Wilma Westra

Inmiddels kan ik weer zien wat ik doe:-) Heb je wat aan dit knipsel?

Helaas doet mijn monitor het niet meer. zodra ik een nieuwe heb, meld ik me weer.

Hierbij als knipsel. Er zit ook een applicatie disc bij. Misschien hebben we daar ook iets aan??

Ik heb 2 recoverydiscs gevonden, een voor het 32- en een voor het 64- bit besturingssysteem. Is dit wat je bedoelt? Ik ben natuurlijk liever niet alles kwijt.

Dat is jammer Volgens mij heb ik geen installatiecd nodig, zou dat kunnen? De pc zou dan weer teruggezet kunnen worden naar de fabrieksinstellingen.

Er kwam geen logje, maar bovenstaand venster. Ik ben benieuwd, zou zo maar kunnen dat je hier wat aan hebt. Er is toch ook een logje gekomen: Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Wilma on do 09-05-2013 at 12:36:59,79. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results07-05-2013-1533.log 63649 bytes C:\zoek-results08-05-2013-1310.log 697 bytes C:\zoek-results09-05-2013-1042.log 3159 bytes C:\zoek-results29-04-2013-1023.log 410 bytes ==== Batch Command(s) Run By Tool======================

Nogmaals bedankt voor al je hulp. Het bestand vpnike.dll is aanwezig in de map C:\Windows\System32. de Secure Socket Tunneling Protocol Service is opgestart. Remote Access Auto Connection Manager en Remote Access Connection Manager hebben geen status en het opstarttype is handmatig. Hierbij de inhoud van het geopende logje: Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Wilma on do 09-05-2013 at 10:41:43,38. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results07-05-2013-1533.log 63649 bytes C:\zoek-results08-05-2013-1310.log 697 bytes C:\zoek-results29-04-2013-1023.log 410 bytes ==== Batch Command(s) Run By Tool====================== vssadmin 1.1 - Opdrachtregelbeheerprogramma voor Volume Shadow Copy-service © Copyright 2001-2005 Microsoft Corp. Naam schrijver: 'Task Scheduler Writer' Schrijver-id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124} Id van schrijverinstantie: {1bddd48e-5052-49db-9b07-b96f96727e6b} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'VSS Metadata Store Writer' Schrijver-id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06} Id van schrijverinstantie: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'Performance Counters Writer' Schrijver-id: {0bada1de-01a9-4625-8278-69e735f39dd2} Id van schrijverinstantie: {f0086dda-9efc-47c5-8eb6-a944c3d09381} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'System Writer' Schrijver-id: {e8132975-6f93-4464-a53e-1050253ae220} Id van schrijverinstantie: {5794da7e-e0f6-4101-83f0-7bc909af4302} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'ASR Writer' Schrijver-id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Id van schrijverinstantie: {636f576f-ceb3-4f74-b488-061532aefefb} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'BITS Writer' Schrijver-id: {4969d978-be47-48b0-b100-f328f07ac1e0} Id van schrijverinstantie: {24dc5316-a7e4-4f3f-b252-1dd5e11a9768} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'WMI Writer' Schrijver-id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Id van schrijverinstantie: {370a051c-39d7-4ad3-906c-a3e06fdfb7e4} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'COM+ REGDB Writer' Schrijver-id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Id van schrijverinstantie: {dd2cc67f-c6e2-4763-bab7-a22c954d514a} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'Registry Writer' Schrijver-id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Id van schrijverinstantie: {4c592812-5392-44b3-affd-e0a494f2b8b4} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'Shadow Copy Optimization Writer' Schrijver-id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Id van schrijverinstantie: {6c80e045-7c8a-49f8-93cd-b72ac9c41bce} Status: [1] Stabiel Laatste fout: Geen fout Naam schrijver: 'MSSearch Service Writer' Schrijver-id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Id van schrijverinstantie: {779f16ba-9bfd-43c9-ad19-e56f541dea61} Status: [1] Stabiel Laatste fout: Geen fout vssadmin 1.1 - Opdrachtregelbeheerprogramma voor Volume Shadow Copy-service © Copyright 2001-2005 Microsoft Corp. Geen items gevonden die aan de query voldoen.

