Zoek.exe Version 5.0.0.0 Updated 04-October-2015 Tool run by Eigenaar on di 06/10/2015 at 15:07:52,23. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: c:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-09-28-130101.log 23215 bytes C:\zoek-results2015-10-05-095746.log 38457 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 32 Bit HP CIO Components Installer 7-Zip 15.05 beta Adobe Flash Player 19 ActiveX Adobe Flash Player 19 NPAPI B110 BufferChm CCleaner Content Transfer Definition Update for Microsoft Office 2010 (KB3085525) 32-Bit Edition ExtractNow Google Chrome Google Update Helper HD Tune 2.55 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HPAppStudio HPPhotoGadget Java 8 Update 60 Java Auto Updater Kaspersky Internet Security Malwarebytes Anti-Malware versie 2.1.8.1057 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD Mozilla Firefox 41.0.1 (x86 nl) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyDriveConnect 4.0.2.2123 Nero 8 neroxml Network NirSoft BlueScreenView NVIDIA-configuratiescherm 307.83 NVIDIA Drivers NVIDIA Grafisch stuurprogramma 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components NWZ-E450 WALKMAN Guide PerfectDisk Professional Business PS_AIO_07_B110_SW_Min QuickTransfer Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.2 (KB2972107) Security Update for Microsoft .NET Framework 4.5.2 (KB2972216) Security Update for Microsoft .NET Framework 4.5.2 (KB2978128) Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3048077) Security Update for Microsoft .NET Framework 4.5.2 (KB3072310) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft Excel 2010 (KB3085526) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598244) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054965) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB3054876) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Speccy SUPERAntiSpyware Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD Toolbox Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Access 2010 (KB2965300) 32-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition Update for Microsoft Office 2010 (KB3054962) 32-Bit Edition Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition Update for Microsoft Office 2010 (KB3054977) 32-Bit Edition Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3085522) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB3085513) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition Update for Microsoft Word 2010 (KB3085518) 32-Bit Edition VCRedistSetup Visual Studio C++ 10.0 Runtime VLC media player WD Drive Utilities WD Link WD Quick View WD Security WD SmartWare WD SmartWare Installer WebReg ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\WSAllMyTubechrome] ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-10-01 12:58:26 2701448229AEE43D266C00042EA3CB52 2154 ----a-w- C:\Windows\epplauncher.mif 2015-09-26 11:59:59 4CFE4D92B6E96E1C9F13913834286895 317418890 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Eigenaar\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-10-01 13:36:03 94DA056DAC3CF36A26B762C1DF00113B 8192 -c--a-w- C:\Windows\System32\WDPABKP.dat 2015-09-24 10:31:38 14D9E215B8A971498B40E914A7F5A5A8 374144 ----a-w- C:\Windows\System32\FNTCACHE.DAT ====== C:\Windows\system32\drivers ===== 2015-10-01 12:27:19 3546C0B6F2D808D4E6294A9D6B25151B 221568 ----a-w- C:\Windows\System32\drivers\netio.sys 2015-09-28 17:36:54 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\6F7E72C4.sys 2015-09-28 16:43:51 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\662D4A2A.sys 2015-09-28 16:43:50 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\3C304A26.sys 2015-09-28 16:41:07 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\007A4812.sys 2015-09-22 13:41:41 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\38AC69F1.sys 2015-09-19 15:35:15 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\7B8D5676.sys 2015-09-19 14:50:35 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\712C3446.sys 2015-09-18 13:51:54 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\3571393A.sys 2015-09-17 13:43:40 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\6D3964CB.sys 2015-09-16 14:43:07 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\2DFF4429.sys 2015-09-16 13:48:02 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\22631A01.sys 2015-09-15 17:24:27 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\02F47182.sys 2015-09-15 13:36:14 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\412C42D6.sys 2015-09-10 13:00:28 DC7E6FCD8C51AEF8FF3F2E23C786014A 304640 ----a-w- C:\Windows\System32\drivers\srv.sys 2015-09-10 13:00:28 8AE0783E3EDCED90D4B2961887056A2B 102912 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2015-09-08 13:28:16 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\05CB19CF.sys ====== C:\Windows\Tasks ====== 2015-10-03 14:52:05 E5B46B48F96AE13C4BBE282FAB6A56D0 3792 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2015-10-03 14:52:05 755221E41BC490E77A92B99A343C6575 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-27 13:01:25 C2C57D55A666EDDDD1B8750C2268D3BD 3524 ----a-w- C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 60fa524b-d778-4dfd-807b-3fb135f30946 2015-09-27 13:01:25 BF18F0F4A8485FA514E9A2F77473EE06 516 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60fa524b-d778-4dfd-807b-3fb135f30946.job 2015-09-27 13:01:22 7FEF92422D233E478645663A4767AA40 3450 ----a-w- C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 9ceb52be-b91c-4816-90b7-dc025032614f 2015-09-27 13:01:21 4DD6D237AD79E2F8E17F8229565E6FC9 516 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9ceb52be-b91c-4816-90b7-dc025032614f.