Ga naar inhoud

PC is erg traag.

Wilma Westra
 Delen

Aanbevolen berichten

  • Reacties 311
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

In het opdrachtprompt typ je vssadmin list providers > c:\vsslist.txt en druk enter.

Let op de spatie voor de / en voor en na de >.

C is de schijfletter van de systeemschijf; deze kan je aanpasssen indien de systeemschijf niet de letter C heeft.

Open de verkenner en klik op de C schijf.

Open het bestand vsslist.txt en plak de inhoud in je volgend bericht of voeg het bestand vsslist.txt toe aan je volgend bericht.

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
startupall; 
filesrcm; 
silentrunners;
srinfo;
HKEY_LOCAL_MACHINE\SYSTEM\Setup;e


  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Wilma Westra Vaste Klant

Wilma Westra

Geplaatst:
  • Auteur
Geplaatst:
Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

In het opdrachtprompt typ je vssadmin list providers > c:\vsslist.txt en druk enter.

Let op de spatie voor de / en voor en na de >.

Ik heb 6 x geprobeerd bovenstaande tekst in te voeren, maar dan gebeurt er niets.....

Link naar reactie
Delen op andere sites
Wilma Westra Vaste Klant

Wilma Westra

Geplaatst:
  • Auteur
Geplaatst:

Hierbij het logje met zoek.exe.

Zoek.exe Version 4.0.0.2 Updated 06-May-2013

Tool run by Wilma on di 07-05-2013 at 15:28:32,74.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results29-04-2013-1023.log 410 bytes

==== Registry Exports ======================

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]

"OsLoaderPath"="\\"

"RestartSetup"=dword:00000000

"SetupType"=dword:00000000

"SystemPartition"="\\Device\\HarddiskVolume1"

"SystemSetupInProgress"=dword:00000000

"SetupPhase"=dword:00000000

"CmdLine"=""

"OOBEInProgress"=dword:00000000

"WorkingDirectory"="C:\\Windows\\Panther"

"CloneTag"=hex(7):57,00,65,00,64,00,20,00,4a,00,61,00,6e,00,20,00,32,00,30,00,\

20,00,31,00,30,00,3a,00,31,00,31,00,3a,00,32,00,31,00,20,00,32,00,30,00,31,\

00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ERSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\sppsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\WS2IFSL]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Pid]

"Pid"="00000270"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines]

"CurrentVersion"="2.0"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0]

"Flags"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\1.0\0\CoreOS]

"Version"="6.0.6000.16386"

"DisplayName"="Windows Core OS Components"

"Type"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0]

"Flags"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\0\CoreOS]

"Version"="6.0.6000.16386"

"DisplayName"="Windows Core OS Components"

"Type"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Baselines\2.0\1\CoreOS]

"Version"="6.1.7601.17514"

"DisplayName"="Windows Core OS Components"

"Type"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Service Reporting API\Components\CoreOS]

"Version"="6.1.7601.17514"

"DisplayName"="Windows Core OS Components"

"Type"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupCl]

"BlockOperations"=dword:00000000

"HiveTime"=dword:000012d4

"FileACLTime"=dword:0000002e

"RunTime"=dword:000014a8

"ExecutionSuccessful"=dword:00000001

"NTSTATUS"=dword:00000000

"DriveMask"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupCl\PendingRequest]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018de]

"ID"=dword:000018de

"VALUE"=dword:0000056c

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018df]

"ID"=dword:000018df

"VALUE"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e0]

"ID"=dword:000018e0

"VALUE"=dword:000787b3

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e1]

"ID"=dword:000018e1

"VALUE"=dword:000014a8

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e2]

"ID"=dword:000018e2

"VALUE"=dword:00046f25

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\000018e5]

"ID"=dword:000018e5

"VALUE"=dword:00000157

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SQM\DWORD\00001911]

"ID"=dword:00001911

"VALUE"=dword:000222c1

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status]

"AuditBoot"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\ChildCompletion]

"setup.exe"=dword:00000003

"oobeldr.exe"=dword:00000003

"SetupFinalTasks"=dword:00000003

"audit.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus]

