Ga naar inhoud

PQservice probleem op windows Vista onstabiel


romijo

Aanbevolen berichten

  • Reacties 55
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Nu heb ik een serieus probleem https://mega.co.nz heeft zich genesteld in mijn internetbrowser op al mijn pc's er is niets geinstalleerd maar dit is een online opslag media waar je 50Gb gratis kon parkeren, maar er staat nergens een verwijderknop van je account wat daar is aangemaakt heb al verschillende mails er naar toe gestuurd maar geen reactie, kan ik dit bij internetoptie's ergens uitvinken want telkens als ik b.v. iets wil downloaden komt hun site met de down en upload te voorschijn.

En met dit probleem is het op de laptop begonnen. laptop werkt wel maar een heleboel werkt er niet meer filemanager, internet, etc.

Maar nu wil ik toch graag mijn desktop pc eerst in orde dat die mega rotzooi uit mijn internet gaat wat kan ik doen??

gr. en alvast weer veel dank voor uw hulp.

Link naar reactie
Delen op andere sites

Ik kan de addons/pluggins niet vinden waar moet ik dan kijken, heb bij internetoptie's gekeken het hele rijtje afgegaan maar zal waarschijnlijk dan andere benaming zijn zou dat kunnen? Ze hebben van Megaupload mij vanochtend vroeg een mail verzonden daar stond in dat ze mijn account zouden verwijderen, maar volgens mij nog niet gebeurd, dus op de ene of andere manier moet ik ergens iets uitschakelen want op de pc zelf is nergens iets te vinden. Help je me a.u.b. nog verder? b.v.d. vr.gr.

- - - Updated - - -

waarschijnlijk heeft die megaupload zich op de pc genesteld met een andere naam (denk ik)

- - - Updated - - -

http://tweakers.net/nieuws/86757/nieuwe-opslagdienst-van-megaupload-medewerkers-opent-deuren.html

- - - Updated - - -

http://www.nu.nl/internet/3006790/opvolger-megaupload-geeft-50-gb-gratis-opslag.html

Link naar reactie
Delen op andere sites

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Klik op de knop "Options" en vink nu de onderstaande opties aan.


    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • Silent Runners
    • Firefox Defaults
    • Reset Chrome
    • System Restore Point
    • IE Defaults
    • Reset Hosts
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.2 Updated 28-May-2013

Tool run by Robbescheuten on wo 29-05-2013 at 17:58:34,77.

Microsoft Windows 8 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

29-5-2013 18:01:08 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Classic Shell\ClassicShellService.exe

C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\csrss.exe

C:\Windows\System32\WinLogon.exe

C:\Windows\System32\LogonUI.exe

C:\Windows\System32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\csrss.exe

C:\Windows\System32\WinLogon.exe

C:\Windows\System32\LogonUI.exe

C:\Windows\System32\dwm.exe

C:\Windows\system32\csrss.exe

C:\Windows\System32\WinLogon.exe

C:\Windows\System32\LogonUI.exe

C:\Windows\System32\dwm.exe

C:\Windows\system32\csrss.exe

C:\Windows\System32\WinLogon.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\LogonUI.exe

C:\Windows\System32\dwm.exe

C:\Windows\system32\dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Windows\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\WacomHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Users\Robbescheuten\AppData\Local\Temp\Temp2_zoek.zip\zoek.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\conhost.exe

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Creating Sample_29-05-2013_1802.zip ======================

Process iexplore.exe killed

Copied file C:\Users\Robbescheuten\AppData\Roaming\Acoustica-CD-Label-Maker-Installer.exe to sample

sample\Acoustica-CD-Label-Maker-Installer.exe renamed to 702541C4EFA268FF973F8F423B0008E1

C:\Users\Public\Desktop\sample_29-05-2013_1802.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Installed Programs ======================

clear.fi SDK- Movie 2

clear.fi SDK - Video 2

Acer Power Management

Acer Recovery Management

AcerCloud Docs

AcerCloud Portal

Acoustica CD/DVD Label Maker

Adobe AIR

Adobe Community Help

Adobe Shockwave Player 12.0

Agatha Christie - Death on the Nile

Aloha TriPeaks

Any DVD Cloner Platinum 1.2.0

ArcSoft Perfect365

ArtRage Studio Pro

Ashampoo Burning Studio 10.0.1

Bamboo

Bejeweled 3

BufferChm

CameraHelperMsi

Canon Easy-PhotoPrint EX

Canon MG6200 series MP Drivers

Canon MP Navigator EX 5.0

CCleaner

Classic Shell

clear.fi Media

clear.fi Photo

Click'N Design 3D for AfterBurner (V5)

Corel PaintShop Pro X5

CyberLink PowerDVD 12

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Delicious: Emily's True Love Premium Edition

Destinations

DocProc

Droppix Label Maker XE 2.x

DVD Shrink 3.2

Easy Poster Printer

erLT

ESET Smart Security

Express Burn

ffdshow [rev 2975] [2009-05-28]