[ATTACH]25679[/ATTACH] Hierboven het bestandje. Syslog2013-05-08.txt

Daar is hij. Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Wilma on wo 08-05-2013 at 13:08:50,55. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results07-05-2013-1533.log 63649 bytes C:\zoek-results29-04-2013-1023.log 410 bytes ==== Batch Command(s) Run By Tool====================== vssadmin 1.1 - Opdrachtregelbeheerprogramma voor Volume Shadow Copy-service © Copyright 2001-2005 Microsoft Corp. Providernaam: 'Microsoft Software Shadow Copy provider 1.0' Providertype: Systeem Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5} Versie: 1.0.0.7

Hierbij het logje met zoek.exe. Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Wilma on di 07-05-2013 at 15:28:32,74. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results29-04-2013-1023.log 410 bytes ==== Registry Exports ====================== [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "OsLoaderPath"="\\" "RestartSetup"=dword:00000000 "SetupType"=dword:00000000 "SystemPartition"="\\Device\\HarddiskVolume1" "SystemSetupInProgress"=dword:00000000 "SetupPhase"=dword:00000000 "CmdLine"="" "OOBEInProgress"=dword:00000000 "WorkingDirectory"="C:\\Windows\\Panther" "CloneTag"=hex(7):57,00,65,00,64,00,20,00,4a,00,61,00,6e,00,20,00,32,00,30,00,\ 20,00,31,00,30,00,3a,00,31,00,31,00,3a,00,32,00,31,00,20,00,32,00,30,00,31,\ 00,30,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ERSvc] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\Power] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\SamSs] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\sppsvc] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\WS2IFSL] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Pid] "Pid"="00000270" [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines] "CurrentVersion"="2.0" [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0] "Flags"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0\CoreOS] "Version"="6.0.6000.16386" "DisplayName"="Windows Core OS Components" "Type"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0] "Flags"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0\CoreOS] "Version"="6.0.6000.16386" "DisplayName"="Windows Core OS Components" "Type"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1\CoreOS] "Version"="6.1.7601.17514" "DisplayName"="Windows Core OS Components" "Type"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components\CoreOS] "Version"="6.1.7601.17514" "DisplayName"="Windows Core OS Components" "Type"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupCl] "BlockOperations"=dword:00000000 "HiveTime"=dword:000012d4 "FileACLTime"=dword:0000002e "RunTime"=dword:000014a8 "ExecutionSuccessful"=dword:00000001 "NTSTATUS"=dword:00000000 "DriveMask"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupCl\PendingRequest] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018de] "ID"=dword:000018de "VALUE"=dword:0000056c [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018df] "ID"=dword:000018df "VALUE"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e0] "ID"=dword:000018e0 "VALUE"=dword:000787b3 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e1] "ID"=dword:000018e1 "VALUE"=dword:000014a8 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e2] "ID"=dword:000018e2 "VALUE"=dword:00046f25 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e5] "ID"=dword:000018e5 "VALUE"=dword:00000157 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\00001911] "ID"=dword:00001911 "VALUE"=dword:000222c1 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status] "AuditBoot"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\ChildCompletion] "setup.exe"=dword:00000003 "oobeldr.exe"=dword:00000003 "SetupFinalTasks"=dword:00000003 "audit.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus] "GeneralizationState"=dword:00000007 "CleanupState"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\UnattendPasses] "specialize"=dword:00000000 "oobeSystem"=dword:00000002 "windowsPE"=dword:00000000 "offlineServicing"=dword:00000000 "generalize"=dword:00000000 "auditSystem"=dword:00000000 "auditUser"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeBootPerf] "StartLow"=dword:7cf6f218 "StartHigh"=dword:01cd4233 "StopLow"=dword:a31bd5e6 "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeCmdPerf] "StartLow"=dword:4dac05fe "StartHigh"=dword:01cd4234 "StopLow"=dword:4dac05fe "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeExePerf] "StartLow"=dword:4f919eb6 "StartHigh"=dword:01cd4234 "StopLow"=dword:a2ff4563 "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\PendingActionsPerf] "StartLow"=dword:2e203c5c "StartHigh"=dword:01cd4234 "StopLow"=dword:2ef416d5 "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\SetupCompleteTimer] "StartLow"=dword:a26a9d9a "StartHigh"=dword:01cd4234 "StopLow"=dword:a29efbe0 "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\SysprepPnpTimer] "StartLow"=dword:7ef45892 "StartHigh"=dword:01cd4233 "StopLow"=dword:2c29fa02 "StopHigh"=dword:01cd4234 [HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus] "setupapi.app.log"=dword:00001000 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-04-12 18:36:10 E16586020CA7590FFDD1FA6327EB37D4 385560233 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Wilma\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-04-30 14:37:17 D017BF8D92938EEB9B3A1D1C53FDA152 14323200 ----a-w- C:\Windows\System32\mshtml.dll 2013-04-30 14:37:17 CFE0CEE587F9CEA4C29DEEC6D85FC91C 1766912 ----a-w- C:\Windows\System32\wininet.dll 2013-04-30 14:37:17 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\System32\msls31.dll 2013-04-30 14:37:17 B5DEC0D4CBBC333CA99FE10B06D4747E 2046464 ----a-w- C:\Windows\System32\iertutil.dll 2013-04-30 14:37:17 B5D742C535D37A7DA0649E03B32CAD80 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-04-30 14:37:17 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\System32\mshtmled.dll 2013-04-30 14:37:17 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-30 14:37:17 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\System32\msrating.dll 2013-04-30 14:37:17 87B775A458A73BB7381E5B67B5652496 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-04-30 14:37:17 69CB1A65B835EE6ADF9E16ED6D443072 1129984 ----a-w- C:\Windows\System32\urlmon.dll 2013-04-30 14:37:17 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe 2013-04-30 14:37:17 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 14:37:17 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\System32\inseng.dll 2013-04-30 14:37:17 3275F17533CB1599841AAABA3C8D3E8E 