"GeneralizationState"=dword:00000007

"CleanupState"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\UnattendPasses]

"specialize"=dword:00000000

"oobeSystem"=dword:00000002

"windowsPE"=dword:00000000

"offlineServicing"=dword:00000000

"generalize"=dword:00000000

"auditSystem"=dword:00000000

"auditUser"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeBootPerf]

"StartLow"=dword:7cf6f218

"StartHigh"=dword:01cd4233

"StopLow"=dword:a31bd5e6

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeCmdPerf]

"StartLow"=dword:4dac05fe

"StartHigh"=dword:01cd4234

"StopLow"=dword:4dac05fe

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\OobeExePerf]

"StartLow"=dword:4f919eb6

"StartHigh"=dword:01cd4234

"StopLow"=dword:a2ff4563

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\PendingActionsPerf]

"StartLow"=dword:2e203c5c

"StartHigh"=dword:01cd4234

"StopLow"=dword:2ef416d5

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\SetupCompleteTimer]

"StartLow"=dword:a26a9d9a

"StartHigh"=dword:01cd4234

"StopLow"=dword:a29efbe0

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Timers\SysprepPnpTimer]

"StartLow"=dword:7ef45892

"StartHigh"=dword:01cd4233

"StopLow"=dword:2c29fa02

"StopHigh"=dword:01cd4234

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus]

"setupapi.app.log"=dword:00001000

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-04-12 18:36:10 E16586020CA7590FFDD1FA6327EB37D4 385560233 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Wilma\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-04-30 14:37:17 D017BF8D92938EEB9B3A1D1C53FDA152 14323200 ----a-w- C:\Windows\System32\mshtml.dll

2013-04-30 14:37:17 CFE0CEE587F9CEA4C29DEEC6D85FC91C 1766912 ----a-w- C:\Windows\System32\wininet.dll

2013-04-30 14:37:17 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\System32\msls31.dll

2013-04-30 14:37:17 B5DEC0D4CBBC333CA99FE10B06D4747E 2046464 ----a-w- C:\Windows\System32\iertutil.dll

2013-04-30 14:37:17 B5D742C535D37A7DA0649E03B32CAD80 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-04-30 14:37:17 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\System32\mshtmled.dll

2013-04-30 14:37:17 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-30 14:37:17 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\System32\msrating.dll

2013-04-30 14:37:17 87B775A458A73BB7381E5B67B5652496 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-04-30 14:37:17 69CB1A65B835EE6ADF9E16ED6D443072 1129984 ----a-w- C:\Windows\System32\urlmon.dll

2013-04-30 14:37:17 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe

2013-04-30 14:37:17 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 14:37:17 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\System32\inseng.dll

2013-04-30 14:37:17 3275F17533CB1599841AAABA3C8D3E8E 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-30 14:37:17 260D83B1B3696DFA30E33E015C30E12C 137216 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-30 14:37:17 1B6A7D965462BE6220727721A4CDB247 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-30 14:37:17 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\System32\elshyph.dll

2013-04-30 14:37:17 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe

2013-04-30 14:37:16 F532B056147F251D480F7E5FF0758947 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-04-30 14:37:16 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\System32\url.dll

2013-04-30 14:37:16 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\System32\dxtrans.dll

2013-04-30 14:37:16 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\System32\dxtmsft.dll

2013-04-30 14:37:16 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2013-04-30 14:37:16 BFDD0C5F3E435596F197F003609989C4 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-30 14:37:16 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\System32\imgutil.dll

2013-04-30 14:37:16 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\System32\mshtmler.dll

2013-04-30 14:37:16 A7CFDA703AF9AD409DAA521487E0CB53 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-30 14:37:16 9B59687619B27CDA24638CDC3AF079FB 2877440 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-30 14:37:16 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\System32\icardie.dll

2013-04-30 14:37:16 90F785F7594E3AF23D4392677042BE9A 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-04-30 14:37:16 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\System32\ieapfltr.dat

2013-04-30 14:37:16 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\System32\IEAdvpack.dll

2013-04-30 14:37:16 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\System32\iepeers.dll

2013-04-30 14:37:16 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\System32\pngfilt.dll

