Zoek.exe v5.0.0.1 Updated 04-October-2015 Tool run by bart jansen on di 06/10/2015 at 15:21:48,97. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\bart jansen\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 6/10/2015 15:22:46 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\bart jansen\AppData\Local\CutePDF Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 64 Bit HP CIO Components Installer ACDSee Pro 8 (64-bit) ACS Unified PC/SC Driver 4.0.0.6 ActiveGanttVC Scheduler Component V2.8.3 Release Adobe Flash Player Plugin Adobe Illustrator CC 2014 Adobe InDesign CC 2014 Adobe Photoshop CC 2015 Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Advanced JPEG Compressor 2012 Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update ASAP Utilities AutoCAD 2014 - English AutoCAD 2014 Language Pack - English Autodesk 360 Autodesk App Manager Autodesk AutoCAD 2014 - English Autodesk Content Service Autodesk Content Service Language Pack Autodesk Featured Apps Autodesk Material Library 2014 Autodesk Material Library Base Resolution Image Library 2014 Autodesk ReCap Autodesk ReCap Language Pack-English BarTender 10.1 UltraLite Belgium e-ID middleware 4.0.7 (build 7466) BNP Paribas Fortis Security Components Bonjour Classic Shell Creo Direct Creo Direct Version 2.0 Datecode [M070] Creo Distributed Services Manager Creo Distributed Services Manager Version 2.0 Datecode [M070] Creo Layout Creo Layout Version 2.0 Datecode [M070] Creo Parametric Creo Parametric Version 2.0 Datecode [M070] Creo Platform 2.27 Creo Simulate Creo Simulate Version 2.0 Datecode [M070] CutePDF Writer 3.0 Definition Update for Microsoft Office 2013 (KB3085499) 32-Bit Edition Dropbox DYMO Label v.8 Expert Framework Extension Release 7.0 Datecode M010 FARO LS 1.1.501.0 (64bit) FileZilla Client 3.13.1 Google Chrome Google Update Helper HP LaserJet Professional P1100-P1560-P1600 Series iCloud Isabel-beveiligingscomponenten iTunes Java 8 Update 60 Java 8 Update 60 (64-bit) Java Auto Updater KeyShot 5 64 bit KeyShot Network Rendering 64 bit 5.1 KeyShot plugin for Creo 3.0 3.3 KeyShot plugin for Creo 3.2 Logitech SetPoint 6.65 Malwarebytes Anti-Malware versie 2.1.8.1057 Microsoft Access MUI (Dutch) 2013 Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office 64-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 64-bit MUI (Dutch) 2013 Microsoft Office Shared MUI (Dutch) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft Word MUI (Dutch) 2013 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MKS Platform Components 9.x NVIDIA-configuratiescherm 322.12 NVIDIA Install Application Oracle VM VirtualBox 4.3.20 Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais PTC Creo Direct PTC Creo Direct Version 3.0 Datecode [F000] PTC Creo Layout PTC Creo Layout Version 3.0 Datecode [F000] PTC Creo Options Modeler PTC Creo Options Modeler Version 3.0 Datecode [F000] PTC Creo Parametric PTC Creo Parametric Version 3.0 Datecode [F000] PTC Creo Platform Agent 3.67 PTC Creo Simulate PTC Creo Simulate Version 3.0 Datecode [F000] PTC Creo Thumbnail Viewer 3.0 PTC Creo View Express 3.0 PTC Portmapper PTC Portmapper Version 2.0 Datecode [M070] QuickTime 7 Real Cut 1D Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3039734) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3054932) 32-Bit Edition Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition SketchUp Import for AutoCAD 2014 Stuurprogrammapakket voor Windows - Advanced Card Systems Ltd. Unified PC/SC Driver (11/05/2014 4.0.0.6) Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) SUPERAntiSpyware SyncBackFree Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TEC Barcode Network Tool TPCL PRINTER DRIVER QM735M0 TuneUp 2.4.8.5 Update for Microsoft Access 2013 (KB3085503) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition Update for Microsoft Office 2013 (KB2956152) 32-Bit Edition Update for Microsoft Office 2013 (KB2965271) 32-Bit Edition Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition Update for Microsoft Office 2013 (KB3039718) 32-Bit Edition Update for Microsoft Office 2013 (KB3039739) 32-Bit Edition Update for Microsoft Office 2013 (KB3039762) 32-Bit Edition Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition Update for Microsoft Office 2013 (KB3054774) 32-Bit Edition Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition Update for Microsoft Office 2013 (KB3054923) 32-Bit Edition Update for Microsoft Office 2013 (KB3054935) 32-Bit Edition Update for Microsoft Office 2013 (KB3055010) 32-Bit Edition Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition Update for Microsoft Office 2013 (KB3085480) 32-Bit Edition Update for Microsoft Office 2013 (KB3085493) 32-Bit Edition Update for Microsoft Office 2013 (KB3085504) 32-Bit Edition Update for Microsoft Office 2013 (KB3085506) 32-Bit Edition Update for Microsoft OneDrive for Business (KB3055020) 32-Bit Edition Update for Microsoft OneNote 2013 (KB3085491) 32-Bit Edition Update for Microsoft Outlook 2013 (KB3085495) 32-Bit Edition Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB3085478) 32-Bit Edition Update for Microsoft Project 2013 (KB3085510) 32-Bit Edition Update for Microsoft Publisher 2013 (KB3023050) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition Update for Skype for Business 2015 (KB2889853) 32-Bit Edition VLC media player Vuze WinRAR 5.20 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe C:\Program Files (x86)\WinToUSB\bin\W2UWatcher.exe C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Common Files\Isabel\isacertupdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\PTC\Creo 3.0\F000\Parametric\bin\parametric.