Firebird SQL Server - MAGIX Edition

FormatFactory 3.0.1

Foxit Reader

Governor of Poker 2 Premium Edition

Hema Fotoalbum

Hotkey Utility

HP Imaging Device Functions 14.5

HP Product Detection

HP Scanjet G3110

HP Update

hpg3110

ICA

Identity Card

Inpaint 3.1

Intel® Control Center

Intel® Management Engine Components

Intel© Trusted Connect Service Client

IPM_PSP_COM

Java 7 Update 21

Java Auto Updater

Jewel Match 3

John Deere Drive Green

Junk Mail filter update

jZip

Live Updater

Logitech-webcamsoftware

Logo Design Studio Pro

LogoDesignStudio

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magic Academy

Magic Video Converter 12.1.11.2

MAGIX 3D Maker (embeded)

MAGIX 3D Maker Download version 6.0.0.10 (UK)

MAGIX Foto's op CD & DVD 8 deluxe 8.0.5.3 (NL)

MAGIX Foto Manager 9

MAGIX Photo Graphic Designer 6 Update

MAGIX Photo & Graphic Designer 6

MAGIX Screenshare

MAGIX Speed burnR

MAGIX Xtreme Photo Designer 6

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared 32-bit MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Windows Media Video 9 VCM

More Games from WildTangent Games

Movie Maker

Mozilla Firefox 20.0.1 (x86 nl)

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

Nero 8 Lite

New Project

NVIDIA 3D Vision Controller Driver 305.46

NVIDIA 3D Vision Driver 305.46

NVIDIA Control Panel 305.46

NVIDIA Graphics Driver 305.46

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

OCR Software by I.R.I.S. 14.5

Office Addin

Office Addin 2003

Penguins

Photo Common

Photo Gallery

Plants vs. Zombies - Game of the Year

Polar Bowler

PSE10 STI Installer

PSE11 STI Installer

PSPPContent

PSPPHelp

PSPPro64

QuickShare

QuickTime Alternative 2.8.0

Real Alternative 1.9.0

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller Pro 3.0.5

RonyaSoft CD DVD Label Maker 3.01

Scan

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Setup

Shared C Run-time for x64

Sothink Logo Maker Professional

Speccy

swMSM

Tales of Lagoona

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update Installer for WildTangent Games App

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual Studio 2005 Tools for Office tweede editie runtime

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)

VLC media player 2.0.5

WebReg

WebTablet FB Plugin 32 bit

WebTablet FB Plugin 64 bit

Windows-stuurprogrammapakket - Hewlett-Packard Image (05/24/2012 11.5.0.116)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR v4.20 (x64)

Wondershare DVD Creator(Build 2.6.5)

XFlip 2.0.1

Xilisoft YouTube HD Video Converter

Your Software Deals

Zuma's Revenge

==== FireFox Fix ======================

Deleted from C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default\prefs.js:

Added to C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js:

Added to C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\ProgramData\.zreglib" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Adobe CS5-voorkeuren voor filter Exporteren" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Adobe CS5-voorkeuren voor PNG-indeling" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Adobe PNG Format CS5 Prefs" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Acoustica-CD-Label-Maker-Installer.exe" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Real" deleted

"C:\Program Files (x86)\Delta" deleted

"C:\Program Files (x86)\Wondershare" deleted

"C:\Program Files (x86)\Common Files\Wondershare" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Babylon" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Babylon" deleted

"C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted

"C:\Users\Robbescheuten\AppData\Local\jZip" deleted

"C:\Users\Robbescheuten\AppData\Local\Wondershare" deleted

"C:\Users\Robbescheuten\AppData\Local\Bundled software uninstaller" deleted

"C:\Users\Robbescheuten\AppData\Local\Smartbar" deleted

"C:\Users\Robbescheuten\AppData\LocalLow\AskToolbar" deleted

"C:\Users\Robbescheuten\AppData\LocalLow\Smartbar" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-05-26 21:23:31 0A055B0F280E342CD335CC154FEDDB94 24 ---h--w- C:\Windows\msrgctb.ini

2013-05-26 21:23:31 0A055B0F280E342CD335CC154FEDDB94 24 ---h--w- C:\Windows\msrgcta.ini

====== C:\Users\ROBBES~1\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-05-26 21:23:20 F8D176DB5B14AED7C9B25E0640226BD1 258352 ----a-w- C:\Windows\SysWOW64\unicows.dll

2013-05-26 21:23:20 EB5F811C1F78005B3C147599A0CCCF51 608448 ----a-w- C:\Windows\SysWOW64\comctl32.ocx

2013-05-26 21:23:20 D329085A88A9019ED5700C0F04B3176E 137000 ----a-w- C:\Windows\SysWOW64\msmapi32.ocx

2013-05-24 22:30:31 8421128C739B34EDBCE050623516B530 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-05-24 22:30:29 C5DC8777254F7BA750F6E03FF5185AD4 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-05-24 22:30:29 99AB708B283850A7B229424E445F2F91 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-05-24 22:30:29 64B461764FC576B417F7FC1FDE503B7F 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-05-24 22:30:29 1901EAD5E10209B5BE639E13B9904D35 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-05-24 22:30:28 E3C37A15A04C1DF9B3B5C27237A41C5C 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-05-24 22:30:28 D06F4C0A339AD7B5168A1C3D15B91866 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-05-24 22:30:28 BEDA75EA6827DD7DB9B08D0C492FEA75 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-05-24 22:28:58 EDE68B7304297E03B50918B4AF650E86 17561600 ----a-w- C:\Windows\SysWOW64\shell32.dll

