Zoek.exe v5.0.0.0 Updated 02-April-2015 Tool run by pc on di 07-04-2015 at 21:51:18,84. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\pc\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-04-06-185645.log 48842 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Windows\SysWOW64\CTHELPER.EXE C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files (x86)\TeamViewer\tv_w32.exe C:\Program Files (x86)\TeamViewer\tv_x64.exe c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe C:\Users\pc\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Windows Installer Info ====================== Adobe Audition 3.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB141C35E9F4BF344B9FC010BB17F68A]C:\Windows\Installer\122d36.msi Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\Windows\Installer\2465e8.msi Authorizer Ignition Key Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\184466AAB0692E7459D9F21C007CD431]C:\Windows\Installer\3116cf2.msi COMODO Internet Security [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B5F1BA6D6DEF9A94797423B72DF83B7C]C:\Windows\Installer\51b65e.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\11253eb.msi ImagXpress [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9802F8A97F16FB43B582A2C0B9B7AD4]C:\Windows\Installer\2aaa8e3.msi Intel(R) Network Connections [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BB6B5B440AD65B4EA71DDFBF3448688]C:\Windows\Installer\b425.msi Intel© Trusted Connect Service Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FBA1D77998047AC4AB33CC5708B8A7EC]C:\Windows\Installer\4204b.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\30aec34.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6414876250E69FF3395387C6C7F05BEB]C:\Windows\Installer\2dc7d73.msi Microsoft Access MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510031400100000000F01FEC]C:\Windows\Installer\15d5aaf.msi Microsoft Antimalware [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D880477777087D409D44E533B815F2D]c:\Windows\Installer\4e857.msi Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\04B5C4C71E340984DA051E8E8F44D6F5]c:\Windows\Installer\4e85d.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\11253d7.msi Microsoft DCF MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090031400100000000F01FEC]C:\Windows\Installer\15d5b03.msi Microsoft Excel MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610031400100000000F01FEC]C:\Windows\Installer\15d5ad9.msi Microsoft Groove MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0031400100000000F01FEC]C:\Windows\Installer\15d5b1f.msi Microsoft InfoPath MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440031400100000000F01FEC]C:\Windows\Installer\15d5abd.msi Microsoft Lync MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21031400100000000F01FEC]C:\Windows\Installer\15d5ae7.msi Microsoft Office 32-bit Components 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091C0000000100000000F01FEC]C:\Windows\Installer\15d5bba.msi Microsoft Office Korrekturhilfen 2013 - Deutsch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10070400100000000F01FEC]C:\Windows\Installer\15d5b3b.msi Microsoft Office OSM MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0031400100000000F01FEC]C:\Windows\Installer\15d5b73.msi Microsoft Office OSM UX MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0031400100000000F01FEC]C:\Windows\Installer\15d5b81.msi Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005119110000000100000000F01FEC]C:\Windows\Installer\15d5bcc.msi Microsoft Office Proofing (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20031400100000000F01FEC]C:\Windows\Installer\15d5b65.msi Microsoft Office Proofing Tools 2013 - English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10090400100000000F01FEC]C:\Windows\Installer\15d5b57.msi Microsoft Office Proofing Tools 2013 - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10031400100000000F01FEC]C:\Windows\Installer\15d5b2d.msi Microsoft Office Shared 32-bit MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091C0031400100000000F01FEC]C:\Windows\Installer\15d5acb.msi Microsoft Office Shared MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60031400100000000F01FEC]C:\Windows\Installer\15d5aa1.msi Microsoft OneNote MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0031400100000000F01FEC]C:\Windows\Installer\15d5b11.msi Microsoft Outlook MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10031400100000000F01FEC]C:\Windows\Installer\15d5b8f.msi Microsoft PowerPoint MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810031400100000000F01FEC]C:\Windows\Installer\15d5b9d.msi Microsoft Publisher MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910031400100000000F01FEC]C:\Windows\Installer\15d5af5.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EE34577E5BF66FF4BA073635298C7C65]c:\Windows\Installer\4e84c.msi Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\37F9BACFD5FBD3E4297E0B3FC565F802]c:\Windows\Installer\4e852.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\11253f7.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\2aaa8d5.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\11c56e.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]C:\Windows\Installer\27c0f56.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]C:\Windows\Installer\27c0f65.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]C:\Windows\Installer\407dc.