2013-04-30 14:37:16 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\System32\occache.dll

2013-04-30 14:37:16 6EF6B6EACCA13DD6131624E0DD5C14A3 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-04-30 14:37:16 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 14:37:16 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe

2013-04-30 14:37:16 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\System32\html.iec

2013-04-30 14:37:16 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\System32\tdc.ocx

2013-04-30 14:37:16 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\System32\iedkcs32.dll

2013-04-30 14:37:16 3FA7F736B877B46EDF1EE6BE6051848D 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-04-30 14:37:16 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe

2013-04-30 14:37:16 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\System32\msfeedsbs.dll

2013-04-30 14:37:16 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\System32\ieuinit.inf

2013-04-30 14:37:16 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\System32\ieapfltr.dll

2013-04-30 14:37:16 0B6118058942961D504AAEA04FECB116 13761024 ----a-w- C:\Windows\System32\ieframe.dll

2013-04-30 14:37:15 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\System32\licmgr10.dll

2013-04-30 14:37:15 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\System32\webcheck.dll

2013-04-30 14:37:15 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-30 14:36:19 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-04-30 14:36:19 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-04-30 14:36:19 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 14:36:19 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 14:36:19 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 14:36:19 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-04-30 14:36:19 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 14:36:19 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-04-30 14:36:19 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 14:36:19 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 14:36:19 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-30 14:36:19 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 14:36:19 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 14:36:18 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\System32\d3d10core.dll

2013-04-30 14:36:18 E12C4928B32ACE04610259647F072635 906240 ----a-w- C:\Windows\System32\FntCache.dll

2013-04-30 14:36:18 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\System32\dxgi.dll

2013-04-30 14:36:18 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-04-30 14:36:18 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-04-30 14:36:18 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\System32\d2d1.dll

2013-04-30 14:36:18 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-04-30 14:36:18 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\System32\d3d10.dll

2013-04-30 14:36:18 7ACDFB4CC67F4993DF0E0731576309B2 1504768 ----a-w- C:\Windows\System32\d3d11.dll

2013-04-30 14:36:18 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-04-30 14:36:18 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-04-30 14:36:18 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\System32\DWrite.dll

2013-04-30 14:36:18 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-04-30 14:36:18 3BCECD87AB4E6743BFB45B352AD1A529 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

====== C:\Windows\system32\drivers =====

2013-04-24 14:41:41 5E43D2B0EE64123D4880DFA6626DEFDE 1211752 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-12 11:11:09 E306A24D9694C724FA2491278BF50FDB 196328 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-09 21:06:49 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-04-12 17:52:19 -------- d-----w- C:\Program Files\Speccy

2013-04-11 11:40:18 -------- d-----w- C:\Program Files\Common Files\Skype

======= C: =====

2013-05-06 18:03:40 E19C01E246A3F87F6478BE008E39E2F8 285 ----a-w- C:\vsslist.txt

2013-04-26 13:22:07 FA02ACFA0D968502212E01C46BEE4AA5 1124 ----a-w- C:\DelFix.txt

====== C:\Users\Wilma\AppData\Roaming ======

2013-04-11 20:59:03 -------- d-----w- C:\users\Wilma\AppData\Local\Temp

2013-04-10 18:01:18 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-04-10 18:01:18 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-04-10 18:01:18 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-04-09 21:15:22 -------- d-----w- C:\users\Wilma\AppData\Local\ElevatedDiagnostics

====== C:\Users\Wilma ======

2013-04-10 18:01:18 -------- d-----w- C:\Users\Public\AppData

====== C: exe-files ==

2013-05-07 13:15:53 B59C4BFE09E4B85E580B3854C2E8F689 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IPCM24T.exe

2013-05-04 13:00:26 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateBroker.exe

2013-05-04 13:00:26 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe

2013-05-04 13:00:25 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdateSetup.exe

2013-05-04 13:00:20 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe

2013-05-04 13:00:20 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

2013-05-04 13:00:19 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.21.145\GoogleUpdate.exe

2013-05-04 13:00:17 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe

2013-05-03 20:51:07 15B86AEBC342B42AB5CAFA3E7A743A60 4346816 ----a-w- C:\Users\Wilma\Downloads\ccsetup401 (1).exe