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\PTC\Creo\Platform\3.67\creoagent.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\bart jansen\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\bart jansen\AppData\Roaming\rc1d.txt deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 16328 MB CPU Info: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz CPU Speed: 3213,7 MHz Sound Card: Luidsprekers (5- High Definitio | Digitale audio (S/PDIF) (5- Hig | Digitale audio (S/PDIF) (5- Hig | Display Adapters: NVIDIA Quadro 2000D | NVIDIA Quadro 2000D Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1920 X 1200 - 32 bit Network: Network Present Network Adapters: Intel(R) 82579V Gigabit-netwerkverbinding | VirtualBox Host-Only Ethernet Adapter CD / DVD Drives: 1x (G: | ) G: PLEXTOR DVDR PX-L890SA Ports: COM1 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 465,8GB | D: 1863,0GB Hard Disks - Free: C: 308,0GB | D: 1597,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 11/02/12 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. SABERTOOTH X79 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 45.0.2454.101 Internet Explorer Version: 11.0.9600.18036 Google Chrome version: 45.0.2454.101 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_60 (32-bit) Sun Java version: 1.8.0_60 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-09-24 15:01:03 2E974DF0B342747F3060E215CB4D62F3 956361312 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\BARTJA~1\AppData\Local\Temp ==== 2015-10-06 13:02:19 0AE9C56506E2F69B4DEB9D90C8297938 71168 ----a-w- C:\Users\bart jansen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvlkwxp.dll 2015-10-05 06:32:03 560EDC0912BDB68290930E2542823A24 135760 ------w- C:\Users\bart jansen\AppData\Local\Temp\ehdrv.sys ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2015-10-05 06:29:18 9E848BE56BEC8867988ED732E50BFB19 3602 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task f906d50d-6a79-4d5e-a976-9870f9202690 2015-10-05 06:29:18 9BF8BB67D14265785AC84D468345971D 538 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f906d50d-6a79-4d5e-a976-9870f9202690.job 2015-10-05 06:29:18 62E30177E58EB7D7CB172F6464498F0B 3520 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 832573cd-c734-4205-94f4-e11aede03421 2015-10-05 06:29:18 47F1F331917A3D9AC0B978182AEB8E90 538 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 832573cd-c734-4205-94f4-e11aede03421.job 2015-09-17 10:58:53 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-10-05 06:28:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2015-09-29 09:50:31 -------- d-----w- C:\Program Files\Classic Shell 2015-09-21 06:18:38 -------- d-----w- C:\Program Files\trend micro 2015-09-17 11:01:32 -------- d-----w- C:\Program Files\iPod 2015-09-17 10:59:21 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2015-10-05 06:31:46 -------- d-----w- C:\PROGRA~2\ESET 2015-09-17 11:01:32 -------- d-----w- C:\PROGRA~2\iTunes 2015-09-17 10:59:21 -------- d-----w- C:\PROGRA~2\Bonjour 2015-09-17 10:58:52 -------- d-----w- C:\PROGRA~2\Apple Software Update ======= C: ===== 2015-09-29 07:36:24 29B10DF9B2E732F425DDE7FA1FBF0B3F 742 ----a-w- C:\DelFix.txt ====== C:\Users\bart jansen\AppData\Roaming ====== 2015-10-05 06:28:56 -------- d-----w- C:\Users\bart jansen\AppData\Roaming\SUPERAntiSpyware.com 2015-10-05 06:17:37 -------- d-----w- C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-29 09:50:50 -------- d-----w- C:\Users\bart jansen\AppData\Local\ClassicShell 2015-09-28 06:38:22 -------- d-----w- C:\Users\bart jansen\AppData\Roaming\Isabel Services 2015-09-23 09:54:25 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-09-23 09:54:25 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-09-23 09:54:25 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-09-23 09:54:25 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-09-23 09:54:24 -------- d-----w- C:\Users\bart jansen\AppData\Local\Temp ====== C:\Users\bart jansen ====== 2015-10-05 06:39:13 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files 2015-10-05 06:37:52 4DFF3A154B335C01206753F11C7A468D 132828944 ----a-w- C:\Users\bart jansen\Desktop\msert.exe 2015-10-05 06:31:38 C5B68AC8EC40CAB217AB4F479B953B54 2870984 ----a-w- C:\Users\bart jansen\Desktop\esetsmartinstaller_enu.exe 2015-10-05 06:28:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-10-05 06:28:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2015-10-05 06:28:09 1D7F6FACF57ABE021853D0EDBC4E2647 