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\3f401.msi Microsoft Word MUI (Dutch) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10031400100000000F01FEC]C:\Windows\Installer\15d5bab.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7205E5CD8E56BC1418C5A9BA84FB8B2E]C:\Windows\Installer\1125413.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B4EB76DD26E75124FA3A1F328A003A98]C:\Windows\Installer\11253ff.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\11253c3.msi MSVCRT110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8CDD41E806AE81E43B3E917301D4B5AD]C:\Windows\Installer\11253c7.msi MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F187AF9E08E3993428A5DAE3112CC877]C:\Windows\Installer\11253cb.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]C:\Windows\Installer\135d482.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]C:\Windows\Installer\135d491.msi Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100C0400100000000F01FEC]C:\Windows\Installer\15d5b49.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4FB8353CB5373F540BE95C140A704E8E]C:\Windows\Installer\112540b.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\048BED4F836BECB4CAB650E73FE10021]C:\Windows\Installer\112540f.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E66BAA708174D2242981A4BFC329A217]C:\Windows\Installer\11253fb.msi PVSonyDll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D366E3D3E7E477545A06E7DCDD5445A8]C:\Windows\Installer\4e840.msi VC_CRT_x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F7322F45C810B3848848F90C8D88043C]C:\Windows\Installer\b421.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80316C14DFC645D4BAA61763DE801AE8]C:\Windows\Installer\11253e3.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9A509B147BE07C48BB1F544C6715866]C:\Windows\Installer\1125407.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C27625EC9E0A05448857882A125DDC05]C:\Windows\Installer\11253cf.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C18BC956E45B1FD46B813F757793A345]C:\Windows\Installer\11253d3.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B2346D1D42EE5044ABA7D6E0D88BC9C]C:\Windows\Installer\11253f3.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8F1162B7EFE88E478D5910FFEEA784E]C:\Windows\Installer\11253e7.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00BA1CDCFF107CF418A6616CF790320C]C:\Windows\Installer\11253df.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0003981D77AEC394D8DD2E2634E659B9]C:\Windows\Installer\11253db.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C8BD9F007D5674D4BAF56F89EE8385D0]C:\Windows\Installer\11253ef.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0B2C0921EEC55F4BA645417CE10AD69]C:\Windows\Installer\1125403.msi ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 9CB6-2312 Map van C:\ 14-07-2009 07:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 08-02-2011 15:40 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14-07-2009 07:08 Application Data [C:\ProgramData] 08-02-2011 15:40 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 07:08 Desktop [C:\Users\Public\Desktop] 08-02-2011 15:40 Documenten [C:\Users\Public\Documents] 14-07-2009 07:08 Documents [C:\Users\Public\Documents] 08-02-2011 15:40 Favorieten [C:\Users\Public\Favorites] 14-07-2009 07:08 Favorites [C:\Users\Public\Favorites] 08-02-2011 15:40 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 08-02-2011 15:40 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 08-02-2011 15:40 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 14-07-2009 07:08 All Users [C:\ProgramData] 14-07-2009 07:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14-07-2009 07:08 Application Data [C:\ProgramData] 08-02-2011 15:40 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 07:08 Desktop [C:\Users\Public\Desktop] 08-02-2011 15:40 Documenten [C:\Users\Public\Documents] 14-07-2009 07:08 Documents [C:\Users\Public\Documents] 08-02-2011 15:40 Favorieten [C:\Users\Public\Favorites] 14-07-2009 07:08 Favorites [C:\Users\Public\Favorites] 08-02-2011 15:40 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 08-02-2011 15:40 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 08-02-2011 15:40 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 14-07-2009 07:08 Application Data [C:\Users\Default\AppData\Roaming] 14-07-2009 07:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14-07-2009 07:08 Local Settings [C:\Users\Default\AppData\Local] 08-02-2011 15:40 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 08-02-2011 15:40 Mijn documenten [C:\Users\Default\Documents] 14-07-2009 07:08 My Documents [C:\Users\Default\Documents] 14-07-2009 07:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 08-02-2011 15:40 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 07:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 07:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14-07-2009 07:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 08-02-2011 15:40 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14-07-2009 07:08 Application Data [C:\Users\Default\AppData\Local] 08-02-2011 15:40 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 07:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 07:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 08-02-2011 15:40 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 08-02-2011 15:40 Mijn afbeeldingen [C:\Users\Default\Pictures] 08-02-2011 15:40 Mijn muziek [C:\Users\Default\Music] 08-02-2011 15:40 Mijn video's [C:\Users\Default\Videos] 14-07-2009 07:08 My Music [C:\Users\Default\Music] 