2013-05-24 22:28:54 2939B7C8F291680F5803DEBB4BCA52E4 199168 ----a-w- C:\Windows\SysWOW64\shdocvw.dll

2013-05-24 22:28:20 77A8C35CA0804AF869180CA598F8D26D 2382336 ----a-w- C:\Windows\SysWOW64\esent.dll

2013-05-24 22:28:13 06C5E22E47C68A204CAA7206ECD6E58B 11878912 ----a-w- C:\Windows\SysWOW64\wmp.dll

2013-05-24 22:28:12 70032A556617347A4E6C53DA16DC3FCE 10789888 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2013-05-24 22:28:12 18152CAB34DF83B2B16A7FC0BFE80AAB 2767360 ----a-w- C:\Windows\SysWOW64\tquery.dll

2013-05-24 22:28:11 4B6BCFDA47A2E55C326494F12452D36B 1593344 ----a-w- C:\Windows\SysWOW64\mssrch.dll

2013-05-24 22:28:08 9398353A04C00C3B9B7A9A45DF3C13A9 1113600 ----a-w- C:\Windows\SysWOW64\MSAudDecMFT.dll

2013-05-24 22:28:08 49CDF50EDBC11418B1A33959A99961EA 403968 ----a-w- C:\Windows\SysWOW64\mssph.dll

2013-05-24 22:28:07 FCCEDE04F10EC0B72321333FF928E5AF 1408896 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2013-05-24 22:28:07 6E3DF13A4F37DF490BEEF87417B21F28 8857088 ----a-w- C:\Windows\SysWOW64\twinui.dll

2013-05-24 22:28:07 5B2CA9D6F7E49EE443453D93472918CA 324096 ----a-w- C:\Windows\SysWOW64\schannel.dll

2013-05-24 22:28:07 4DD38C9F28B9A0D8B1635580E8DF7D86 302592 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe

2013-05-24 22:28:06 E23423B873733BB831898C67300C3CAC 656896 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2013-05-24 22:28:06 7D815C01B62B86BFC8D36F1134C0E3F1 2035200 ----a-w- C:\Windows\SysWOW64\authui.dll

2013-05-24 22:28:06 58ABD60925CE849CEAEBAC105E74BE5A 426024 ----a-w- C:\Windows\SysWOW64\AudioEng.dll

2013-05-24 22:28:06 434D27871C24D123038BCE8507010276 252928 ----a-w- C:\Windows\SysWOW64\rsaenh.dll

2013-05-24 22:28:06 1F2C7F52F7A53751ED38287EF90942C8 324368 ----a-w- C:\Windows\SysWOW64\AudioSes.dll

2013-05-24 22:28:06 031397F2F9B2445CD901C8694E4012FD 670208 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe

2013-05-24 22:28:05 EE6CD55E45FB9022B90C12B760A32876 186880 ----a-w- C:\Windows\SysWOW64\mssphtb.dll

2013-05-24 22:28:05 D582457BE12CE7649D8FFE6BDFBF83A0 389632 ----a-w- C:\Windows\SysWOW64\intl.cpl

2013-05-24 22:28:05 D54A923CB6EEA45576380C197A480142 411136 ----a-w- C:\Windows\SysWOW64\Windows.Networking.dll

2013-05-24 22:28:05 CE3EE84318F36CEFFE8B35F97BFA2804 214528 ----a-w- C:\Windows\SysWOW64\mfreadwrite.dll

2013-05-24 22:28:05 C043356858B65CEC5B751CE74F013125 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe

2013-05-24 22:28:05 BB208BC1082B114AFBBE6CCBE42AA6CA 171008 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe

2013-05-24 22:28:05 98AE6E68249F47584EB5353D2E371AF4 361984 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll

2013-05-24 22:28:05 973490D8FA14A14C6307BC4F672178DB 123880 ----a-w- C:\Windows\SysWOW64\wscapi.dll

2013-05-24 22:28:05 701B9B1100E251A9125BD72307ABACFF 659456 ----a-w- C:\Windows\SysWOW64\mssvp.dll

2013-05-24 22:28:05 492EDFADEFB48CCAE6D848BC484E9630 41984 ----a-w- C:\Windows\SysWOW64\fmifs.dll

2013-05-24 22:28:05 450DBA20B14DA7F827C71F880483B859 155648 ----a-w- C:\Windows\SysWOW64\dmvdsitf.dll

2013-05-24 22:28:05 2616F018CF3BB7D8CEE0C00EE5730898 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-24 22:28:05 1F8B4D03B06617338750496530A92BE5 268800 ----a-w- C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-05-24 22:28:04 CF3FE167858C4DC3E853AFCC43AB4B7F 35328 ----a-w- C:\Windows\SysWOW64\mssprxy.dll

2013-05-24 22:28:04 688C938523639C1A96A66B3832B7E74F 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll

