van Ool\Downloads\the-walking-dead-fifth-season_dutch-1013785.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-589480253-1782796221-1050078968-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler" "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" "Google Update"="C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe /c" "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTAgent.exe -autorun" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" "PowerForPhone"="C:\Program Files\P4P\P4P.exe" "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "WinampAgent"="C:\Program Files\Winamp\winampa.exe" "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin" "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup" "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "VirtualCloneDrive"="C:\Program Files\VirtualCloneDrive\VCDDaemon.exe /s" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "lxebmon.exe"="C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe" "EzPrint"="C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe" "TkBellExe"="C:\Program Files\real\realplayer\update\realsched.exe -osboot" "snpstd"="C:\Windows\vsnpstd.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler" "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" "Google Update"="C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe /c" "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTAgent.exe -autorun" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" ==== Startup Folders ====================== 2010-09-02 13:00:07 965 ----a-w- C:\Users\Ries van Ool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-10-27 09:38:12 645 ----a-w- C:\Users\Ries van Ool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13-11-2014 16:17] C:\Windows\tasks\Google Software Updater.job --a------ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [22-09-2011 05:36] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20-10-2014 18:34] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20-10-2014 18:34] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000Core.job --a------ C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe [19-10-2014 13:48] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000UA.job --a------ C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe [19-10-2014 13:48] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\ASUS Live Update" [C:\Program Files\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\system32\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Google Software Updater" [C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000Core" [C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000UA" [C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-589480253-1782796221-1050078968-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-589480253-1782796221-1050078968-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-589480253-1782796221-1050078968-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-589480253-1782796221-1050078968-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{A4C08C97-F9A0-4927-BB4D-A86DFFDF5528}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{D1B3D598-4E44-4286-87A1-053543E4CF39}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [10-09-2013 08:51] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 11:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\RIESVA~1\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\2020Player@2020Technologies.com - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\OneClickDownload@OneClickDownload.com - Undetermined - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack - Undetermined - C:\Program Files\AVG\AVG2012\Firefox4 - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} - Undetermined - C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default\extensions\gzypyktz-v@tuyaear.com - RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext ProfilePath: C:\Users\RIESVA~1\AppData\Roaming\TomTom\HOME\Profiles\wzte9anm.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ries van Ool\AppData\Roaming\Mozilla\Firefox\Profiles\oaq4cx52.default F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) 358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin C1680C34DE8A405C8829AB93236576FD - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector DAD55CEF682EAE6FA7B4C9487563A496 - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director B6A800D881A0176C544988870861E798 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 677D19A0ADA38861D513B19A86D12EB6 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin 3A9E1940B4459CC97FDCBB24FCB69004 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 0FCEAA7D12B7B0BA825E5C770B1DCA48 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat 11D9EC08007CCDD653E6762E289E7C1B - C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll - PluginRichmediaplayer 0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 EC321774436E1B7EE2EA334F41A3CF70 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat 0132218093298D7F72A40222F4FBF04F - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 14:24] YouTube - Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf RealDownloader - Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.nl_0.localstorage deleted successfully C:\Users\Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.nl_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== HijackThis Entries ====================== O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lxebmon.exe] "C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: program.