14-07-2009 07:08 My Pictures [C:\Users\Default\Pictures] 14-07-2009 07:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\pc 08-06-2012 22:14 Application Data [C:\Users\pc\AppData\Roaming] 08-06-2012 22:14 Cookies [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Cookies] 08-06-2012 22:14 Local Settings [C:\Users\pc\AppData\Local] 08-06-2012 22:14 Menu Start [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu] 08-06-2012 22:14 Mijn documenten [C:\Users\pc\Documents] 08-06-2012 22:14 NetHood [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 08-06-2012 22:14 Netwerkprinteromgeving [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08-06-2012 22:14 Recent [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Recent] 08-06-2012 22:14 SendTo [C:\Users\pc\AppData\Roaming\Microsoft\Windows\SendTo] 08-06-2012 22:14 Sjablonen [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\pc\AppData\Local 08-06-2012 22:14 Application Data [C:\Users\pc\AppData\Local] 08-06-2012 22:14 Geschiedenis [C:\Users\pc\AppData\Local\Microsoft\Windows\History] 08-06-2012 22:14 Temporary Internet Files [C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu 08-06-2012 22:14 Programma's [C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\pc\Documents 08-06-2012 22:14 Mijn afbeeldingen [C:\Users\pc\Pictures] 08-06-2012 22:14 Mijn muziek [C:\Users\pc\Music] 08-06-2012 22:14 Mijn video's [C:\Users\pc\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 08-02-2011 15:40 Mijn afbeeldingen [C:\Users\Public\Pictures] 08-02-2011 15:40 Mijn muziek [C:\Users\Public\Music] 08-02-2011 15:40 Mijn video's [C:\Users\Public\Videos] 14-07-2009 07:08 My Music [C:\Users\Public\Music] 14-07-2009 07:08 My Pictures [C:\Users\Public\Pictures] 14-07-2009 07:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 76 map(pen) 83.130.236.928 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Audition 3.0 Adobe Flash Player 17 NPAPI Adobe Reader XI (11.0.10) - Nederlands Authorizer 2.5.1 Authorizer Ignition Key Support CCleaner COMODO Internet Security D3DX10 Defraggler E-MU Audio Drivers E-muPatchMix DSP ImagXpress Intel(R) Management Engine Components Intel(R) Network Connections 18.5.54.0 Intel© Trusted Connect Service Client LatencyMon 4.01 Line 6 Uninstaller Malwarebytes Anti-Malware versie 2.0.4.1028 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Access MUI (Dutch) 2013 Microsoft Antimalware Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 32-bit MUI (Dutch) 2013 Microsoft Office Shared MUI (Dutch) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word MUI (Dutch) 2013 Movie Maker Mozilla Firefox 37.0.1 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 31.6.0 (x86 nl) MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml NVIDIA-configuratiescherm 347.52 NVIDIA 3D Vision stuurprogramma 347.52 NVIDIA Display Control Panel NVIDIA Grafisch stuurprogramma 347.52 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 10.4.0 NVIDIA Update Core Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais Photo Common Photo Gallery Picasa 3 PVSonyDll Reason 7.0.1 Steinberg HALion Sonic SE Content for Cubase LE AI Elements TeamViewer 10 VC_CRT_x64 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\ProgramData\cm-lock" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 16343 MB CPU Info: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz CPU Speed: 3393,8 MHz Sound Card: Luidsprekers (E-MU E-DSP Audio | Display Adapters: NVIDIA GeForce GT 430 | NVIDIA GeForce GT 430 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) 82579LM Gigabit Network Connection CD / DVD Drives: 1x (H: | ) H: HL-DT-STDVDRAM GH24NS90 Ports: COM3 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 111,7GB | D: 491,3GB | E: 440,2GB | F: 399,2GB | G: 440,2GB | I: 4,9GB | J: 48,9GB | K: 130,3GB | L: 48,8GB | M: 100,0MB | N: 2794,4GB Hard Disks - Free: C: 77,4GB | D: 455,2GB | E: 361,6GB | F: 390,3GB | G: 41,7GB | I: 4,8GB | J: 33,4GB | K: 50,7GB | L: 47,8GB | M: 70,3MB | N: 1847,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer INC. P8Q67-M DO/TPM Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: COMODO Antivirus On-access scanning disabled (Outdated) Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: COMODO Defense+ disabled (Outdated) Firewall: COMODO Firewall disabled Default Browser: Firefox 37.0.1 Internet Explorer Version: 11.0.9600.17691 Mozilla Firefox version: 37.0.1 (x86 nl) Adobe Reader version: 11.0.10.32 Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\pc\AppData\Local\Temp ==== 2015-03-30 09:31:50 AF826C450E083BC853B797ED08F5A7D1 7815496 ----a-w- C:\Users\pc\AppData\Local\Temp\TeamViewer\TeamViewer_.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2040-06-11 18:02:29 DC7024B085E7DFF450D53239D9518D8B 2892 ----a-w- C:\Windows\SysWOW64\audcon.sys 2015-04-06 15:44:05 46F29AEB5FC0F6E6BD477EBB4AE0EB42 621384 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe 2015-04-04 15:48:56 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2015-04-04 10:09:52 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-04-03 21:37:46 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2015-04-03 21:37:46 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2015-04-03 21:37:46 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2015-04-03 21:37:45 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2015-04-03 21:37:44 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2015-04-02 14:16:04 C1C7EFE18FAF1D77AC87D30A27895532 778928 