2013-05-24 22:28:04 48C690A3F2106A23B261442E08992E08 10752 ----a-w- C:\Windows\SysWOW64\msshooks.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-05-24 22:30:32 3BEB35752C6CB89441725C637F28E741 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-05-24 22:30:30 9A7830D03B6DC20781C160733B8CE248 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-05-24 22:30:30 19A53C33DF574849FB0A5DEE90D0B224 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-05-24 22:30:29 9B9107F1486476D86B6910EDF07F4358 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-05-24 22:30:29 19EFE41F8BF6B7781BF0FA08C84E0034 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-05-24 22:30:29 16D90132E422A965307406DC1B00E9BF 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-05-24 22:30:28 E508A303148C549C28B5723699EF4552 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-05-24 22:30:28 DC7CD161C78524ADB54F4334431B319F 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll

2013-05-24 22:30:28 42950B529F6F0D0035B25E88C1FC632E 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-05-24 22:30:28 113D4D908B1EC3A69183729371A55405 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-05-24 22:29:00 F8E8AB38B693DD43A982F95B7A3158CC 19758592 ----a-w- C:\Windows\Sysnative\shell32.dll

2013-05-24 22:28:54 5544F876B3932D3D6ED67656B28228CF 112872 ----a-w- C:\Windows\Sysnative\consent.exe

2013-05-24 22:28:54 4FF1C0F2B66119DA7A48BC1F160892C5 222208 ----a-w- C:\Windows\Sysnative\shdocvw.dll

2013-05-24 22:28:54 4F750B7EFCB6520AE01E01D082D7D476 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll

2013-05-24 22:28:20 56DA495DE9758984ADF855D4EA30D4A9 2851840 ----a-w- C:\Windows\Sysnative\esent.dll

2013-05-24 22:28:15 43F4569BFF89D84E7E43DC41AA7B8554 13648384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll

2013-05-24 22:28:14 64C3C2FCFECC783279FBC51769673144 3552768 ----a-w- C:\Windows\Sysnative\tquery.dll

2013-05-24 22:28:14 57EF2DC36D34092F79CD9F7F016359F3 14267904 ----a-w- C:\Windows\Sysnative\wmp.dll

2013-05-24 22:28:12 13FC1A4A3463E9DE1EF1881E8525EB56 2107904 ----a-w- C:\Windows\Sysnative\mssrch.dll

2013-05-24 22:28:11 A05BA2FE3B3FFE1920F383E3E321D9A2 1829408 ----a-w- C:\Windows\Sysnative\ntdll.dll

2013-05-24 22:28:11 092115A536C478921DA3D24E29C06E3E 1444864 ----a-w- C:\Windows\Sysnative\MSAudDecMFT.dll

2013-05-24 22:28:09 80E66F3F18603523585AF96B43D7945A 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-05-24 22:28:09 39F8E0D68E941FB947F4116A29C5D53E 10116096 ----a-w- C:\Windows\Sysnative\twinui.dll

2013-05-24 22:28:08 ED40ED9A65F3E79A8C43DD50C5FDADBF 1285632 ----a-w- C:\Windows\Sysnative\schedsvc.dll

2013-05-24 22:28:08 A7FA87716A1F39BECB5CDED4F03C73F7 306952 ----a-w- C:\Windows\Sysnative\kd_02_10ec.dll

2013-05-24 22:28:08 9FDAA6957F04A6D1917463B7CBBEF88A 816128 ----a-w- C:\Windows\Sysnative\SearchIndexer.exe

2013-05-24 22:28:08 810F30FF8490ED5ED510621DF10DE320 785408 ----a-w- C:\Windows\Sysnative\audiosrv.dll

2013-05-24 22:28:07 C82794F9B5AF314F7CACA6AF758C44A0 422400 ----a-w- C:\Windows\Sysnative\schannel.dll

2013-05-24 22:28:07 A6D52417607B399790678AFB2B44CDF3 172544 ----a-w- C:\Windows\Sysnative\dwmredir.dll

2013-05-24 22:28:07 8FB468CFB4A4B0E13A19A672D9429B1F 2303488 ----a-w- C:\Windows\Sysnative\authui.dll

2013-05-24 22:28:07 78DF3884149D09A3E703DDCA91BFFD84 446792 ----a-w- C:\Windows\Sysnative\AudioSes.dll

2013-05-24 22:28:07 77DAB73F2AF988D07D72FD2DA0DC91FC 298456 ----a-w- C:\Windows\Sysnative\rsaenh.dll

2013-05-24 22:28:07 7018F9EEEC3B5427046E6D761715BC54 595456 ----a-w- C:\Windows\Sysnative\Windows.Networking.dll

2013-05-24 22:28:07 6B8EDB9EC94DC2D1370C57564E853051 489576 ----a-w- C:\Windows\Sysnative\AudioEng.dll

2013-05-24 22:28:07 58C0CA86362B32ABC87E39A99013C75A 367616 ----a-w- C:\Windows\Sysnative\conhost.exe

2013-05-24 22:28:07 489B2DC75115A61769B9304FAEBC7D66 817152 ----a-w- C:\Windows\Sysnative\kerberos.dll

2013-05-24 22:28:07 480FB2259449C49C630D4AC3EC1EB426 373760 ----a-w- C:\Windows\Sysnative\SearchProtocolHost.exe