2013-05-03 20:49:08 15B86AEBC342B42AB5CAFA3E7A743A60 4346816 ----a-w- C:\Users\Wilma\Downloads\ccsetup401.exe

2013-04-30 14:37:17 E4F6125ED5185F8FA37CC4F449B85526 770608 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-04-30 14:37:17 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe

2013-04-30 14:37:17 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 14:37:17 260D83B1B3696DFA30E33E015C30E12C 137216 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-30 14:37:17 1B6A7D965462BE6220727721A4CDB247 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-30 14:37:17 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe

2013-04-30 14:37:16 F627F4D4223F3F7D104294575E9E6F9D 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe

2013-04-30 14:37:16 F532B056147F251D480F7E5FF0758947 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-04-30 14:37:16 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 14:37:16 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe

2013-04-30 14:37:16 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2013-04-30 14:37:16 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe

2013-04-30 14:37:16 3090B888E263E56744F8BFEF3A36D67D 467456 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-04-30 14:37:16 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe

=== C: other files ==

2013-05-07 13:27:38 EFF68C4C3AE6C4C317A88FD6A2476CAC 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$I0KMOGD.zip

2013-05-07 13:27:34 6556ED0F754E340CE51D2D090F98EBE5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IDFXEZR.zip

2013-05-07 13:27:30 39D9C19FA78A407819F150EEE693B8EB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IFCHYF5.zip

2013-05-07 13:27:26 A5EC43769DD8AD57E957634A368FC55D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$I8L4A4U.zip

2013-05-07 13:27:22 449FE9210ACFAF0CD31373EFD8CD2671 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$IPI2WT2.zip

2013-05-07 13:20:16 CDCFC1695EE9C50664C40A91334BFDB3 1264610 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$RFCHYF5.zip

2013-05-07 13:19:52 CDCFC1695EE9C50664C40A91334BFDB3 1264610 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2375090405-1869871859-1792986959-1000\$RDFXEZR.zip

======== System Restore Points ========

No Restore Point in System.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2375090405-1869871859-1792986959-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"EMET Notifier"="C:\Program Files\EMET\EMET_notifier.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Folders ======================

2012-06-11 08:29:28 1288 ----a-w- C:\users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13-03-2013 20:57]

C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [22-10-2012 13:45]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2012 11:52]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2012 11:52]

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]

Skype = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

IAStorIcon = C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data]

CLMLServer = "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [CyberLink]

RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor]

GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS]

MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

EMET Notifier = C:\Program Files\EMET\EMET_notifier.exe [null data]

APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM...CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = Windows Live ID Sign-in Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = Google Toolbar Helper

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO

-> {HKLM...CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}

-> {HKCU...CLSID} = UpToDateOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}

-> {HKCU...CLSID} = SyncingOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}

-> {HKCU...CLSID} = ErrorOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM...CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class

-> {HKLM...CLSID} = DesktopContext Class

\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension

-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension

\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper

-> {HKLM...CLSID} = NVIDIA CPL Extension

\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar

-> {HKLM...CLSID} = Groove Folder Synchronization

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler

-> {HKLM...CLSID} = Groove GFS Stub Icon Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler

-> {HKLM...CLSID} = Groove XML Icon Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler

-> {HKLM...CLSID} = Outlook File Icon Extension

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler

-> {HKLM...CLSID} = Microsoft Office Outlook

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search

-> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS]

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS]

{72923739-5A47-40A3-9895-25AF0DFBB9E4} = Glary Utilities Context Menu Shell Extension

-> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM...CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}

-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD}

-> {HKLM...CLSID} = Local Groove Web Services Protocol

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS]

<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}

-> {HKLM...CLSID} = HxProtocol Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

<<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754}

-> {HKLM...CLSID} = Microsoft Infotech Storage Protocol for IE 4.0

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS]

<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}

-> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKLM...CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]

<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}

-> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

<<!>> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}

-> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS]

Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4}

-> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE}

-> {HKLM...CLSID} = ContextMenuHandler Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MI8079~1\shellext.dll [MS]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}