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-02 14:16:04 6E949AEE540BB35FAB72DF84B2171A03 142512 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-01 19:25:22 4C70334EFA0B82EEFC0B8B8AFA1A4C85 4 ----a-w- C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-04-06 15:42:19 EBDBE8037B0BE75B05CBC5DEEE49BA90 677888 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-04-06 15:42:19 E82D241A892C15FB42AB0A3D83C01ACA 414720 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-04-06 15:42:19 B3B9C29F90A10216F13113757BCACAD8 1107456 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-04-06 15:42:19 82009026471290E8A512D1FE2442FDFC 760832 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-04-06 15:42:19 75A43F9EA79BF721DC6D94980F85F87D 943616 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-04-06 15:42:19 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2015-04-06 15:42:19 4BA77DD4E4894EAF2BCB2D3E0A0B6F7A 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-04-06 15:42:19 1C11E0739B2B354647D292FCDCB7AF8E 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-04-06 15:42:18 EBDE90C94A0671F05AAA0DF2A2139F43 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-04-04 15:50:14 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-04-04 15:48:56 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll 2015-04-04 10:09:52 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-04-03 21:38:32 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2015-04-03 21:37:55 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2015-04-03 21:37:55 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2015-04-03 21:37:46 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2015-04-03 21:37:46 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2015-04-03 21:37:46 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2015-04-03 21:37:45 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe 2015-04-03 21:37:45 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe 2015-04-03 21:37:44 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll ====== C:\Windows\Sysnative\drivers ===== 2015-04-03 21:37:54 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2015-03-11 18:31:48 A3D04EBF5227886029B4532F20D026F7 14464 ----a-w- C:\Windows\Sysnative\drivers\wdcsam64.sys 2015-03-11 08:30:11 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2015-03-11 08:30:11 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-03-11 08:30:10 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2015-03-11 08:29:57 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-03-11 08:29:57 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-03-11 08:29:56 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2015-04-03 22:36:26 1E9CF8E9E8CA1B504E04829A9FB37D22 5026 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for pc-PC-pc pc-PC 2015-04-01 18:25:32 B106C1EC6CF2AB5C15711FE91AC6DECE 680 ----a-w- C:\Windows\Tasks\trivia_games_updating_service.job 2015-04-01 18:25:32 7CD2E082FE2BCD1444B758B01375AA27 3706 ----a-w- C:\Windows\Sysnative\Tasks\trivia_games_updating_service 2015-04-01 18:25:11 B2B42EFB0BBE1661FD3336C87CFF370C 1318 ----a-w- C:\Windows\Tasks\trivia_games_notification_service.job 2015-04-01 18:25:11 0B09AFE3D336CA0BAD88B8035A06F2D5 4342 ----a-w- C:\Windows\Sysnative\Tasks\trivia_games_notification_service ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-06 14:40:48 -------- d-----w- C:\Program Files\trend micro 2015-04-05 21:33:53 -------- d-----w- C:\Program Files\Defraggler ======= C:\PROGRA~2 ===== 2015-04-07 19:43:53 -------- d-----w- C:\PROGRA~2\TeamViewer 2015-04-02 14:21:18 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird ======= C: ===== 2015-04-02 14:03:07 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{2a34a8ef-d904-11e4-86f4-f46d046514f1}.TMContainer00000000000000000002.regtrans-ms 2015-04-02 14:03:07 2C6B8BCD8A6CE2FCA4A63125DA6455AB 524288 --sha-w- C:\ntuser.dat{2a34a8ef-d904-11e4-86f4-f46d046514f1}.TMContainer00000000000000000001.regtrans-ms 2015-04-02 14:03:07 15624F2C8E29A9FFFA7344ABFB3BFA48 65536 --sha-w- C:\ntuser.dat{2a34a8ef-d904-11e4-86f4-f46d046514f1}.TM.blf 2015-04-02 14:03:06 D7120A583717B1DA39EBD75DBC063759 65536 --sha-w- C:\ntuser.dat{2a34a8eb-d904-11e4-86f4-f46d046514f1}.TM.blf 2015-04-02 14:03:06 B53872F7DBEFA5A1A4247709B175A10A 262144 ----a-w- C:\ntuser.dat 2015-04-02 14:03:06 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{2a34a8eb-d904-11e4-86f4-f46d046514f1}.TMContainer00000000000000000002.regtrans-ms 2015-04-02 14:03:06 3C43A309F424288E95AF84520DC19016 524288 --sha-w- C:\ntuser.dat{2a34a8eb-d904-11e4-86f4-f46d046514f1}.TMContainer00000000000000000001.regtrans-ms ====== C:\Users\pc\AppData\Roaming ====== 2015-04-07 19:43:56 -------- d-----w- C:\Users\pc\AppData\Roaming\TeamViewer 2015-04-06 18:51:45 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-04-06 18:51:45 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-04-06 18:51:45 -------- d-----w- C:\Users\pc\AppData\Local\Temp 2015-04-06 18:51:45 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-04-06 18:51:45 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-04-06 15:51:51 -------- d-----w- C:\Users\pc\AppData\Local\NVIDIA 2015-04-06 15:44:22 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\NVIDIA 2015-04-04 17:03:43 -------- d-sh--w- C:\Users\pc\AppData\Locallow\EmieUserList 2015-04-04 17:03:43 -------- d-sh--w- C:\Users\pc\AppData\Locallow\EmieSiteList 2015-04-04 17:03:43 -------- d-sh--w- C:\Users\pc\AppData\Locallow\EmieBrowserModeList 2015-03-15 17:25:59 -------- d-----w- C:\Users\pc\AppData\Locallow\Google ====== C:\Users\pc ====== 2040-06-11 18:01:45 -------- d-----w- C:\ProgramData\eLicenser 2015-04-07 19:31:46 !HASH: COULD NOT OPEN FILE !!!!! 