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxebCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe O23 - Service: lxeb_device - - C:\Windows\system32\lxebcoms.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\Heutink ICT\deklas.nu Thuiswerken\USBDLM\USBDLM.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] LightScribe Control Panel = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [Hewlett-Packard Company] ehTray.exe = C:\Windows\ehome\ehTray.exe [MS] TomTomHOME.exe = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [TomTom] AdobeBridge = (empty string) [file not found] Power2GoExpress = NA [file not found] ISUSPM = "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [Macrovision Corporation] PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [Time Information Services Ltd.] BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [Nero AG] Google Update = "C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.] SoftAuto.exe = "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [Creative Technology Ltd] DAEMON Tools Pro Agent = "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun [DT Soft Ltd] KiesPreload = C:\Program Files\Samsung\Kies\Kies.exe /preload [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor] Skytel = Skytel.exe [Realtek Semiconductor Corp.] IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation] SMSERIAL = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [Motorola Inc.] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.] ATKMEDIA = C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [ASUSTeK Computer INC.] PowerForPhone = "C:\Program Files\P4P\P4P.exe" [null data] ASUS Camera ScreenSaver = C:\Windows\ASScrProlog.exe [null data] ASUS Screen Saver Protector = C:\Windows\ASScrPro.exe [null data] Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated] WinampAgent = "C:\Program Files\Winamp\winampa.exe" [null data] AdobeCS4ServiceManager = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [Adobe Systems Incorporated] Adobe Acrobat Speed Launcher = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [Adobe Systems Incorporated] Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [Adobe Systems Inc.] PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [Nokia] NeroFilterCheck = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [Nero AG] NBKeyScan = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [Nero AG] NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [MS] VirtualCloneDrive = "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s [Elaborate Bytes AG] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] Microsoft Default Manager = "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [MS] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] lxebmon.exe = "C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe" [null data] EzPrint = "C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe" [empty string] TkBellExe = "C:\Program Files\real\realplayer\update\realsched.exe" -osboot [RealNetworks, Inc.] snpstd = C:\Windows\vsnpstd.exe [empty string] KiesTrayAgent = C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [Samsung Electronics Co., Ltd.] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] AVG_UI = "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier -> {HKLM...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [McAfee, Inc.] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM...CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = Skype add-on (mastermind) -> {HKLM...CLSID} = Skype add-on (mastermind) \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype Technologies S.A.] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = RealNetworks Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [RealDownloader] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF Conversion Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [Google Inc.] {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = Google Dictionary Compression sdch -> {HKLM...CLSID} = Google Dictionary Compression sdch \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Inc.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [Oracle Corporation] {DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = ASUS Security Protect Manager -> {HKLM...CLSID} = ASUS Security Protect Manager \InProcServer32\(Default) = C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [Bioscrypt Inc.] {F4971EE7-DAA0-4053-9964-665D8EE6A077}\(Default) = SmartSelect -> {HKLM...CLSID} = SmartSelect Class \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook-extensie voor bestandspictogrammen \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL [MS] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = PhoneBrowser -> {HKLM...CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons -> {HKLM...CLSID} = NeroCoverEdLiveIcons Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper -> {HKLM...CLSID} = NVIDIA CPL Extension \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {B7056B8E-4F99-44f8-8CBD-282390FE5428} = VirtualCloneDrive -> {HKLM...CLSID} = VirtualCloneDrive Shell Extension \InProcServer32\(Default) = C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [Elaborate Bytes AG] {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player -> {HKLM...CLSID} = RealOne Player Context Menu Class \InProcServer32\(Default) = c:\program files\real\realplayer\rpshell.dll [RealNetworks, Inc.] {5F327514-6C5E-4d60-8F16-D07FA08A78ED} = Auto