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-30 14:37:17 260D83B1B3696DFA30E33E015C30E12C 137216 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-30 14:37:17 1B6A7D965462BE6220727721A4CDB247 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-30 14:37:17 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\System32\elshyph.dll 2013-04-30 14:37:17 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe 2013-04-30 14:37:16 F532B056147F251D480F7E5FF0758947 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-04-30 14:37:16 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\System32\url.dll 2013-04-30 14:37:16 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\System32\dxtrans.dll 2013-04-30 14:37:16 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\System32\dxtmsft.dll 2013-04-30 14:37:16 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2013-04-30 14:37:16 BFDD0C5F3E435596F197F003609989C4 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-30 14:37:16 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\System32\imgutil.dll 2013-04-30 14:37:16 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\System32\mshtmler.dll 2013-04-30 14:37:16 A7CFDA703AF9AD409DAA521487E0CB53 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-30 14:37:16 9B59687619B27CDA24638CDC3AF079FB 2877440 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-30 14:37:16 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\System32\icardie.dll 2013-04-30 14:37:16 90F785F7594E3AF23D4392677042BE9A 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-04-30 14:37:16 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\System32\ieapfltr.dat 2013-04-30 14:37:16 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\System32\IEAdvpack.dll 2013-04-30 14:37:16 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\System32\iepeers.dll 2013-04-30 14:37:16 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\System32\pngfilt.dll 2013-04-30 14:37:16 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\System32\occache.dll 2013-04-30 14:37:16 6EF6B6EACCA13DD6131624E0DD5C14A3 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-04-30 14:37:16 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 14:37:16 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe 2013-04-30 14:37:16 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\System32\html.iec 2013-04-30 14:37:16 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\System32\tdc.ocx 2013-04-30 14:37:16 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\System32\iedkcs32.dll 2013-04-30 14:37:16 3FA7F736B877B46EDF1EE6BE6051848D 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-04-30 14:37:16 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe 2013-04-30 14:37:16 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\System32\msfeedsbs.dll 2013-04-30 14:37:16 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\System32\ieuinit.inf 2013-04-30 14:37:16 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\System32\ieapfltr.dll 2013-04-30 14:37:16 0B6118058942961D504AAEA04FECB116 13761024 ----a-w- C:\Windows\System32\ieframe.dll 2013-04-30 14:37:15 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\System32\licmgr10.dll 2013-04-30 14:37:15 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\System32\webcheck.dll 2013-04-30 14:37:15 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-30 14:36:19 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-04-30 14:36:19 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-04-30 14:36:19 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-30 14:36:19 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-30 14:36:19 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-30 14:36:19 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-04-30 14:36:19 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-30 14:36:19 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-04-30 14:36:19 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-30 14:36:19 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-30 14:36:19 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-30 14:36:19 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-30 14:36:19 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-30 14:36:18 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\System32\d3d10core.dll 2013-04-30 14:36:18 E12C4928B32ACE04610259647F072635 906240 ----a-w- C:\Windows\System32\FntCache.dll 2013-04-30 14:36:18 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\System32\dxgi.dll 2013-04-30 14:36:18 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-04-30 14:36:18 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-04-30 14:36:18 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\System32\d2d1.dll 2013-04-30 14:36:18 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-04-30 14:36:18 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\System32\d3d10.dll 2013-04-30 14:36:18 7ACDFB4CC67F4993DF0E0731576309B2 1504768 ----a-w- C:\Windows\System32\d3d11.dll 2013-04-30 14:36:18 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-04-30 14:36:18 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-04-30 14:36:18 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\System32\DWrite.dll 2013-04-30 14:36:18 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-04-30 14:36:18 3BCECD87AB4E6743BFB45B352AD1A529 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll ====== C:\Windows\system32\drivers ===== 2013-04-24 14:41:41 5E43D2B0EE64123D4880DFA6626DEFDE 1211752 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-12 11:11:09 E306A24D9694C724FA2491278BF50FDB 196328 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-09 21:06:49 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-04-12 17:52:19 -------- d-----w- C:\Program Files\Speccy 2013-04-11 11:40:18 -------- d-----w- C:\Program Files\Common Files\Skype ======= C: ===== 2013-05-06 18:03:40 E19C01E246A3F87F6478BE008E39E2F8 285 ----a-w- C:\vsslist.txt 2013-04-26 13:22:07 FA02ACFA0D968502212E01C46BEE4AA5 1124 ----a-w- C:\DelFix.txt ====== C:\Users\Wilma\AppData\Roaming ====== 2013-04-11 20:59:03 -------- d-----w- C:\users\Wilma\AppData\Local\Temp 2013-04-10 18:01:18 -------- d-----w- C:\users\Public\AppData\Local\temp 2013-04-10 18:01:18 -------- d-----w- C:\users\Default\AppData\Local\temp 2013-04-10 18:01:18 -------- d-----w- C:\users\Default User\AppData\Local\temp 2013-04-09 21:15:22 -------- d-----w- C:\users\Wilma\AppData\Local\ElevatedDiagnostics ====== C:\Users\Wilma ====== 2013-04-10 18:01:18 -------- d-----w- C:\Users\Public\AppData ====== C: exe-files == 