23579408 ----a-w- C:\Users\bart jansen\Desktop\SAS_838B3285.EXE 2015-09-29 09:50:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2015-09-17 11:03:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2015-10-06 13:24:44 83FC2C68D5DA69A751EAB376DC618838 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3477065875-901350911-2823266285-1001\$ILKKHWF.exe 2015-10-06 13:24:43 9D3C84C8461FB472F1565EDD5714A943 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3477065875-901350911-2823266285-1001\$ISW6W14.exe 2015-10-05 06:36:36 CB2E425EDBFDE4EB35AEE2202C3B0DE7 172217040 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3477065875-901350911-2823266285-1001\$RSW6W14.exe 2015-10-05 06:31:53 F0B5FAE0268D84B1CE6EA3B98D4D69EB 331464 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2015-10-05 06:31:52 B23901621E5BD2EF1AAC3E6E6CB9E7FF 422600 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2015-10-05 06:31:52 4B0F506ACF0A8AE6D6B3E4CF6778B722 122568 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2015-10-05 06:31:52 21B9AB1916917F9476B767F605345E62 532168 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2015-10-05 06:31:49 E78517BD20C282FBCA150D2B3ACCC760 2870984 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2015-10-05 06:30:29 2018C4C262259D73D4A55540B8B301C2 47346280 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3477065875-901350911-2823266285-1001\$RLKKHWF.exe 2015-10-05 06:10:47 29A95EA006B420C82BBE2415F0B1AE0C 50771064 ----a-w- C:\Users\bart jansen\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.10.7\DropboxClient_3.10.7.exe 2015-10-01 06:29:45 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\bart jansen\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe === C: other files == 2015-10-05 17:08:06 76F80409E37507B8BBFA78780A915E67 495866 ----a-w- C:\KeyShot 5 Network Resources\Master\26\result.zip 2015-10-05 17:07:15 F4F615605B19E26116045BD96AE836FD 118816 ----a-w- C:\KeyShot 5 Network Resources\Master\25\result.zip 2015-10-05 17:07:01 948147102EC19EAC3DB2F3A5C62D984B 119001 ----a-w- C:\KeyShot 5 Network Resources\Master\24\result.zip 2015-10-05 17:06:48 9E02C6C95D00FAA331C3D956138CD6F9 63015 ----a-w- C:\KeyShot 5 Network Resources\Master\23\result.zip 2015-10-05 17:06:38 7FCDC87E9DF7C0D46180F022AA71E6ED 462101 ----a-w- C:\KeyShot 5 Network Resources\Master\22\result.zip 2015-10-05 17:05:08 472AC7BCEA650A2F6CB009F49C51561B 344254 ----a-w- C:\KeyShot 5 Network Resources\Master\21\result.zip 2015-10-05 17:03:49 9EAB42B64AA3D797366AC22F715EB92B 493965 ----a-w- C:\KeyShot 5 Network Resources\Master\20\result.zip 2015-10-05 17:02:44 F8C114DDB35B910894D6BACD86DF1129 118889 ----a-w- C:\KeyShot 5 Network Resources\Master\19\result.zip 2015-10-05 16:57:20 8DB8C4D388DDC55C07CBDC483F877E18 59181 ----a-w- C:\KeyShot 5 Network Resources\Master\18\result.zip 2015-10-05 16:57:08 61B8680F5C2491C9EBCB832CA252BA5F 345828 ----a-w- C:\KeyShot 5 Network Resources\Master\17\result.zip 2015-10-05 16:56:02 E38DEC119B17E926BF3EB686F167DEE0 462887 ----a-w- C:\KeyShot 5 Network Resources\Master\16\result.zip 2015-10-05 16:53:57 ED081F85A7C9C9C353A3D901EAC02914 261102 ----a-w- C:\KeyShot 5 Network Resources\Master\15\result.zip 2015-10-05 16:53:17 C9A46DC7515DD31F0E62653AEED4FE5E 111915 ----a-w- C:\KeyShot 5 Network Resources\Master\14\result.zip 2015-10-05 16:46:03 E38EDB4A23A5B6C9C719473BDC1CBB04 64281 ----a-w- C:\KeyShot 5 Network Resources\Master\13\result.zip 2015-10-05 16:44:23 C0D0BDD66693EF8C11BA1352BD2EEC8F 357699 ----a-w- C:\KeyShot 5 Network Resources\Master\12\result.zip 2015-10-05 16:42:07 AD6C5739653CF34A143C843EC9BF0E1C 466375 ----a-w- C:\KeyShot 5 Network Resources\Master\11\result.zip 2015-10-05 16:40:05 79B993C7FC1FF47175D62C3A91E66ED7 497789 ----a-w- C:\KeyShot 5 Network Resources\Master\10\result.zip 2015-10-05 16:38:55 291FBD79771E7C1AFD9565BB21F1517B 112032 ----a-w- C:\KeyShot 5 Network Resources\Master\9\result.zip 2015-10-05 06:32:03 560EDC0912BDB68290930E2542823A24 135760 ------w- C:\Users\bart jansen\AppData\Local\Temp\ehdrv.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-21-3477065875-901350911-2823266285-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DymoQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "ACDSeeCommanderPro8"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe" "Dropbox Update"="C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NuTCSetupEnviron"="C:\PROGRA~1\PTC\MKSTOO~1\bin\ncoeenv.exe" "DLSService"="C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" "IsaCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isacertupdate.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DymoQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "ACDSeeCommanderPro8"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe" "Dropbox Update"="C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Keyshot 5 Network SlaveTray"="C:\KeyShot5 Network Rendering\keyshot5_network_slave_tray.exe" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "ACPW08EN"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Seagull Drivers"="ssdal_nc.exe startup" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" ==== Startup Folders ====================== 2015-04-30 13:33:37 1206 ----a-w- C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-01-27 08:43:51 2862 ----a-w- C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk 2015-01-30 10:24:38 1506 ----a-w- C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlc.exe - Snelkoppeling.