2013-05-24 22:28:07 38069D6F774EB0B83A9301E5698B52CA 435200 ----a-w- C:\Windows\Sysnative\mssph.dll

2013-05-24 22:28:06 E1B0C213296FF324992BEF0E285BB623 1403784 ----a-w- C:\Windows\Sysnative\winload.efi

2013-05-24 22:28:06 AB279D4734BC508911C004F8D1011973 456704 ----a-w- C:\Windows\Sysnative\wpncore.dll

2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\Sysnative\winload.exe

2013-05-24 22:28:06 46159633AA549E4D2CF6455B056CAB96 523264 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll

2013-05-24 22:28:06 3B002BD044161080F3A5235E79AE171E 391168 ----a-w- C:\Windows\Sysnative\Windows.Networking.BackgroundTransfer.dll

2013-05-24 22:28:06 22B9D38C6A69591811C10D4D1BF96AFE 1217328 ----a-w- C:\Windows\Sysnative\winresume.efi

2013-05-24 22:28:06 205162CCEBA17B54C6A7788C31726E95 804352 ----a-w- C:\Windows\Sysnative\RecoveryDrive.exe

2013-05-24 22:28:06 09B2F3A41C6A8BFA22640826F70E9810 253544 ----a-w- C:\Windows\Sysnative\audiodg.exe

2013-05-24 22:28:05 F2027911CBDC096576F0F1F81C790C1B 468992 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll

2013-05-24 22:28:05 F0CFE7AA1100CDEF41ABA210C5610E85 196096 ----a-w- C:\Windows\Sysnative\dmvdsitf.dll

2013-05-24 22:28:05 E8801AF63EE3DEACA29F1F5526C35F53 86280 ----a-w- C:\Windows\Sysnative\kdnet.dll

2013-05-24 22:28:05 D3461BAFD6314E47C3C984DFEFAA6EEA 419840 ----a-w- C:\Windows\Sysnative\intl.cpl

2013-05-24 22:28:05 D2EFA32998014927140E40054645CA4E 414720 ----a-w- C:\Windows\Sysnative\GenuineCenter.dll

2013-05-24 22:28:05 BCD7A47EF587DC00DD61D12D9C2D1E44 169472 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll

2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\Sysnative\winresume.exe

2013-05-24 22:28:05 8383D48F0A55703A613C339EF586C6AA 50176 ----a-w- C:\Windows\Sysnative\fmifs.dll

2013-05-24 22:28:05 61A9A710077526C9A7F068741540D96E 77960 ----a-w- C:\Windows\Sysnative\kdvm.dll

2013-05-24 22:28:05 5EAC1240B4699EC313C69FCADC5F457A 126464 ----a-w- C:\Windows\Sysnative\Robocopy.exe

2013-05-24 22:28:05 5D072A59331A34C9BE621C7A55578562 210432 ----a-w- C:\Windows\Sysnative\iuilp.dll

2013-05-24 22:28:05 4C1C6E9BB02654EB38CD6DF4ACE6664B 281088 ----a-w- C:\Windows\Sysnative\mfreadwrite.dll

2013-05-24 22:28:05 3EA778FE9D9B56E67C0783A63C4B142E 197120 ----a-w- C:\Windows\Sysnative\SearchFilterHost.exe

2013-05-24 22:28:05 365C6C6BC10201CC1080EB97A559BFC1 503080 ----a-w- C:\Windows\Sysnative\ci.dll

2013-05-24 22:28:05 31CAB21D19D8794854E037DEAABB499C 745984 ----a-w- C:\Windows\Sysnative\mssvp.dll

2013-05-24 22:28:05 0B43D0E9E00CB4F98FC62AB2FA5D96F3 231936 ----a-w- C:\Windows\Sysnative\fhengine.dll

2013-05-24 22:28:05 012CFE7F0F95266F554EE3B91EE2128A 99840 ----a-w- C:\Windows\Sysnative\wscsvc.dll

2013-05-24 22:28:04 FDA6525D9018812E4237ED5EEB29F5DA 2048 ----a-w- C:\Windows\Sysnative\tzres.dll

2013-05-24 22:28:04 E55A2C4497247F8CA09F1B2AAFAEDD3C 13824 ----a-w- C:\Windows\Sysnative\msshooks.dll

2013-05-24 22:28:04 D0B384E810077BF3FE5A11718B512275 387688 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml

2013-05-24 22:28:04 3C77496ED7DB0D802427689F7E613777 96256 ----a-w- C:\Windows\Sysnative\mssprxy.dll

2013-05-24 22:28:04 0E2D8CE7A7A459256CBD5698F90D100A 65024 ----a-w- C:\Windows\Sysnative\msscntrs.dll

2013-05-24 22:27:59 59ADE56B6D7F9392ACBAD9641AE03CD4 6987528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

====== C:\Windows\Sysnative\drivers =====

2013-05-24 22:30:06 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 1455368 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2013-05-24 22:28:48 F4A91D985EB9D1D2717D538F3424603C 861184 ----a-w- C:\Windows\Sysnative\drivers\http.sys

2013-05-24 22:28:07 61FE70659CD43E07F94DA4DC31DEC493 805376 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys

2013-05-24 22:28:06 56218A571ECF8D55E0CDFF8DF2546CF1 623104 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys

2013-05-24 22:28:05 FD97DEF4D031A4D73A149C4A97375042 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys

2013-05-24 22:28:05 9E11EE0F2E117B2D5A835B2B91752827 27648 ----a-w- C:\Windows\Sysnative\drivers\hidusb.sys

2013-05-24 22:28:05 872E937681910E2456A054331C7D5A18 284424 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys

2013-05-24 22:28:05 61F6972FF9AC9A8D0B4D62076DC30051 83456 ----a-w- C:\Windows\Sysnative\drivers\wanarp.sys

2013-05-24 22:28:05 3730942D7DB2F8BB5F84542B7FF6F650 60416 ----a-w- C:\Windows\Sysnative\drivers\ndproxy.sys

2013-05-24 22:28:05 14FC338B80CFF7E04215133B568D15C4 247808 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys

2013-05-24 22:28:05 085F150D002B7F0153D3C06DDF33A143 95744 ----a-w- C:\Windows\Sysnative\drivers\hidbth.sys

2013-05-10 22:45:24 3D50891CAA71E3479A8A10F25CA9207F 352008 ----a-w- C:\Windows\Sysnative\drivers\cbfs3.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-05-01 19:59:28 -------- d-----w- C:\Program Files\adobe portable 2013-5

======= C:\Program Files (x86) =====

2013-05-09 20:30:26 -------- d-----w- C:\Program Files (x86)\Common Files\Magic Video Converter

2013-05-09 20:30:06 -------- d-----w- C:\Program Files (x86)\Magic Video Converter

2013-05-02 13:05:32 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe

2013-04-30 21:36:31 -------- d-----w- C:\Program Files (x86)\Adobe

======= C: =====

2013-05-01 20:10:39 E272C14D7D0782A0C252DB62CD9C409E 112 ---ha-w- C:\5C26FC92A9C2

====== C:\Users\Robbescheuten\AppData\Roaming ======

2013-05-09 22:09:16 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\dvdcss

2013-05-09 20:30:34 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Real

2013-05-02 13:05:32 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Adobe

2013-05-01 21:50:56 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\Adobe

2013-04-30 22:13:08 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Xilisoft

2013-04-30 22:13:05 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\Xilisoft

2013-04-30 21:54:01 -------- d-----we C:\users\Robbescheuten\AppData\Locallow\PlayReady

====== C:\Users\Robbescheuten ======

2013-05-25 22:22:42 -------- d-----w- C:\ProgramData\Zylom

2013-05-09 20:30:34 -------- d-----w- C:\ProgramData\Real

2013-05-09 20:30:32 -------- d-----w- C:\ProgramData\Apple Computer

2013-05-09 20:30:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Video Converter

====== C: exe-files ==

2013-05-28 20:48:09 98889B175B89C1A6BD413991C2FE88E8 331264 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003afc\updatus.16005495_RUNASUSER.exe

2013-05-28 19:40:22 2EF18E8F9DF5A2428AE212C92BCDCE86 450352 ----a-w- C:\Users\Robbescheuten\Pictures\FixitCenter_Run.exe

2013-05-25 11:30:30 0C3C9A77BCAB1B1AC89E451480833C42 1167872 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\TelegraafMediaNederland.DeTelegraaf_w8zgx0kmdem4w\AC\Microsoft\CLR_v4.0_32\NativeImages\Telegraaf.Win8\a863441842318fa8708a9b2ca53c694c\Telegraaf.Win8.ni.exe

2013-05-25 11:30:26 988A4F29997DDDA9ED6C92DDA9A9D97C 953344 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\DePersgroep.AD_jq644qkv4n918\AC\Microsoft\CLR_v4.0_32\NativeImages\Metro.Paper.Client\c65b87886d038ec6fe4bf2d7c8912a42\Metro.Paper.Client.ni.exe

2013-05-25 11:30:24 8E7833764AAD97758B71F7497B5418FC 415232 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\61768iRop.Regionieuws_t0qychrd0p8g4\AC\Microsoft\CLR_v4.0_32\NativeImages\Regionieuws\cd3661bbf5b81e32e839265ae40c3ec0\Regionieuws.ni.exe

2013-05-25 11:30:23 583004E42539751FADA268733239B7D0 681984 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\42414ArendMelissant.EssentialWeather_aspqep25jzha0\AC\Microsoft\CLR_v4.0_32\NativeImages\EssentialWeather\461b00c7af4144374176ca88cd247d78\EssentialWeather.ni.exe

2013-05-25 11:30:22 FEF6A82CC9B73604E3C9D8A02D91D11A 381952 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\39894WimHoek.Tuinieren_8zxhjnee5n5vw\AC\Microsoft\CLR_v4.0_32\NativeImages\Tuinieren\58d3e53a5222b452c8be1b295532ec6d\Tuinieren.ni.exe

2013-05-25 11:30:22 0DA9486473B29D6559B7E115DF770DFD 429056 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\35101NielsLaute.Regenmeter_ppjayf9g3ze9e\AC\Microsoft\CLR_v4.0_32\NativeImages\RegenmeterRT\207fb932c3f264d0ef8c8caf0021eda5\RegenmeterRT.ni.exe