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== 2015-09-18 16:57:35 D41D8CD98F00B204E9800998ECF8427E 0 -csha-r- C:\MSDOS.SYS 2015-09-18 16:57:35 D41D8CD98F00B204E9800998ECF8427E 0 -csha-r- C:\IO.SYS ====== C:\Users\Eigenaar\AppData\Roaming ====== 2015-10-05 09:46:54 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-10-05 09:46:54 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-10-05 09:46:53 -------- dc----w- C:\Users\Eigenaar\AppData\Local\Temp 2015-10-05 09:46:53 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2015-10-05 09:46:53 -------- d-----w- C:\Users\Public\AppData\Local\temp 2015-10-05 09:46:53 -------- d-----w- C:\Users\Default\AppData\Local\temp 2015-10-05 09:46:53 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2015-10-01 13:08:39 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps 2015-09-30 15:31:35 -------- d-----w- C:\Users\Eigenaar\AppData\Locallow\uTorrent 2015-09-27 18:32:27 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Nero 2015-09-27 13:01:03 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\SUPERAntiSpyware.com 2015-09-23 13:11:19 D6E2A7A559FAA89136DA730629C47262 102864 ----a-w- C:\Users\Eigenaar\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-21 10:32:01 -------- d-----w- C:\Users\Eigenaar\AppData\Local\CEF 2015-09-18 17:03:39 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\SpringFiles ====== C:\Users\Eigenaar ====== 2015-10-03 15:32:31 4AF928232EC1CD0E32163BA66630E94F 243784 -c--a-w- C:\Users\Eigenaar\Downloads\Firefox Setup Stub 41.0.1.exe 2015-10-03 15:03:35 F4181C5BD87DF30B951EEF5901DB0701 18819272 -c--a-w- C:\Users\Eigenaar\Downloads\install_flash_player.exe 2015-10-03 14:47:53 96C436D7E2B49F213A983CB3E648B04D 1190616 -c--a-w- C:\Users\Eigenaar\Downloads\flashplayer19_ha_install.exe 2015-10-01 12:27:26 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 -c--a-w- C:\Users\Eigenaar\Downloads\adwcleaner_5.009.exe 2015-10-01 12:21:38 77D245446982E02A7E4232FE911DFF1F 11610968 -c--a-w- C:\Users\Eigenaar\Downloads\mseinstall(1).exe 2015-10-01 12:00:51 77D245446982E02A7E4232FE911DFF1F 11610968 -c--a-w- C:\Users\Eigenaar\Downloads\mseinstall.exe 2015-09-29 11:10:28 088812A121E0A9CEB40CE9C808C8A90C 642632 -c--a-w- C:\Users\Eigenaar\Downloads\hdtune_255(2).exe 2015-09-28 16:44:44 088812A121E0A9CEB40CE9C808C8A90C 642632 -c--a-w- C:\Users\Eigenaar\Downloads\hdtune_255(1).exe 2015-09-27 12:57:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-09-27 12:57:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2015-09-27 12:55:58 B3990E17596452607AAEDC4E05786F7D 23449392 ----a-w- C:\Users\Eigenaar\Downloads\SUPERAntiSpyware(1).exe 2015-09-27 06:05:03 B3990E17596452607AAEDC4E05786F7D 23449392 ----a-w- C:\Users\Eigenaar\Downloads\SUPERAntiSpyware.exe 2015-09-26 11:22:35 4803BA9B8EA5BE9721601A67F673AE98 9983584 ----a-w- C:\Users\Eigenaar\Downloads\MEGAsyncSetup.exe 2015-09-18 17:03:52 -------- d-----w- C:\ProgramData\boost_interprocess ====== C: exe-files == 2015-10-03 15:32:31 4AF928232EC1CD0E32163BA66630E94F 243784 -c--a-w- C:\Users\Eigenaar\Downloads\Firefox Setup Stub 41.0.1.exe 2015-10-03 15:03:35 F4181C5BD87DF30B951EEF5901DB0701 18819272 -c--a-w- C:\Users\Eigenaar\Downloads\install_flash_player.exe 2015-10-03 14:47:53 96C436D7E2B49F213A983CB3E648B04D 1190616 -c--a-w- C:\Users\Eigenaar\Downloads\flashplayer19_ha_install.exe 2015-10-01 12:27:26 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 -c--a-w- C:\Users\Eigenaar\Downloads\adwcleaner_5.009.exe 2015-10-01 12:21:38 77D245446982E02A7E4232FE911DFF1F 11610968 -c--a-w- C:\Users\Eigenaar\Downloads\mseinstall(1).exe 2015-10-01 12:00:51 77D245446982E02A7E4232FE911DFF1F 11610968 -c--a-w- C:\Users\Eigenaar\Downloads\mseinstall.exe === C: other files == 2015-10-01 12:27:19 3546C0B6F2D808D4E6294A9D6B25151B 221568 ----a-w- C:\Windows\System32\drivers\netio.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1002\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "ContentTransferWMDetector.exe"="C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WD Drive Unlocker"="C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe" "DriveUtilitiesHelper"="C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" "WD Quick View"="C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/10/2015 17:04] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/08/2015 12:07] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30/08/2015 12:07] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 60fa524b-d778-4dfd-807b-3fb135f30946.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 22:08] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9ceb52be-b91c-4816-90b7-dc025032614f.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 22:08] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SUPERAntiSpyware Scheduled Task 60fa524b-d778-4dfd-807b-3fb135f30946" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\system32\tasks\SUPERAntiSpyware Scheduled Task 9ceb52be-b91c-4816-90b7-dc025032614f" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\system32\tasks\UnHackMe Task Scheduler" [C:\Program Files\UnHackMe\hackmon.exe] "C:\Windows\system32\tasks\Abelssoft\StartBackgroundguardWithWindows" [C:\Program Files\CheckDrive\CheckDrive.