0 ----a-w- C:\ProgramData\cm-lock 2015-04-06 14:38:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\pc\Desktop\RSITx64.exe 2015-04-04 15:28:00 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\pc\Desktop\tdsskiller.exe 2015-04-02 15:03:54 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop ====== C: exe-files == 2015-04-07 19:43:54 E98CED53B8E912D19D9F229B0D299F30 5448464 ----a-w- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 2015-04-07 19:43:54 CA5BC82B31EAF5F46879509AD45C6FD9 468864 ----a-w- C:\Program Files (x86)\TeamViewer\uninstall.exe 2015-04-07 19:43:54 AA943520A2E45BD5DBC0439B0528DD6D 17653008 ----a-w- C:\Program Files (x86)\TeamViewer\TeamViewer.exe 2015-04-07 19:43:54 4444BF3FDF36F1A91AACE8245A98AB58 229136 ----a-w- C:\Program Files (x86)\TeamViewer\tv_w32.exe 2015-04-07 19:43:54 3EBDEC6754C5484986B9B8859ED9CD86 5437712 ----a-w- C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe 2015-04-07 19:43:54 3A06DEB43AAC8726FE3ADF056A7C0187 263952 ----a-w- C:\Program Files (x86)\TeamViewer\tv_x64.exe 2015-04-06 15:52:55 87DCBA167D8823D8E8C11E7E6FFEB6CD 345928 ----a-w- C:\Users\pc\AppData\Local\NVIDIA\NvBackend\Packages\000070ad\DRS update.19355679.exe 2015-04-06 15:45:25 87DCBA167D8823D8E8C11E7E6FFEB6CD 345928 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\NVIDIA\NvBackend\Packages\000070ad\DRS update.19355679.exe 2015-04-06 15:44:26 17A61731826A7E0A96C8C59E84420EB4 414024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{19CDAFCD-9FF5-4AEB-936F-CBFD9A00779F}\setup.exe 2015-04-06 15:44:24 17A61731826A7E0A96C8C59E84420EB4 414024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B030000C-66BF-4B07-B7E3-E9744E322CE1}\setup.exe 2015-04-06 15:44:22 AA36B62EC778855807AAA5801C3BB204 1794704 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 2015-04-06 15:44:22 7539B1CB5769EDFF7DA04CEA0B84F10F 189768 ----a-w- C:\Program Files\NVIDIA Corporation\Update Core\WLMerger.exe 2015-04-06 15:44:05 90507D5E78F4B9ED9EA084BD5DCEA0D1 437576 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe 2015-04-06 15:44:05 740D7B71B4B8E49E7D4B6AAC61FEA441 8363848 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NVStWiz.exe 2015-04-06 15:44:05 49B1E5AF3AA400752A20BE169CB73DFA 410952 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2015-04-06 15:44:05 46F29AEB5FC0F6E6BD477EBB4AE0EB42 621384 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe 2015-04-06 15:44:05 382963E094FD72B83E39035C1861B956 896328 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe 2015-04-06 15:44:05 2576168932F3B57EC873215BB5510A11 840008 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe 2015-04-06 15:44:05 1B0188C227FFCB5A7BD33E69B6C85F8D 1113928 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe 2015-04-06 15:44:05 12B08A53FB5DA2DA4D0176F80DB3ECB0 2625864 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe 2015-04-06 15:44:05 0A0EF48D066B81C96242751E05AA6A1A 1914184 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 2015-04-06 15:44:03 17A61731826A7E0A96C8C59E84420EB4 414024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE 2015-04-06 15:43:41 F0BF9948F38E30BD64020648F6D6B5C8 2337936 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\NvSplash.exe 2015-04-06 15:43:41 B12A490B9F29FC2A8DFAD0103B8B9448 76096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\nvsetup.exe 2015-04-06 15:43:41 95C8DACC80EE738AA80BEB43D4EEA942 98120 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\NvSplashService.exe 2015-04-06 15:43:41 720393D27F6EE917F42301F9DF6C2876 2700104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\GeForce_iCafe.exe 2015-04-06 15:43:41 28B812F6762C66D6061BA0B2251808F2 18970528 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{63EDFDAE-C649-4645-AB15-F22F495AC85C}\3DVision.exe 2015-04-06 15:43:41 27EE617A592AAF611EDC5E51AD8E413E 35989040 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\NvCplSetupEng.exe 2015-04-06 15:43:40 6E820BCB9F7A1CA23A9946F534E864CB 447304 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\dbInstaller.exe 2015-04-06 15:43:40 2AA9329D13971B65B6230E4FE8C5E349 85734912 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5BE8FBF4-799C-49A6-A5C7-D2FF9C4D4114}\NvCplSetupInt.exe 2015-04-06 15:43:26 17A61731826A7E0A96C8C59E84420EB4 414024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{ECC4DBD1-E0E5-4DD1-91EB-17FA04F59F84}\setup.exe 2015-04-06 15:42:19 F22794B93C9FC55A934C1544F9600B43 70832 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-04-06 15:42:19 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\System32\aitstatic.exe 2015-04-06 15:42:18 8D06AAF1723B514C412187C5B8B67EEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2015-04-06 15:42:18 4AC38FC4C6894B21698A99B9129B1EA4 161952 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2015-04-06 14:40:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\pc.exe 2015-04-06 14:38:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\pc\Desktop\RSITx64.exe 2015-04-04 15:50:17 E32AAB3E477398B78E9D8F2418D1989C 658944 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2015-04-04 15:50:17 A6C3E3120AC125BABE410959083A0108 459264 ----a-w- C:\Windows\System32\GWX\GWX.exe 2015-04-04 15:50:17 86345D30828786E1CC6AF12DF769D136 392704 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2015-04-04 15:50:17 