2013-05-07 13:15:53 B59C4BFE09E4B85E580B3854C2E8F689 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IPCM24T.exe 2013-05-04 13:00:26 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateBroker.exe 2013-05-04 13:00:26 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe 2013-05-04 13:00:25 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateSetup.exe 2013-05-04 13:00:20 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe 2013-05-04 13:00:20 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler64.exe 2013-05-04 13:00:19 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdate.exe 2013-05-04 13:00:17 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe 2013-05-03 20:51:07 15B86AEBC342B42AB5CAFA3E7A743A60 4346816 ----a-w- C:\Users\Wilma\Downloads\ccsetup401 (1).exe 2013-05-03 20:49:08 15B86AEBC342B42AB5CAFA3E7A743A60 4346816 ----a-w- C:\Users\Wilma\Downloads\ccsetup401.exe 2013-04-30 14:37:17 E4F6125ED5185F8FA37CC4F449B85526 770608 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-04-30 14:37:17 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe 2013-04-30 14:37:17 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 14:37:17 260D83B1B3696DFA30E33E015C30E12C 137216 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-30 14:37:17 1B6A7D965462BE6220727721A4CDB247 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-30 14:37:17 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe 2013-04-30 14:37:16 F627F4D4223F3F7D104294575E9E6F9D 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2013-04-30 14:37:16 F532B056147F251D480F7E5FF0758947 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-04-30 14:37:16 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 14:37:16 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe 2013-04-30 14:37:16 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2013-04-30 14:37:16 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe 2013-04-30 14:37:16 3090B888E263E56744F8BFEF3A36D67D 467456 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2013-04-30 14:37:16 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe === C: other files == 2013-05-07 13:27:38 EFF68C4C3AE6C4C317A88FD6A2476CAC 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$I0KMOGD.zip 2013-05-07 13:27:34 6556ED0F754E340CE51D2D090F98EBE5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IDFXEZR.zip 2013-05-07 13:27:30 39D9C19FA78A407819F150EEE693B8EB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IFCHYF5.zip 2013-05-07 13:27:26 A5EC43769DD8AD57E957634A368FC55D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$I8L4A4U.zip 2013-05-07 13:27:22 449FE9210ACFAF0CD31373EFD8CD2671 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IPI2WT2.zip 2013-05-07 13:20:16 CDCFC1695EE9C50664C40A91334BFDB3 1264610 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$RFCHYF5.zip 2013-05-07 13:19:52 CDCFC1695EE9C50664C40A91334BFDB3 1264610 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$RDFXEZR.zip ======== System Restore Points ======== No Restore Point in System. ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2375090405-1869871859-1792986959-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "EMET Notifier"="C:\Program Files\EMET\EMET_notifier.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Folders ====================== 2012-06-11 08:29:28 1288 ----a-w- C:\users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13-03-2013 20:57] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [22-10-2012 13:45] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2012 11:52] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2012 11:52] ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] Skype = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [skype Technologies S.A.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAStorIcon = C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data] CLMLServer = "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [CyberLink] RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor] GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] EMET Notifier = C:\Program Files\EMET\EMET_notifier.exe [null data] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM...CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper -> {HKLM...CLSID} = NVIDIA CPL Extension \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] {72923739-5A47-40A3-9895-25AF0DFBB9E4} = Glary Utilities Context Menu Shell Extension -> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} -> {HKLM...CLSID} = Local Groove Web Services Protocol \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS] <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM...CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] <<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies] <<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <<!>> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} EnableSecureUIAPath = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] WIA_{67D74704-3A20-48DA-8972-690A511AB900}\ Provider = EPSON Scan CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Windows\twain_32\escndv\escndv.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Wilma" & "All Users" startup folders: ------------------------------------------------------- C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GlaryInitialize -> launches: C:\Program Files\Glary Utilities\initialize.exe [Glarysoft Ltd] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Scheduled Update for Ask Toolbar -> launches: C:\Program Files\Ask.com\UpdateTask.exe [file not found] User_Feed_Synchronization-{9F24D1D4-B737-42A8-910E-C05180C0A003} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {9E45B4DA-1B17-432C-8E71-79B7BABDD91D} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Wilma\Downloads\zoek (1).exe" -d C:\Users\Wilma\Downloads [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2375090405-1869871859-1792986959-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 30 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] ProtexisLicensing, ProtexisLicensing, C:\Windows\system32\PSIService.exe [null data] Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [skype Technologies S.A.] TeamViewer 8, TeamViewer8, "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> MsMpSvc, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> MsMpSvc, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON SX420W Series 32MonitorBE\Driver = E_FLBGCE.DLL [sEIKO EPSON CORPORATION] EPSON SX430 Series 32MonitorBE\Driver = E_FLBHAE.DLL [sEIKO EPSON CORPORATION] Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]