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\system32\tasks\Western Digital\SmartWare\____Volume_9c6e30fc_4489_11e4_b074_806e6f6e6963______Volume_d8d0ac2b_5094_11e5_beb6_00251117326a__" [C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\xdvuz5jl.default-1442758643488 user_pref("browser.startup.homepage", "about:home"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02/02/2015 18:09] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\xdvuz5jl.default-1442758643488 - Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com - Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com - Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com - Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\xdvuz5jl.default-1442758643488 52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 0A7CFC4EE9CC3206B1DC522FCB8C3DB1 - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll - Silverlight Plug-In E2B92179DA6F4CF6EC3778D2802C960F - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll - Plugins PDK 57686DF728BE5FE43A05B265051D1935 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll - Plugins PDK 4BA14D74164EC27A9A97663D7D9755A1 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll - Plugins PDK FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60 41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27 1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash 0B8378EA70622A6F3EC50CC4AF62764C - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] Kaspersky Protection - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Chrome Web Store Payments - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [Nero AG] ehTray.exe = C:\Windows\ehome\ehTray.exe [MS] uTorrent = "C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [BitTorrent Inc.] MyDriveConnect.exe = "C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" [TomTom] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [Piriform Ltd] WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe [MS] SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [SUPERAntiSpyware] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} NBKeyScan = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [Nero AG] ContentTransferWMDetector.exe = C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [Sony Corporation] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] WD Drive Unlocker = C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [Western Digital Technologies, Inc.] DriveUtilitiesHelper = C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [Western Digital Technologies, Inc.] WD Quick View = C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [Western Digital Technologies, Inc.] MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [Oracle Corporation] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] OneDrive2\(Default) = {5AB7172C-9C11-405C-8DD5-AF20F3606282} -> {HKCU...CLSID} = SharedOverlayHandler Class \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] OneDrive3\(Default) = {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -> {HKCU...CLSID} = SharedSyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] OneDrive4\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] OneDrive5\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00020d75-0000-0000-c000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} = Scan with Kaspersky Anti-Virus -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons -> {HKLM...CLSID} = NeroCoverEdLiveIcons Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI239C~1\shellext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> BootExecute = PDBoot.exe [Raxco Software, Inc.]|autocheck autochk * HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ FileSyncEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = FileSyncEx \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} -> {HKLM...CLSID} = NeroCoverEdContextMenu Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI239C~1\shellext.dll [MS] Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] WDBackupMenuHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180} -> {HKLM...CLSID} = WDBackupMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ WDBackupPropSheetHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180} -> {HKLM...CLSID} = WDBackupMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = FileSyncEx \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MI239C~1\shellext.dll [MS] Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = FileSyncEx \InProcServer32\(Default) = C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] WDBackupMenuHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180} -> {HKLM...CLSID} = WDBackupMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\ WDBackupPropSheetHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180} -> {HKLM...CLSID} = WDBackupMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000005 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\Windows\web\Wallpaper\img24.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Windows\web\Wallpaper\img24.