771215B601C7D7E88D015D974AF7BEC7 393216 ----a-w- C:\Windows\System32\GWX\GWXUX.exe 2015-04-04 15:50:17 29038FF696BB007224872DA9645EA324 353048 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2015-04-04 15:50:14 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2015-04-04 15:28:00 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\pc\Desktop\tdsskiller.exe 2015-04-03 21:37:55 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2015-04-03 21:37:45 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\System32\mstsc.exe 2015-04-03 21:37:45 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\System32\wksprt.exe 2015-04-03 21:37:45 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2015-04-02 14:21:19 EB39E9FD63B97FBA1B4812DE032E80AD 119408 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe 2015-04-02 14:21:19 D6BDB1AAB9DE9DDA742B2DCE443F1B11 22640 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\WSEnable.exe 2015-04-02 14:21:19 CAE00C42558CA8F058C06D129713666D 901232 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe 2015-04-02 14:21:19 B5EBDEA6F32C773A93F2FDE3954E03F3 18544 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe 2015-04-02 14:21:19 9EFFCE19EB94EE6FE7A5132E97BDA743 194176 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe 2015-04-02 14:21:19 9B6145F78620F411AC2C1A645A21F1D2 389744 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 2015-04-02 14:21:19 1A4561D377E16EC61C4FAD793755DCF1 280176 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updater.exe 2015-04-02 14:21:18 AF1F47C2488D4B61C5F1744AE9A1A3F9 117360 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe 2015-04-02 14:16:04 C1C7EFE18FAF1D77AC87D30A27895532 778928 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe === C: other files == 2040-06-11 18:02:29 DC7024B085E7DFF450D53239D9518D8B 2892 ----a-w- C:\Windows\SysWOW64\audcon.sys 2015-04-06 15:44:27 F69FD161BD904778E1D6EBE9EEBBC2B5 161424 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{0B0AF176-D54F-438A-8194-FA52DE9D40B0}\nvhda32v.sys 2015-04-06 15:44:27 EC43F992182F6F810BF86400CE6F89C4 452424 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{2590DE4D-56FE-417E-B9DD-CF425F0AC1F8}\nvstusb64.sys 2015-04-06 15:44:27 C15625EFEF5373C086C67A0BF29FA78D 435600 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{2590DE4D-56FE-417E-B9DD-CF425F0AC1F8}\nvstusb32.sys 2015-04-06 15:44:27 7E4355930B28C2798D9F09AB9F81151F 195728 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{0B0AF176-D54F-438A-8194-FA52DE9D40B0}\nvhda64v.sys 2015-04-06 15:44:27 12E94FC57F69D8F2F41644D275A22E23 128960 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{0B0AF176-D54F-438A-8194-FA52DE9D40B0}\nvhda32.sys 2015-04-06 15:44:27 08298EF4577F3B43F3F3246B730AE58B 161608 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{0B0AF176-D54F-438A-8194-FA52DE9D40B0}\nvhda64.sys 2015-04-06 15:44:26 C512909B2E9E41F1A1481C4023D0B216 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{19CDAFCD-9FF5-4AEB-936F-CBFD9A00779F}\NVI2SystemService64.sys 2015-04-06 15:44:26 1DE5FB03C383CD95FB020FF4BE037EEC 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{19CDAFCD-9FF5-4AEB-936F-CBFD9A00779F}\NVI2SystemService32.sys 2015-04-06 15:44:25 F69FD161BD904778E1D6EBE9EEBBC2B5 161424 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{3C4A5EF7-61BB-46F1-9369-D382867FF8D5}\nvhda32v.sys 2015-04-06 15:44:25 EC43F992182F6F810BF86400CE6F89C4 452424 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{2CB753C7-7028-4747-8260-351B9DA1298D}\nvstusb64.sys 2015-04-06 15:44:25 C15625EFEF5373C086C67A0BF29FA78D 435600 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{2CB753C7-7028-4747-8260-351B9DA1298D}\nvstusb32.sys 2015-04-06 15:44:25 7E4355930B28C2798D9F09AB9F81151F 195728 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{3C4A5EF7-61BB-46F1-9369-D382867FF8D5}\nvhda64v.sys 2015-04-06 15:44:25 12E94FC57F69D8F2F41644D275A22E23 128960 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{3C4A5EF7-61BB-46F1-9369-D382867FF8D5}\nvhda32.sys 2015-04-06 15:44:25 08298EF4577F3B43F3F3246B730AE58B 161608 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{3C4A5EF7-61BB-46F1-9369-D382867FF8D5}\nvhda64.sys 2015-04-06 15:44:24 C512909B2E9E41F1A1481C4023D0B216 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B030000C-66BF-4B07-B7E3-E9744E322CE1}\NVI2SystemService64.sys 2015-04-06 15:44:24 1DE5FB03C383CD95FB020FF4BE037EEC 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{B030000C-66BF-4B07-B7E3-E9744E322CE1}\NVI2SystemService32.sys 2015-04-06 15:44:04 C512909B2E9E41F1A1481C4023D0B216 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService64.sys 2015-04-06 15:44:04 1DE5FB03C383CD95FB020FF4BE037EEC 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService32.sys 2015-04-06 15:43:26 C512909B2E9E41F1A1481C4023D0B216 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{ECC4DBD1-E0E5-4DD1-91EB-17FA04F59F84}\NVI2SystemService64.sys 2015-04-06 15:43:26 1DE5FB03C383CD95FB020FF4BE037EEC 14664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{ECC4DBD1-E0E5-4DD1-91EB-17FA04F59F84}\NVI2SystemService32.sys 2015-04-06 15:42:18 7EBB5DAD11B1D0B12317A191C8325991 21128 ----a-w- C:\Windows\System32\appraiser\nxquery.sys 2015-04-03 21:37:54 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys ======== System Restore Points ======== RP233: 6-4-2015 20:39:26 - zoek.exe restore point RP234: 6-4-2015 23:13:13 - Removed Nero 9 Essentials 4.4.9.0 ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2641425330-4099986175-798816701-1003\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" "CTxfiHlp"="CTXFIHLP.EXE" "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\guard32.