-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension

\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM...CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4}

-> {HKLM...CLSID} = Glary Utilities Context Menu Shell Extension

\InProcServer32\(Default) = C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

disableregistrytools = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

EnableSecureUIAPath = (REG_DWORD) dword:0x00000001

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcqHWEventHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

ProgID = Microsoft.LivePhotoAcqHWEventHandler

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS]

MSLivePhotoAcquireDropHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.LivePhotoAcqDTShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveVideoCameraArrivalCaptureWizard\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

ProgID = WLXAutoPlayMgr.WLXHWEventHandler

InitCmdLine = WLXVideoAcquireWizard

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}

-> {HKLM...CLSID} = WLXWEventHandler Class

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS]

P2GCDBurningOnArrival\

Provider = Power2Go

InvokeProgID = BlankCD

InvokeVerb = OpenWithPower2Go

HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

P2GDVDBurningOnArrival\

Provider = Power2Go

InvokeProgID = BlankDVD

InvokeVerb = OpenWithPower2Go

HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

Power2GoPlayCDAudioOnArrival\

Provider = Power2Go

InvokeProgID = AudioCD

InvokeVerb = PlayWithPower2Go

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]

WIA_{67D74704-3A20-48DA-8972-690A511AB900}\

Provider = EPSON Scan

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Windows\twain_32\escndv\escndv.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Wilma" & "All Users" startup folders:

-------------------------------------------------------

C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}

OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS]

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]

CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

GlaryInitialize -> launches: C:\Program Files\Glary Utilities\initialize.exe [Glarysoft Ltd]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

Scheduled Update for Ask Toolbar -> launches: C:\Program Files\Ask.com\UpdateTask.exe [file not found]

User_Feed_Synchronization-{9F24D1D4-B737-42A8-910E-C05180C0A003} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

{9E45B4DA-1B17-432C-8E71-79B7BABDD91D} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Wilma\Downloads\zoek (1).exe" -d C:\Users\Wilma\Downloads [MS]

C:\Windows\System32\Tasks\Apple

AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM...CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}

-> {HKLM...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]

ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]

DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]

MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]

ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM...CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM...CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM...CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM...CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]

ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]

Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-2375090405-1869871859-1792986959-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 30

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)

-> {HKLM...CLSID} = Google Toolbar

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM...CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Verzenden naar OneNote

MenuText = Verz&enden naar OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll [MS]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\

ButtonText = Skype Click to Call

CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

-> {HKLM...CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

ButtonText = Research

BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

-> {HKLM...CLSID} = &Onderzoeken

\InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]

Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]

Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]

iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]

Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]

NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation]

ProtexisLicensing, ProtexisLicensing, C:\Windows\system32\PSIService.exe [null data]

Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [skype Technologies S.A.]

TeamViewer 8, TeamViewer8, "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]

Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MsMpSvc, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MsMpSvc, Service

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

EPSON SX420W Series 32MonitorBE\Driver = E_FLBGCE.DLL [sEIKO EPSON CORPORATION]

EPSON SX430 Series 32MonitorBE\Driver = E_FLBHAE.DLL [sEIKO EPSON CORPORATION]

Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

  • Start Zoek.exe op als administrator door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren..
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Code:

vssadmin list providers >>"%temp%\log.txt";b

  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Wilma Westra Vaste Klant

Wilma Westra

Geplaatst:
  • Auteur
Geplaatst:

Daar is hij.:-)

Zoek.exe Version 4.0.0.2 Updated 06-May-2013

Tool run by Wilma on wo 08-05-2013 at 13:08:50,55.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results07-05-2013-1533.log 63649 bytes

C:\zoek-results29-04-2013-1023.log 410 bytes

==== Batch Command(s) Run By Tool======================

vssadmin 1.1 - Opdrachtregelbeheerprogramma voor Volume Shadow Copy-service

© Copyright 2001-2005 Microsoft Corp.

Providernaam: 'Microsoft Software Shadow Copy provider 1.0'

Providertype: Systeem

Provider-id: {b5946137-7b9f-4925-af80-51abd60b20d5}

Versie: 1.0.0.7

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.