2013-05-25 11:29:44 EFEACDD83ECD6A8C2253F0A8F0591939 1094656 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\SanomaMediaNetherlandsB.V.NU.nl_g20pnp589533g\AC\Microsoft\CLR_v4.0\NativeImages\NU.nl\74e20ecc221f7ff32af4eebc58814543\NU.nl.ni.exe

2013-05-25 11:29:34 AC4FBB34047D702B38D66596ABFE39FB 2900480 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Map\aa4afea7cfa6b0e816a021c8baf046cf\Map.ni.exe

2013-05-25 11:29:25 DBEEBAF04DA129E28B5E54660D166338 2208768 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\AC\Microsoft\CLR_v4.0\NativeImages\AccuWeatherMetro.UI\5545e950e7efb06c5f6c11276e4ec046\AccuWeatherMetro.UI.ni.exe

2013-05-24 22:30:28 E508A303148C549C28B5723699EF4552 51712 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-05-24 22:28:54 5544F876B3932D3D6ED67656B28228CF 112872 ----a-w- C:\Windows\System32\consent.exe

2013-05-24 22:28:08 9FDAA6957F04A6D1917463B7CBBEF88A 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe

2013-05-24 22:28:07 58C0CA86362B32ABC87E39A99013C75A 367616 ----a-w- C:\Windows\System32\conhost.exe

2013-05-24 22:28:07 4DD38C9F28B9A0D8B1635580E8DF7D86 302592 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe

2013-05-24 22:28:07 480FB2259449C49C630D4AC3EC1EB426 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\System32\winload.exe

2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\System32\Boot\winload.exe

2013-05-24 22:28:06 205162CCEBA17B54C6A7788C31726E95 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe

2013-05-24 22:28:06 09B2F3A41C6A8BFA22640826F70E9810 253544 ----a-w- C:\Windows\System32\audiodg.exe

2013-05-24 22:28:06 031397F2F9B2445CD901C8694E4012FD 670208 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe

2013-05-24 22:28:05 C043356858B65CEC5B751CE74F013125 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe

2013-05-24 22:28:05 BB208BC1082B114AFBBE6CCBE42AA6CA 171008 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe

2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\System32\winresume.exe

2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\System32\Boot\winresume.exe

2013-05-24 22:28:05 5EAC1240B4699EC313C69FCADC5F457A 126464 ----a-w- C:\Windows\System32\Robocopy.exe

2013-05-24 22:28:05 3EA778FE9D9B56E67C0783A63C4B142E 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2013-05-24 22:27:59 59ADE56B6D7F9392ACBAD9641AE03CD4 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-05-24 22:17:45 4DE637AC4849A781DDA6095547F9CC4F 175928 ----a-w- C:\Users\Robbescheuten\AppData\Local\Apps\2.0\EJL2P913.KLO\R1P7P7A7.BVV\scan..tion_9729c35283d7424a_0001.000f_b25f94c03cf4097c\ScanCircle.exe

2013-05-23 20:44:13 C2137A6CDD700265969E81DFBC07CA3C 330688 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003a39\updatus.15869751_RUNASUSER.exe

2013-05-22 20:43:26 F4FC5C803AC4BF4970587EE92E60B24B 330136 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003989\updatus.15840555_RUNASUSER.exe

=== C: other files ==

2013-05-29 16:02:30 9FB325E90DA3FB1B79430730AA5EE3CA 10628359 ----a-w- C:\Users\Public\Desktop\sample_29-05-2013_1802.zip

2013-05-29 15:55:40 850B5AB0E1DAAC6F17E4402F0BCD3DCB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2617873385-1771127311-2925833956-1002\$IZ39SH5.zip

2013-05-24 22:30:06 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 1455368 ----a-w- C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-24 22:28:48 F4A91D985EB9D1D2717D538F3424603C 861184 ----a-w- C:\Windows\System32\Drivers\http.sys

2013-05-24 22:28:09 80E66F3F18603523585AF96B43D7945A 4038144 ----a-w- C:\Windows\System32\win32k.sys

2013-05-24 22:28:07 61FE70659CD43E07F94DA4DC31DEC493 805376 ----a-w- C:\Windows\System32\Drivers\PEAuth.sys

2013-05-24 22:28:06 56218A571ECF8D55E0CDFF8DF2546CF1 623104 ----a-w- C:\Windows\System32\Drivers\srv2.sys

2013-05-24 22:28:05 FD97DEF4D031A4D73A149C4A97375042 83968 ----a-w- C:\Windows\System32\Drivers\hidclass.sys

2013-05-24 22:28:05 9E11EE0F2E117B2D5A835B2B91752827 27648 ----a-w- C:\Windows\System32\Drivers\hidusb.sys

2013-05-24 22:28:05 872E937681910E2456A054331C7D5A18 284424 ----a-w- C:\Windows\System32\Drivers\spaceport.sys

2013-05-24 22:28:05 61F6972FF9AC9A8D0B4D62076DC30051 83456 ----a-w- C:\Windows\System32\Drivers\wanarp.sys

2013-05-24 22:28:05 3730942D7DB2F8BB5F84542B7FF6F650 60416 ----a-w- C:\Windows\System32\Drivers\ndproxy.sys