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001Core.job --a-------- C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 12:04] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001UA.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- ::C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 14:54] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 832573cd-c734-4205-94f4-e11aede03421.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 22:08] C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f906d50d-6a79-4d5e-a976-9870f9202690.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 22:08] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001Core" [C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001UA" [C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 832573cd-c734-4205-94f4-e11aede03421" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task f906d50d-6a79-4d5e-a976-9870f9202690" [C:\Program Files\SUPERAntiSpyware\SASTask.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3596BD9F-8057-475C-9D0A-541240B37F45}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\2BrightSparks\SyncBackFree\bmbur01-bart jansen\D" [C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe] "C:\Windows\SysNative\tasks\2BrightSparks\SyncBackFree\bmbur01-bart jansen\SyncBackFree" [C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-04-15 12:12:49 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe 2015-04-27 14:39:09 -------- d-----w- C:\PROGRA~3\Oracle 2015-04-27 14:39:34 -------- d-----w- C:\PROGRA~3\Sun 2015-05-04 16:24:16 -------- d-----w- C:\PROGRA~3\Apple Computer 2015-06-03 06:09:12 -------- d-----w- C:\PROGRA~3\TuneUpMedia 2015-06-12 13:13:35 -------- d-----w- C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-06-19 10:04:52 -------- d-----w- C:\PROGRA~3\Dropbox 2015-06-27 13:13:13 -------- d-----w- C:\PROGRA~3\Seagull 2015-07-15 17:18:17 -------- d-----w- C:\PROGRA~3\Hewlett-Packard 2015-10-05 06:28:36 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2015-10-05 06:39:13 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chromium Look ====================== Google Slides - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap iCloud Bookmarks - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Google Docs Offline - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://cpb.bnpparibasfortis.be/cpbb/nl/Online-Services/Home/PC-banking-Business/page.aspx/11973" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://cpb.bnpparibasfortis.be/cpbb/nl/Online-Services/Home/PC-banking-Business/page.aspx/11973" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\PTC\MKSTOO~1\bin\ncoeenv.exe O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" O4 - HKLM\..\Run: [IsaCertUpdate] C:\Program Files (x86)\Common Files\Isabel\isacertupdate.exe O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [ACDSeeCommanderPro8] C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user') O4 - Startup: Dropbox.lnk = bart jansen\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Outlook 2013.lnk = ? O4 - Startup: vlc.exe - Snelkoppeling.lnk = C:\Program Files (x86)\VideoLAN\VLC\vlc.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.belfius.be O15 - Trusted Zone: http://*.bnpparibasfortis.be O15 - Trusted Zone: http://*.bnpparibasfortis.com O15 - Trusted Zone: http://*.bookmate.be O15 - Trusted Zone: http://www.bpostbank.be O15 - Trusted Zone: http://www.bpostbanque.be O15 - Trusted Zone: http://stabilus.cadclick.com O15 - Trusted Zone: http://cbc-pdf.cbc.be O15 - Trusted Zone: http://static.cbc.be O15 - Trusted Zone: http://www.crelan.be O15 - Trusted Zone: http://*.dexia.be O15 - Trusted Zone: http://*.fintro.be O15 - Trusted Zone: http://wwwqa.merchant-banking.fortis.com O15 - Trusted Zone: http://www.merchant.fortisbank.com O15 - Trusted Zone: http://www.fortisbusiness.com O15 - Trusted Zone: http://*.ing.be O15 - Trusted Zone: http://*.isabel.be O15 - Trusted Zone: http://www.isabel.be O15 - Trusted Zone: http://www.beta.isabel.be O15 - Trusted Zone: http://*.isabel.eu O15 - Trusted Zone: http://www.isabel.eu O15 - Trusted Zone: http://www.beta.isabel.eu O15 - Trusted Zone: http://kbc-pdf.kbc.be O15 - Trusted Zone: http://static.kbc.be O15 - Trusted Zone: http://www.kbcam.be O15 - Trusted Zone: http://www.kbcam.com O15 - Trusted Zone: http://*.qafintro.be O15 - Trusted Zone: http://*.zoomit.be O15 - Trusted Zone: http://*.zoomit.eu O15 - Trusted Zone: http://*.belfius.be (HKLM) O15 - Trusted Zone: http://*.bnpparibasfortis.be (HKLM) O15 - Trusted Zone: http://*.bnpparibasfortis.com (HKLM) O15 - Trusted Zone: http://*.bookmate.be (HKLM) O15 - Trusted Zone: http://www.bpostbank.be (HKLM) O15 - Trusted Zone: http://www.bpostbanque.be (HKLM) O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM) O15 - Trusted Zone: http://static.cbc.be (HKLM) O15 - Trusted Zone: http://www.crelan.be (HKLM) O15 - Trusted Zone: http://*.dexia.be (HKLM) O15 - Trusted Zone: http://*.fintro.be (HKLM) O15 - Trusted Zone: http://wwwqa.merchant-banking.fortis.com (HKLM) O15 - Trusted Zone: http://www.merchant.fortisbank.com (HKLM) O15 - Trusted Zone: http://www.fortisbusiness.com (HKLM) O15 - Trusted Zone: http://*.ing.be (HKLM) O15 - Trusted Zone: http://*.isabel.be (HKLM) O15 - Trusted Zone: http://www.isabel.be (HKLM) O15 - Trusted Zone: http://www.beta.isabel.be (HKLM) O15 - Trusted Zone: http://*.isabel.eu (HKLM) O15 - Trusted Zone: http://www.isabel.eu (HKLM) O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM) O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM) O15 - Trusted Zone: http://static.kbc.be (HKLM) O15 - Trusted Zone: http://www.kbcam.be (HKLM) O15 - Trusted Zone: http://www.kbcam.com (HKLM) O15 - Trusted Zone: http://*.qafintro.be (HKLM) O15 - Trusted Zone: http://*.zoomit.be (HKLM) O15 - Trusted Zone: http://*.zoomit.eu (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{7E27EAFC-CCC1-4CDE-8644-8D50F6F6AD5E}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KeyShot5 Render Master - Unknown owner - C:\KeyShot5 Network Rendering\keyshot5_network_master_watchdog.exe O23 - Service: KeyShot5 Render Slave - Unknown owner - C:\KeyShot5 Network Rendering\keyshot5_network_slave_watchdog.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NuTCRACKER Service (NuTCRACKERService) - Unknown owner - C:\Windows\system32\nutsrv4.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PortmapperService - PTC Inc. - C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: WinToUSB - Unknown owner - C:\Program Files (x86)\WinToUSB\bin\W2UWatcher.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} DymoQuickPrint = "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [Sanford, L.P.] iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [Apple Inc.] iCloudDrive = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [Apple Inc.] Autodesk Sync = C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [Autodesk, Inc.] ACDSeeCommanderPro8 = C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [ACD Systems] Dropbox Update = "C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [Dropbox, Inc.] ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [Apple Inc.] AdobeBridge = (empty string) [file not found] SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [SUPERAntiSpyware] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Keyshot 5 Network SlaveTray = C:\KeyShot5 Network Rendering\keyshot5_network_slave_tray.exe [null data] EvtMgr6 = C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [Logitech, Inc.] ACPW08EN = "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe" [ACD Systems] AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated] Seagull Drivers = ssdal_nc.exe startup [null data] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] Classic Start Menu = "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} NuTCSetupEnviron = C:\PROGRA~1\PTC\MKSTOO~1\bin\ncoeenv.exe [MKS Software Inc.] DLSService = "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [file not found] IsaCertUpdate = C:\Program Files (x86)\Common Files\Isabel\isacertupdate.exe [Isabel SA/NV] beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup [file not found] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {449D0D6E-2412-4E61-B68F-1CB625CD9E52}\(Default) = (no title provided) -> {HKLM...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [Oracle Corporation] {AF949550-9094-4807-95EC-D1C317803333}\(Default) = (no title provided) -> {HKLM...CLSID} = Logitech SetPoint \InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [Logitech, Inc.] -> {HKLM...Wow...CLSID} = Logitech SetPoint \InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [Logitech, Inc.] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [Oracle Corporation] {EA801577-E6AD-4BD5-8F71-4BE0154331A4}\(Default) = (no title provided) -> {HKLM...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {449D0D6E-2412-4E61-B68F-1CB625CD9E52}\(Default) = (no title provided) -> {HKLM...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [Oracle Corporation] {AF949550-9094-4807-95EC-D1C317803333}\(Default) = (no title provided) -> {HKLM...CLSID} = Logitech SetPoint \InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [Logitech, Inc.] -> {HKLM...Wow...CLSID} = Logitech SetPoint \InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [Logitech, Inc.] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [Oracle Corporation] {EA801577-E6AD-4BD5-8F71-4BE0154331A4}\(Default) = (no title provided) -> {HKLM...