Update Property Sheet Extension -> {HKLM...CLSID} = Auto Update Property Sheet Extension \InProcServer32\(Default) = C:\Windows\system32\wuaucpl.cpl [file not found] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> (ASWLNPkg [file not found]) Notification Packages = scecli|ASWLNPkg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {122E7126-21DB-4F27-8D82-8E44B1C0DC56}\(Default) = Cognizance Filter -> {HKLM...CLSID} = ProviderFilter Class \InProcServer32\(Default) = C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll [Cognizance Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}\(Default) = FaceCredentialProvider -> {HKLM...CLSID} = FaceCredentialProvider \InProcServer32\(Default) = FaceCredentialProvider.dll [ASUS] {F13E50B9-7749-4416-B7CE-7C5BCBC8C449}\(Default) = Cognizance Provider -> {HKLM...CLSID} = CredProvider Class \InProcServer32\(Default) = C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll [Cognizance Corporation] {FF7F8C71-EA51-48E6-9038-E0A96BE4AC43}\(Default) = Cognizance Pass-Through Provider -> {HKLM...CLSID} = PswCredProvider Class \InProcServer32\(Default) = C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll [Cognizance Corporation] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807553E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> mso-offdap\CLSID = {3D9F03FA-7A94-11D3-BE81-0050048385D1} -> {HKLM...CLSID} = Data Page Pluggable Protocol mso-offdap Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [MS] <> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384} -> {HKLM...CLSID} = Data Page Plugable Protocal mso-offdap11 Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] <> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} -> {HKLM...CLSID} = NeroCoverEdContextMenu Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] VirtualCloneDrive\(Default) = {B7056B8E-4F99-44f8-8CBD-282390FE5428} -> {HKLM...CLSID} = VirtualCloneDrive Shell Extension \InProcServer32\(Default) = C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [Elaborate Bytes AG] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files\FileZilla FTP Client\fzshellext.dll [null data] Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> {HKLM...CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Ries van Ool\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS4ImportMediaOnArrival\ Provider = Adobe Bridge CS4 InvokeProgID = Adobe.adobebridgeCS4 InvokeVerb = launch HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS4\shell\launch\command\(Default) = C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1 [Adobe Systems, Inc.] BridgeCS4NonVolumeHandler\ Provider = Adobe Bridge CS4 ProgID = Adobe.adobebridgeMTP_1 HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = {1E6C711B-6D70-4a65-8AB6-745DC19BE2A6} -> {HKLM...CLSID} = Adobe Bridge CS4 \LocalServer32\(Default) = C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -m [Adobe Systems, Inc.] CanonCWDCEventHandler\ Provider = Canon CameraWindow ProgID = CwDC.AutoplayHandler HKLM\SOFTWARE\Classes\CwDC.AutoplayHandler\CLSID\(Default) = {CB7F044B-4400-48a4-8FEF-23B8D0D986EC} -> {HKLM...CLSID} = Canon CameraWindow \LocalServer32\(Default) = "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe" [Canon Inc.] CanonEUEventHandler\ Provider = Canon EOS Utility ProgID = EU.AutoplayHandler HKLM\SOFTWARE\Classes\EU.AutoplayHandler\CLSID\(Default) = {738F20C7-539E-4a7d-AE00-D6803513A4BB} -> {HKLM...CLSID} = Canon EOS Utility \LocalServer32\(Default) = C:\Program Files\Canon\EOS Utility\EULauncher.exe [null data] CanonZB4PicturesOnArrival\ Provider = Canon ZoomBrowser EX InvokeProgID = Zb.AutoplayHandler InvokeVerb = open HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data] DropboxAutoplayProxy\ Provider = Dropbox InvokeProgID = Dropbox.AutoplayEventHandlerProxy InvokeVerb = import HKLM\SOFTWARE\Classes\Dropbox.AutoplayEventHandlerProxy\shell\import\DropTarget\CLSID = {F38F335B-BC2E-450E-8FC6-0E13E17FC8FE} -> {HKLM...CLSID} = Dropbox Autoplay Proxy COM Server \LocalServer32\(Default) = C:\Program Files\Dropbox\DropboxProxy.exe /autoplayproxy [Dropbox, Inc.] EpShowApp\ Provider = Lexmark Fast Pics InvokeProgID = EzPrint InvokeVerb = Play HKLM\SOFTWARE\Classes\EzPrint\shell\Play\DropTarget\CLSID = {225F2F50-F37D-4eb3-B3A6-F675C9B52C83} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [empty string] Fotoschau5-38\ Provider = Fotoshow InvokeProgID = Fotoschau5-38 InvokeVerb = play HKLM\SOFTWARE\Classes\Fotoschau5-38\shell\play\command\(Default) = "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d %1 [null data] HPS5-38\ Provider = Kruidvat fotoservice InvokeProgID = HPS5-38.BestShow InvokeVerb = import HKLM\SOFTWARE\Classes\HPS5-38.BestShow\shell\import\command\(Default) = "C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" -i %L [null data] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] LBAutoPlayHandler\ Provider = Nokia Lifeblog InvokeProgID = LBAutoPlay InvokeVerb = import HKLM\SOFTWARE\Classes\LBAutoPlay\shell\import\command\(Default) = "C:\Program Files\Nokia\Nokia Lifeblog\NokiaLifeblog2.exe" -"import %1" [Nokia] LightScribeOnArrivalAP\ Provider = LightScribe Direct Disc Labeling InvokeProgID = LightScribe.AutoPlayHandler InvokeVerb = LabelLightScribeDisc HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = C:\Program Files\Common Files\LightScribe\LsLauncher.exe [Hewlett-Packard Company] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] MSPlayBluRayOnArrival\ Provider = Windows Media Player InvokeProgID = WMP.BD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.BD\shell\play\command\(Default) = "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L\BDMV\index.bdmv" [MS] NeroAutoPlay8AudioToNeroDigital\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD [Nero AG] NeroAutoPlay8CopyCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L [Nero AG] NeroAutoPlay8DataDisc_CD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_CD_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L [Nero AG] NeroAutoPlay8DataDisc_DVD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_DVD_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L [Nero AG] NeroAutoPlay8LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NeroAutoPlay8PlayAudioCD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8PlayDVD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayDVD_PlayVideoFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8RipCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = RipCD_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8TranscodeVideo\ Provider = Nero Recode InvokeProgID = Nero.AutoPlay8 InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG] NeroAutoPlay8VideoCapture\ Provider = Nero Vision ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NeroAutoPlay8ViewPhotos\ Provider = Nero PhotoSnap Viewer InvokeProgID = Nero.AutoPlay8 InvokeVerb = ViewPhotos_ShowPicturesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG] NMMPlayCDAudioOnArrival\ Provider = Nokia Music Manager InvokeProgID = NokiaMusicManager InvokeVerb = NMMPlayCD HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L" [Nokia] NMMRipCDAudioOnArrival\ Provider = Nokia Music Manager InvokeProgID = NokiaMusicManager InvokeVerb = NMMRipCD HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L" [Nokia] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [Cyberlink] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [Cyberlink] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] RMPPlayCDAudioOnArrival\ Provider = Rich Media Player InvokeProgID = RMP.CDAudio InvokeVerb = play HKLM\SOFTWARE\Classes\RMP.CDAudio\shell\play\command\(Default) = "C:\Users\Ries van Ool\AppData\Local\Rich Media Player\rmplayer.exe" -source=%1 -source-type=cdda [file not found] RMPPlayDVDMovieOnArrival\ Provider = Rich Media Player InvokeProgID = RMP.DVDMovie InvokeVerb = play HKLM\SOFTWARE\Classes\RMP.DVDMovie\shell\play\command\(Default) = "C:\Users\Ries van Ool\AppData\Local\Rich Media Player\rmplayer.exe" -source=%1 -source-type=dvd [file not found] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDeviceOnArrival\ Provider = RealPlayer ProgID = RealPlayer.HWEventHandler HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2} -> {HKLM...CLSID} = RealNetworks Scheduler \LocalServer32\(Default) = "c:\program files\real\realplayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = play HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = play HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team] WIA_{2D988273-4B50-405B-8021-67E17E1B8A9E}\ Provider = Picasa3 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files\Winamp\winamp.exe" "%1" [Nullsoft] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = {46986115-84D6-459c-8F95-52DD653E532E} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Winamp\winamp.exe" [Nullsoft] ZcMTPOnArrival\ Provider = Creative Centrale ProgID = ZcAuto.ZcAutoPlayHandler InitCmdLine = OrganizeMTP HKLM\SOFTWARE\Classes\ZcAuto.ZcAutoPlayHandler\CLSID\(Default) = {E90A5EBC-C2DD-4BE9-81ED-CAB69B411C9D} -> {HKLM...CLSID} = ZcAutoPlayHandler Class \LocalServer32\(Default) = "C:\Program Files\Creative\Shared Files\ZcAuto.exe" [Creative Technology Ltd] ZcRipAudioCDOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.AudioCD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.AudioCD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] ZcRipDVDMovieOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.DVD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.DVD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] ZcRipVideoCDMovieOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.VCD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.VCD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] Startup items in "Ries van Ool" & "All Users" startup folders: -------------------------------------------------------------- C:\Users\Ries van Ool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\Ries van Ool\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] program -> shortcut to: C:\Windows\system32\rundll32.exe C:\PROGRA~2\42DC18C7.cpp,zSS1 [MS] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Ries van Ool\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Users\Ries van Ool\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] ASUS Live Update -> launches: C:\Program Files\ASUS\ASUS Live Update\ALU.exe [empty string] ASUS SmartLogon Console Sensor -> launches: C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [ASUS] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] Google Software Updater -> launches: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start [Google] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000Core -> launches: C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-589480253-1782796221-1050078968-1000UA -> launches: C:\Users\Ries van Ool\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] RealPlayerRealUpgradeLogonTaskS-1-5-21-589480253-1782796221-1050078968-1000 -> launches: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.] RealPlayerRealUpgradeScheduledTaskS-1-5-21-589480253-1782796221-1050078968-1000 -> launches: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-589480253-1782796221-1050078968-1000 -> launches: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-589480253-1782796221-1050078968-1000 -> launches: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.] User_Feed_Synchronization-{A4C08C97-F9A0-4927-BB4D-A86DFFDF5528} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {4498E635-AE00-4861-BC66-00F964EA01C4} -> launches: C:\Windows\system32\pcalua.exe -a E:\eauninstall.exe -d E:\ [MS] {44E6A0BD-8FE5-468F-A1CB-3A4B7E9D6881} -> launches: C:\Windows\system32\pcalua.exe -a "D:\Software\Ulead photo express\Ulead-Photo-Express-6.0.exe" -d "C:\Users\Ries van Ool\Desktop" [MS] {D1B3D598-4E44-4286-87A1-053543E4CF39} -> launches: C:\Program Files\Skype\Phone\Skype.exe [Skype Technologies S.A.] {EA85D599-E0CA-4E76-A8CC-29490049D7B8} -> launches: C:\Windows\system32\pcalua.exe -a "D:\Software\McAfee Virusscanner\mpfp7_7[1].0.152_nl.exe" -d "D:\Software\McAfee Virusscanner" [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ManualDefrag -> launches: %windir%\system32\defrag.exe -c [MS] ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61} -> {HKLM...CLSID} = Transient Multi-Monitor Manager \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f} -> {HKLM...CLSID} = Nap ITask Handler Implementation \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2} -> {HKLM...CLSID} = CrawlStartPages Task Handler \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-589480253-1782796221-1050078968-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 31 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided) -> {HKLM...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoek Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {5067A26B-1337-4436-8AFE-EE169C2DA79F}\ MenuText = Skype add-on for Internet Explorer CLSIDExtension = {77BF5300-1474-4EC7-9980-D32B190E9B07} -> {HKLM...CLSID} = Skype add-on (button) \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype Technologies S.A.] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ ButtonText = Skype CLSIDExtension = {77BF5300-1474-4EC7-9980-D32B190E9B07} -> {HKLM...CLSID} = Skype add-on (button) \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Onderzoek BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoek \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] ASLDR Service, ASLDRService, C:\Program Files\ATK Hotkey\ASLDRSrv.exe [null data] ATKGFNEX Service, ATKGFNEXSrv, C:\Program Files\ATKGFNEX\GFNEXSrv.exe [null data] AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2015\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] CT Device Query service, CTDevice_Srv, C:\Program Files\Creative\Shared Files\CTDevSrv.exe [Creative Technology Ltd] Intel(R) Matrix Storage Event Monitor, IAANTMON, C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [Intel Corporation] Intel(R) PROSet/Wireless Event Log, EvtEng, C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [Intel Corporation] Intel(R) PROSet/Wireless Registry Service, RegSrvc, C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [Intel Corporation] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] Local Communication Channel, ASChannel, C:\Windows\System32\svchost.exe -k Cognizance {C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [Cognizance Corporation]} Logon Session Broker, ASBroker, C:\Windows\System32\svchost.exe -k Cognizance {C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [Cognizance Corporation]} lxeb_device, lxeb_device, C:\Windows\system32\lxebcoms.exe -service [ ] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]} NMIndexingService, NMIndexingService, "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" [Nero AG] NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]} PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [null data] RealNetworks Downloader Resolver Service, RealNetworks Downloader Resolver Service, "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [null data] Sentinel Protection Server, SentinelProtectionServer, "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [SafeNet, Inc] ServiceLayer, ServiceLayer, "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" [Nokia.] spmgr, spmgr, C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [empty string] TomTomHOMEService, TomTomHOMEService, C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [TomTom] USBDLM, USBDLM, C:\Program Files\Heutink ICT\deklas.nu Thuiswerken\USBDLM\USBDLM.exe [Uwe Sieber - www.uwe-sieber.de] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port Monitor\Driver = AdobePDF.dll [Adobe Systems Inc] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] Pro200-S500 Series Port\Driver = lxeblmpm.dll [ ] ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ries van Ool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ries van Ool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Ries van Ool\AppData\Local\Mozilla\Firefox\Profiles\oaq4cx52.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ries van Ool\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1011 folders=291 214937151 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Ries van Ool\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\RIESVA~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ries van Ool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not deleted ==== EOF on di 25-11-2014 at 9:24:36,13 ======================