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="C:\Windows\system32\igfxpers.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\guard64.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Adobe Speed Launcher" "hkey"="HKCU" "command"="1418853123" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] "backupExtension"=".Startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Adobe LM Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CLPSLS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Stereo Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc] ==== Startup Folders ====================== 2013-10-30 22:03:54 2199 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\trivia_games_notification_service.job --a------ C:\Program Files (x86)\trivia games\trivia_games_notification_service.exe [] C:\Windows\tasks\trivia_games_updating_service.job --a------ C:\Program Files (x86)\trivia games\trivia_games_updating_service.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\trivia_games_notification_service" [C:\Program Files (x86)\trivia games\trivia_games_notification_service.exe] "C:\Windows\SysNative\tasks\trivia_games_updating_service" [C:\Program Files (x86)\trivia games\trivia_games_updating_service.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{772A691B-36A9-4071-9B91-B1D9FEE43B15}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{2EEA41DF-E836-40E6-B7C8-6AACA7717E37}" [D:\EmuPMX_PCApp_L6_1_81_06.exe] "C:\Windows\SysNative\tasks\{AAAF8D8F-B65A-4C44-BAF3-F3EBD2DFBFFB}" [C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\pc\AppData\Roaming\Thunderbird\Profiles\fj16we32.default - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\v7mjlcuz.default 43583AB4DFD406F4C188342F41B1F91C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash ==== Chromium Look ====================== ==== Chromium Startpages ====================== C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Preferences "homepage": "http://www.comodo.com/", "homepage": "http://www.comodo.com/", "urls_to_restore_on_startup": [ "http://www.comodo.com/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{4BD652BB-78C3-45BB-9BF3-6333F34A9431}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {4BD652BB-78C3-45BB-9BF3-6333F34A9431} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\pc\Desktop\Bijbel - Snelkoppeling.lnk - D:\Temp\Bijbel.exe C:\Users\pc\Desktop\Downloads - Snelkoppeling.lnk - D:\Temp C:\Users\pc\Desktop\Even Parkeren - Snelkoppeling.lnk - E:\Even Parkeren ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Audition 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Defraggler.lnk - C:\Program Files (x86)\Defraggler\Defraggler64.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Public\Desktop\PatchMix DSP Application.lnk - C:\Program Files (x86)\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe /LaunchMixer C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Reason.lnk - C:\Program Files\Propellerhead\Reason\Reason.exe C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Uninstall List x64 ====================== Adobe Audition 3.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}] Adobe Audition 3.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Audition 3.0] Adobe Flash Player 17 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Authorizer 2.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1] Authorizer Ignition Key Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA664481-960B-47E2-959D-2FC100C74D13}] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] COMODO Internet Security [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] Defraggler [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Defraggler] E-MU Audio Drivers [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\E-MU Audio Drivers Hotfix] E-muPatchMix DSP [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EMU PatchMix DSP] ImagXpress [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}] Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] Intel(R) Network Connections 18.5.54.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B5B6BB3-DA04-4B56-AE17-DDBF3F446888}] Intel(R) Network Connections 18.5.54.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX] Intel© Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}] LatencyMon 4.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LatencyMon_is1] Line 6 Uninstaller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Line 6 Uninstaller] Malwarebytes Anti-Malware versie 2.0.4.1028 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Antimalware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}] Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C4C5B40-43E1-4890-AD50-E1E8F8446D5F}] Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E77543EE-6FB5-4FF6-AB70-635392C8C756}] Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD67BE4B-7E62-4215-AFA3-F123A800A389}] Mozilla Firefox 37.0.1 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 37.0.1 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] Mozilla Thunderbird 31.6.0 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 31.6.0 (x86 nl)] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}] MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] neroxml [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}] NVIDIA-configuratiescherm 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA 3D Vision stuurprogramma 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] NVIDIA Display Control Panel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Control Panel] NVIDIA Grafisch stuurprogramma 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] NVIDIA Update 10.4.