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [IvoSoft] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt5 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt6 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt7 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt4 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt8 Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] AutoCAD Digital Signatures Icon Overlay Handler\(Default) = {36A21736-36C2-4C11-8ACB-D4136F2B57BD} -> {HKLM...CLSID} = AcSignIcon \InProcServer32\(Default) = C:\Windows\system32\AcSignIcon.dll [Autodesk, Inc.] ShareOverlay\(Default) = {594D4122-1F87-41E2-96C7-825FB4796516} -> {HKLM...CLSID} = ShareOverlay Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] ShareOverlay\(Default) = {594D4122-1F87-41E2-96C7-825FB4796516} -> {HKLM...Wow...CLSID} = ShareOverlay Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension -> {HKLM...CLSID} = NvAppShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension -> {HKLM...CLSID} = OpenGLShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [MS] {DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext -> {HKLM...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {264B5E2D-1329-4569-9D00-8AB8F3DF9C3E} = Autodesk Dgn File Preview -> {HKLM...CLSID} = AcDgnImageExtractor \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM19.dll [Autodesk] {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} = Autodesk Drawing Preview -> {HKLM...CLSID} = ACTHUMBNAIL \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll [Autodesk, Inc.] {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = AutoCAD Digital Signatures Icon Overlay Handler -> {HKLM...CLSID} = AcSignIcon \InProcServer32\(Default) = C:\Windows\system32\AcSignIcon.dll [Autodesk, Inc.] {5800AD5B-72C1-477B-9A08-CA112DF06D97} = AutoCAD DWG InfoTip Handler -> {HKLM...CLSID} = AcInfoTipHandler \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk] {8A0BC933-7552-42E2-A228-3BE055777227} = AutoCAD DWG Column Handler -> {HKLM...CLSID} = AcColumnHandler \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk] {A7B36FF9-3BB0-426B-A737-A997B80466D5} = Autodesk 360 -> {HKLM...CLSID} = Autodesk 360 \InProcServer32\(Default) = C:\Program Files\Autodesk\Autodesk Sync\AdSyncNamespace.dll [Autodesk, Inc.] {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension -> {HKLM...CLSID} = KbLogiExt Class \InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\kbcplext.dll [Logitech, Inc.] {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} = PicaViewCtxMenuShlExt -> {HKLM...CLSID} = PicaViewCtxMenuShlExt Class \InProcServer32\(Default) = C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [ACD Systems International Inc.] {2DCB758A-3BA2-405C-91F8-C44F6E805AF5} = BarTenderThumbnailExtension -> {HKLM...CLSID} = BarTender.ThumbnailExtension \InProcServer32\(Default) = C:\PROGRA~2\Seagull\BARTEN~1\COMPON~1\x64\SHELLE~1.DLL [null data] {EB5F1B7F-B9DA-4F46-8FB2-10AF72BB9B04} = BarTenderPreviewHandler -> {HKLM...CLSID} = BarTender.PreviewHandler \InProcServer32\(Default) = C:\PROGRA~2\Seagull\BARTEN~1\COMPON~1\x64\SHELLE~1.DLL [null data] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B28AA736-876B-46DA-B3A8-84C5E30BA492} = Websites -> {HKLM...Wow...CLSID} = Websites \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\VISSHE.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {5071CDA5-D3E1-11D5-BFC0-005004A71005} = Advanced JPEG Compressor Context Menu Shell Extension -> {HKLM...Wow...CLSID} = Advanced JPEG Compressor Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [null data] {A7B36FF9-3BB0-426B-A737-A997B80466D5} = Autodesk 360 -> {HKLM...Wow...CLSID} = Autodesk 360 \InProcServer32\(Default) = C:\Program Files\Autodesk\Autodesk Sync\Wow6432\AdSyncNamespace.dll [Autodesk, Inc.] {2DCB758A-3BA2-405C-91F8-C44F6E805AF5} = BarTenderThumbnailExtension -> {HKLM...Wow...CLSID} = BarTender.ThumbnailExtension \InProcServer32\(Default) = C:\PROGRA~2\Seagull\BARTEN~1\COMPON~1\Win32\SHELLE~1.DLL [null data] {EB5F1B7F-B9DA-4F46-8FB2-10AF72BB9B04} = BarTenderPreviewHandler -> {HKLM...Wow...CLSID} = BarTender.PreviewHandler \InProcServer32\(Default) = C:\PROGRA~2\Seagull\BARTEN~1\COMPON~1\Win32\SHELLE~1.DLL [null data] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> ("" [file not found]) Security Packages = "" HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\ <> ("schannel.dll" [MS]) SecurityProviders = credssp.dll, schannel.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\Windows\system32\SmartcardCredentialProvider.dll [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AcShellExtension.AcContextMenuHandler\(Default) = {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} -> {HKLM...CLSID} = AcContextMenuHandler \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk] AJC\(Default) = {5071CDA5-D3E1-11D5-BFC0-005004A71005} -> {HKLM...Wow...CLSID} = Advanced JPEG Compressor Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [null data] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [Apple Inc.] -> {HKLM...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] PicaViewCtxMenuShlExt\(Default) = {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} -> {HKLM...CLSID} = PicaViewCtxMenuShlExt Class \InProcServer32\(Default) = C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [ACD Systems International Inc.] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\ DropboxCopyHook\(Default) = {FBC9D74C-AF55-4309-9FB2-C426E071637F} -> {HKCU...CLSID} = DropboxExt CopyHook Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt CopyHook Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data] -> {HKLM...Wow...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ ClassicCopyExt\(Default) = {8C83ACB1-75C3-45D2-882C-EFA32333491C} -> {HKLM...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = AutoCAD DWG column info -> {HKLM...CLSID} = AcColumnHandler \InProcServer32\(Default) = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [Autodesk] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ StartMenuExt\(Default) = {E595F05F-903F-4318-8B0A-7F633B520D2B} -> {HKLM...CLSID} = StartMenuExt \InProcServer32\(Default) = C:\Windows\system32\StartMenuHelper64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = StartMenuExt \InProcServer32\(Default) = C:\Windows\SysWow64\StartMenuHelper32.dll [IvoSoft] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ ClassicCopyExt\(Default) = {8C83ACB1-75C3-45D2-882C-EFA32333491C} -> {HKLM...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Default executables: -------------------- .scr HKCU\Software\Classes\.scr\(Default) = AutoCADScriptFile HKCU\Software\Classes\AutoCADScriptFile\(Default) = AutoCAD Script HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = C:\Windows\system32\notepad.exe "%1" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Windows\web\wallpaper\Windows\img0.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ACDSeePro80ImportPicturesOnArrival\ Provider = ACDSee Pro 8 InvokeProgID = ACDSee Pro 8.AutoPlayHandlerImport InvokeVerb = Import HKLM\SOFTWARE\Classes\ACDSee Pro 8.AutoPlayHandlerImport\shell\Import\command\(Default) = "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" /detect:%1 [ACD Systems International Inc.] ACDSeePro80ImportVideoFilesOnArrival\ Provider = ACDSee Pro 8 InvokeProgID = ACDSee Pro 8.AutoPlayHandlerImport InvokeVerb = Import HKLM\SOFTWARE\Classes\ACDSee Pro 8.AutoPlayHandlerImport\shell\Import\command\(Default) = "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" /detect:%1 [ACD Systems International Inc.] ACDSeePro80PlayVideoFilesOnArrival\ Provider = ACDSee Pro 8 InvokeProgID = ACDSee Pro 8.AutoPlayHandler InvokeVerb = Open HKLM\SOFTWARE\Classes\ACDSee Pro 8.AutoPlayHandler\shell\Open\command\(Default) = "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" "%1" [ACD Systems International Inc.] ACDSeePro80ShowPicturesOnArrival\ Provider = ACDSee Pro 8 InvokeProgID = ACDSee Pro 8.AutoPlayHandler InvokeVerb = Open HKLM\SOFTWARE\Classes\ACDSee Pro 8.AutoPlayHandler\shell\Open\command\(Default) = "C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeQVPro8.exe" "%1" [ACD Systems International Inc.] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSFhConfigBackup\ Provider = @C:\Windows\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{BEDF38B3-5DFC-40D3-A306-48F9CD3CC967}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{C4955B1F-0BC5-470B-9A7C-38ED1342D5A1}\ Provider = ACDSee Pro 8 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeePro8.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "bart jansen" & "All Users" startup folders: ------------------------------------------------------------- C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] Outlook 2013 -> shortcut to: C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe [MS] vlc.exe - Snelkoppeling -> shortcut to: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [VideoLAN] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001Core -> launches: C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c [Dropbox, Inc.] DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001UA -> launches: C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler [Dropbox, Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SUPERAntiSpyware Scheduled Task 832573cd-c734-4205-94f4-e11aede03421 -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:832573cd-c734-4205-94f4-e11aede03421 [SUPERAdBlocker.com] SUPERAntiSpyware Scheduled Task f906d50d-6a79-4d5e-a976-9870f9202690 -> launches: C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f906d50d-6a79-4d5e-a976-9870f9202690 [SUPERAdBlocker.com] User_Feed_Synchronization-{3596BD9F-8057-475C-9D0A-541240B37F45} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {3A1EC8E7-AA51-40A4-AC1D-028D5556DFFE} -> launches: C:\Windows\system32\pcalua.exe -a \\Pc-gregoor\e\Startup1.exe -d \\Pc-gregoor\e [MS] {80491140-2E34-4B39-8D52-82BEED860C3F} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\bart jansen\AppData\Local\TNT2\2.0.0.1923\TNT2User.exe" -c /UNINSTALL PARTNER=11185 [MS] C:\Windows\System32\Tasks\2BrightSparks\SyncBackFree\bmbur01-bart jansen D -> launches: C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe -m "D" [2BrightSparks Pte Ltd] SyncBackFree -> launches: C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe -m [2BrightSparks