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ NeroAutoPlay8AudioToNeroDigital\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD [Nero AG] NeroAutoPlay8CopyCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L [Nero AG] NeroAutoPlay8DataDisc_CD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_CD_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L [Nero AG] NeroAutoPlay8DataDisc_DVD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_DVD_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L [Nero AG] NeroAutoPlay8LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NeroAutoPlay8PlayAudioCD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8PlayDVD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayDVD_PlayVideoFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8RipCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = RipCD_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8TranscodeVideo\ Provider = Nero Recode InvokeProgID = Nero.AutoPlay8 InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG] NeroAutoPlay8VideoCapture\ Provider = Nero Vision ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NeroAutoPlay8ViewPhotos\ Provider = Nero PhotoSnap Viewer InvokeProgID = Nero.AutoPlay8 InvokeVerb = ViewPhotos_ShowPicturesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Eigenaar\AppData\Local\Microsoft\Windows Sidebar\Settings.ini %PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget %PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget %PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget C:\Users\Eigenaar\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SUPERAntiSpyware Scheduled Task 60fa524b-d778-4dfd-807b-3fb135f30946 -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:60fa524b-d778-4dfd-807b-3fb135f30946 [SUPERAdBlocker.com] SUPERAntiSpyware Scheduled Task 9ceb52be-b91c-4816-90b7-dc025032614f -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:9ceb52be-b91c-4816-90b7-dc025032614f [SUPERAdBlocker.com] UnHackMe Task Scheduler -> launches: C:\Program Files\UnHackMe\hackmon.exe $(Arg0) [file not found] C:\Windows\System32\Tasks\Abelssoft StartBackgroundguardWithWindows -> launches: C:\Program Files\CheckDrive\CheckDrive.exe -backgroundGuard [null data] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] MpIdleTask -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS] VistaSP1CEIP -> (HIDDEN!) launches: %systemroot%\servicing\vsp1ceip.exe /delete /tn "\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP" /f [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61} -> {HKLM...CLSID} = Transient Multi-Monitor Manager \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f} -> {HKLM...CLSID} = Nap ITask Handler Implementation \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2} -> {HKLM...CLSID} = CrawlStartPages Task Handler \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges [MS] C:\Windows\System32\Tasks\Western Digital\SmartWare ____Volume_9c6e30fc_4489_11e4_b074_806e6f6e6963______Volume_d8d0ac2b_5094_11e5_beb6_00251117326a__ -> launches: C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe \\?\Volume{9c6e30fc-4489-11e4-b074-806e6f6e6963}\ \\?\Volume{d8d0ac2b-5094-11e5-beb6-00251117326a}\ [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-99750587-4078008973-3465543785-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 20 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {0C4CC089-D306-440D-9772-464E226F6539}\ ButtonText = Virtueel Toetsenbord CLSIDExtension = {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} -> {HKLM...CLSID} = VirtualKeyboardToolbarButtonHandler Class \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {CCF151D8-D089-449F-A5A4-D9909053F20F}\ ButtonText = Controle van URL's CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F} -> {HKLM...CLSID} = FilterButtonHandler Class \InProcServer32\(Default) = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [Hewlett-Packard Co.]} Kaspersky Anti-Virus-service 15.0.0, AVP15.0.0, "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r [Kaspersky Lab ZAO] MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] Microsoft Netwerkinspectie, NisSrv, "C:\Program Files\Microsoft Security Client\NisSrv.exe" [MS] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]} NMIndexingService, NMIndexingService, "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" [Nero AG] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation] PDAgent, PDAgent, "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" [Raxco Software, Inc.] PDEngine, PDEngine, "C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe" [Raxco Software, Inc.] PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, C:\Windows\system32\IoctlSvc.exe [Prolific Technology Inc.] Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]} SAS Core Service, SASCORE, "C:\Program Files\SUPERAntiSpyware\SASCore.exe" [SUPERAntiSpyware.com] WD Backup, WDBackup, "C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe" [Western Digital Technologies, Inc.] WD Drive Manager, WDDriveService, "C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe" [Western Digital Technologies, Inc.] Windows Presentation Foundation-lettertypecache 4.0.0.0, WPFFontCache_v0400, C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> !SASCORE, <> MsMpSvc, Service <> SASCORE, <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> !SASCORE, <> MsMpSvc, Service <> SASCORE, <> PEVSystemStart, Service Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> klkbdflt [Kaspersky Lab ZAO],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpf3l101.dll\Driver = hpf3l101.dll [Hewlett-Packard Company] ==== Empty IE Cache ====================== C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Eigenaar\AppData\Local\Mozilla\Firefox\Profiles\xdvuz5jl.default-1442758643488\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=854 folders=85 587464844 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on di 06/10/2015 at 16:39:03,87 ======================