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] NVIDIA Update Core [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3538BF4-735B-45F3-B09E-C541A007E4E8}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07AAB66E-4718-422D-9218-4AFB3C922A71}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F4DEB840-B638-4BCE-AC6B-057EF31E0012}] Picasa 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3] PVSonyDll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}] Reason 7.0.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reason7.0_64_is1] Steinberg HALion Sonic SE Content for Cubase LE AI Elements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CF45002F-2205-4116-BB51-2D015F436CAC}] TeamViewer 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer] VC_CRT_x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{54F2237F-018C-483B-8884-9FC0D88840C3}] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B905A9B-EB74-4C70-B81B-5F446C178566}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}] ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {59F39B89-94C3-44C5-B903-9A6B85C32921} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: SimpleNewTab - Change Tab Custom Page... - {59F39B89-94C3-44C5-B903-9A6B85C32921} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [COMODO] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} CTHelper = CTHELPER.EXE [Creative Technology Ltd] CTxfiHlp = CTXFIHLP.EXE [Creative Technology Ltd] IMSS = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [Intel Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [MS] {DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext -> {HKLM...Wow...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\Windows\system32\guard64.dll [COMODO] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\Windows\SysWOW64\guard32.dll [COMODO] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} -> {HKLM...CLSID} = Protocol Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Comodo Antivirus\(Default) = {4255A182-CAD9-4214-A19B-7BA7FB633BBD} -> {HKLM...CLSID} = Comodo AntiVirus \InProcServer32\(Default) = C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [COMODO] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Comodo Antivirus\(Default) = {4255A182-CAD9-4214-A19B-7BA7FB633BBD} -> {HKLM...CLSID} = Comodo AntiVirus \InProcServer32\(Default) = C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [COMODO] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} EnableLUA = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] WIA_{A82381E2-5E54-430A-8860-9E80E51F3865}\ Provider = Microsoft Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office15\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{D1129758-01D8-4A1C-9D1D-D249246FFC96}\ Provider = Microsoft Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office15\MSPUB.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "pc" & "All Users" startup folders: ---------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} CodeMeter Control Center -> shortcut to: C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [WIBU-SYSTEMS AG] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] Microsoft Office 15 Sync Maintenance for pc-PC-pc pc-PC -> launches: C:\Program Files\Microsoft Office\Office15\MsoSync.exe [MS] User_Feed_Synchronization-{772A691B-36A9-4071-9B91-B1D9FEE43B15} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {2EEA41DF-E836-40E6-B7C8-6AACA7717E37} -> launches: D:\EmuPMX_PCApp_L6_1_81_06.exe [file not found] {2F8DD48D-626C-41A6-B53D-6F79C7889BBF} -> launches: C:\Windows\system32\pcalua.exe -a D:\EmuPMX_PCApp_L6_1_81_06.exe -d D:\ [MS] {AAAF8D8F-B65A-4C44-BAF3-F3EBD2DFBFFB} -> launches: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [Mozilla Corporation] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware MP Scheduled Scan -> (HIDDEN!) launches: c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MpIdleTask -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {59F39B89-94C3-44C5-B903-9A6B85C32921}\ MenuText = SimpleNewTab - Change Tab Custom Page... CLSIDExtension = {8DAA9564-C7BF-43E1-ADB9-17B44DA980A6} HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...Wow...CLSID} = Lync Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CodeMeter Runtime Server, CodeMeter.exe, "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [WIBU-SYSTEMS AG] COMODO Internet Security Helper Service, cmdAgent, "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [COMODO] Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation] Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] TeamViewer 10, TeamViewer, "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [TeamViewer GmbH] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\pc\AppData\Local\Mozilla\Firefox\Profiles\v7mjlcuz.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\pc\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=158 folders=60 207152430 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\pc\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\pc\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\cm-lock" not found ==== EOF on di 07-04-2015 at 22:11:12,23 ======================