Ik heb 6 x geprobeerd bovenstaande tekst in te voeren, maar dan gebeurt er niets.....

Ik heb hem op 20% gezet.

Nee dat was het ook niet.

Staat het max. gebruik te laag, lukt het daarom niet om een herstelpunt of een back-up te maken?

Hierboven het knipsel.

Ik heb bovenstaande uitgevoerd. Pc meldt dat het herstelpunt is gemaakt, maar als ik bij het overzicht kijk, is er geen herstelpunt. Ook kan ik nog steeds geen back-up van de pc maken. Hij is ook traag op bepaalde momenten, bij opstarten en ook af en toe daarna. (alsof er een conflict is)

Dan toont hij geen herstelpunt. Gek he!

CCleaner zijn werk laten doen. Daarna weer geprobeerd een herstelpunt te maken. Pc meldt dat er een herstelpunt is gemaakt, maar als ik het probeer terug te vinden, krijg ik weer de melding dat er geen herstelpunten op deze pc zijn gemaakt.

[ATTACH]25584[/ATTACH] Ik heb nogmaals systeemherstel gedaan. de pc meldde dat het gelukt was, maar als ik het herstelpunt wil bekijken, meldt de pc dat er geen herstelpunten zijn. Het logboek toepassingen gaf geen gebeurtenissen, daar heb ik dus geen bestand van kunnen maken. SysLog.txt

[ATTACH]25557[/ATTACH] sfcdetails.txt

Dan krijg ik hetzelfde schermpje als hiervoor.

Als ik systeemherstel intype, start het niet op. Bij enter krijg ik onderstaand scherm:

Ik doe dat via: 'deze pc naar een eerdere toestand herstellen' en krijg dan de melding dat er geen herstelpunten op het systeem van de pc zijn gemaakt.

Hier is het logje. Zoek.exe Version 4.0.0.2 Updated 23-04-2013 Tool run by Wilma on ma 29-04-2013 at 10:21:02,52. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 29-4-2013 10:22:21 Zoek.exe System Restore Point Created Succesfully. ======== System Restore Points ======== No Restore Point in System. - - - Updated - - - Op pagina 2 is dit ook uitgevoerd en kwam er ook de melding: No Restore Point in System. Ik snap er niets van, ik hoop jullie wel ;-)

Niet gelukt, ik krijg weer de melding dat er geen herstelpunt is.