Pte Ltd] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [file not found] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe invagent.dll,RunUpdate -noappraiser [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\Windows\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\Windows\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers Logon-5d -> launches: %windir%\system32\GWX\GWX.exe /event:7 [MS] MachineUnlock-5d -> launches: %windir%\system32\GWX\GWX.exe /event:8 [MS] OutOfIdle-5d -> launches: %windir%\system32\GWX\GWX.exe /event:6 [MS] OutOfSleep-5d -> launches: %windir%\system32\GWX\GWX.exe /event:9 [MS] refreshgwxconfig-B -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] Telemetry-4xd -> launches: %windir%\system32\GWX\GWX.exe /event:11 [MS] Time-5d -> launches: %windir%\system32\GWX\GWX.exe /event:10 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender Windows Defender Cache Maintenance -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS] Windows Defender Cleanup -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS] Windows Defender Scheduled Scan -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS] Windows Defender Verification -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate AUSessionConnect -> launches: {784E29F4-5EBE-4279-9948-1E8FE941646D} [InProcServer32 entry not found] Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\Windows\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\Windows\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-3477065875-901350911-2823266285-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {553891B7-A0D5-4526-BE18-D3CE461D6310} = (no title provided) -> {HKLM...CLSID} = Classic Explorer Bar \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {553891B7-A0D5-4526-BE18-D3CE461D6310} = (no title provided) -> {HKLM...Wow...CLSID} = Classic Explorer Bar \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS] {56753E59-AF1D-4FBA-9E15-31557124ADA2}\ MenuText = Classic IE Settings Exec = C:\Program Files\Classic Shell\ClassicIE_32.exe [IvoSoft] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Lync - klikken om te bellen MenuText = Lync - klikken om te bellen CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [MS] {56753E59-AF1D-4FBA-9E15-31557124ADA2}\ MenuText = Classic IE Settings Exec = C:\Program Files\Classic Shell\ClassicIE_32.exe [IvoSoft] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> Tabs = www.google.com [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device Service, Apple Mobile Device Service, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Autodesk Content Service, Autodesk Content Service, "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [null data] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]} DYMO PnP Service, DymoPnpService, "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [null data] HP SI Service, HPSIService, C:\Windows\system32\HPSIsvc.exe [HP] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] KeyShot5 Render Master, KeyShot5 Render Master, C:\KeyShot5 Network Rendering\keyshot5_network_master_watchdog.exe [null data] KeyShot5 Render Slave, KeyShot5 Render Slave, C:\KeyShot5 Network Rendering\keyshot5_network_slave_watchdog.exe [null data] Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\System32\HPZinw12.dll [Hewlett-Packard]} Network Connection Broker, NcbService, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\ncbservice.dll [MS]} NuTCRACKER Service, NuTCRACKERService, C:\Windows\system32\nutsrv4.exe [MKS Software Inc.] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\System32\HPZipm12.dll [Hewlett-Packard]} PortmapperService, PortmapperService, C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [PTC Inc.] SAS Core Service, !SASCORE, "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [SUPERAntiSpyware.com] Windows Defender Network Inspection Service, WdNisSvc, "C:\Program Files\Windows Defender\NisSrv.exe" [MS] WinToUSB, WinToUSB, C:\Program Files (x86)\WinToUSB\bin\W2UWatcher.exe [null data] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> !SASCORE, <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> !SASCORE, <> SystemEventsBroker, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ CutePDF Writer Monitor\Driver = cpwmon64.dll [null data] DYMO LabelWriter Monitor\Driver = LW400MON.DLL [DYMO Corp.] HP Universal Print Monitor\Driver = HPMPW081.DLL [Hewlett-Packard] HP1100LM\Driver = HP1100LM.DLL [null data] HPMLM135\Driver = hpmlm135.dll [Hewlett-Packard Company] Seagull Network Monitor\Driver = ssnetmon.d64 [Seagull Scientific, Inc.] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\ZRKMZDUM will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\bart jansen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2 folders=0 178 bytes) ==== Empty Temp Folders ====================== C:\Users\bart jansen\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BARTJA~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\ZRKMZDUM" not found ==== EOF on di 06/10/2015 at 17:12:05,00 ======================