2013-05-24 22:28:05 14FC338B80CFF7E04215133B568D15C4 247808 ----a-w- C:\Windows\System32\Drivers\srvnet.sys

2013-05-24 22:28:05 085F150D002B7F0153D3C06DDF33A143 95744 ----a-w- C:\Windows\System32\Drivers\hidbth.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"TpScrex"="C:\ProgramData\TpScrex\TpScrex.exe /somering"

"Browser Infrastructure Helper"="C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"PowerDVD12DMREngine"="C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"

"PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"

"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

"SonneDVDCreator"="C:\Program Files (x86)\Magic Video Converter\dc.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"TpScrex"="C:\ProgramData\TpScrex\TpScrex.exe /somering"

"Browser Infrastructure Helper"="C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

"Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice"

==== Startup Folders ======================

2013-03-22 20:47:04 1116 ----a-w- C:\users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default

ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11

9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ

B3BA4E18594082F88D9013CC8C080855 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

2147C8ED020B1CE3B82BBDD3C49C8F81 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{9DD089FE-3DBF-407D-97C1-B219EA7CE64C}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{9DD089FE-3DBF-407D-97C1-B219EA7CE64C} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9DD089FE-3DBF-407D-97C1-B219EA7CE64C} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [MS]

TpScrex = C:\ProgramData\TpScrex\TpScrex.exe /somering [file not found]

Browser Infrastructure Helper = C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup [file not found]

RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [MS]

Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" [MS]

Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [MS]

Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]

Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [MS]

BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS]

egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [ESET]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}

HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]

(Default) = (empty string) [file not found]

PowerDVD12DMREngine = "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [CyberLink]

PowerDVD12Agent = "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [CyberLink Corp.]

LWS = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [Logitech Inc.]

SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]

Wondershare Helper Compact.exe = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [file not found]

SonneDVDCreator = C:\Program Files (x86)\Magic Video Converter\dc.exe [MagicVideoSoftware Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO

-> {HKLM...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]

-> {HKLM...Wow...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}\(Default) = EmailBHO

-> {HKLM...Wow...CLSID} = jZip Webmail plugin

\InProcServer32\(Default) = C:\Program Files (x86)\jZip\WebmailPlugin.dll [Discordia Limited]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO

-> {HKLM...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]

-> {HKLM...Wow...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}

-> {HKCU...CLSID} = UpToDateOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}

-> {HKCU...CLSID} = SyncingOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}

-> {HKCU...CLSID} = ErrorOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}

-> {HKLM...CLSID} = VSMntNtfOverlayIcon Class

\InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}

-> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}

-> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}

-> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}

-> {HKLM...Wow...CLSID} = VSMntNtfOverlayIcon Class

\InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM...CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension

-> {HKLM...CLSID} = Werkruimten

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search

-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}

-> {HKLM...CLSID} = ImageExtractorShellExt Class

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}

-> {HKLM...CLSID} = CInfoTipShellExt Class

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar

-> {HKLM...CLSID} = Groove Folder Synchronization

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler

-> {HKLM...CLSID} = Groove GFS Stub Icon Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler

-> {HKLM...CLSID} = Groove XML Icon Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler

-> {HKLM...CLSID} = Microsoft Outlook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler

-> {HKLM...CLSID} = Outlook File Icon Extension

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{86D38419-E3B2-464e-9B78-7652D9802E04} = ArtRage Painting Thumbnail Handler

-> {HKLM...CLSID} = ArtRage Painting Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\AR3Thumb64.dll [Ambient Design Ltd]

{B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension

-> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET]

{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension

-> {HKLM...CLSID} = RUShellExt Class

\InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group]

{5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler

-> {HKLM...Wow...CLSID} = NeroDigitalIconHandler Class

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG]

{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler

-> {HKLM...Wow...CLSID} = NeroDigitalPropSheetHandler Class

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar

-> {HKLM...Wow...CLSID} = Groove Folder Synchronization

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler

-> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler

-> {HKLM...Wow...CLSID} = Groove XML Icon Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext

-> {HKLM...Wow...CLSID} = Ondernemingsprojecten

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension

-> {HKLM...Wow...CLSID} = Werkruimten

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{5D607245-F832-4faa-9C92-895B7E06CFCF} = ArtRage Painting Thumbnail Handler

-> {HKLM...Wow...CLSID} = ArtRage Painting Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\AR3Thumb.dll [Ambient Design Ltd]

{EAC179B1-B2AD-4695-902B-43D77A3D8D11} = Easy Poster Printer Thumbnail

-> {HKCU...Wow...CLSID} = Easy_Poster_Printer.ThumbnailProvider

\InProcServer32\(Default) = mscoree.dll [MS]

{B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension

-> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET]

{5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55}

-> {HKLM...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55}

-> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> AppInit_DLLs = C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [NVIDIA Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> AppInit_DLLs = c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}

-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}

-> {HKLM...CLSID} = HxProtocol Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}

-> {HKCU...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

-> {HKCU...Wow...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Corel PaintShop Pro X5\(Default) = {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8}

-> {HKLM...CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [Corel Software, Inc.]

ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}

-> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET]

-> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET]

jZip\(Default) = {E677C7AD-2B66-4539-AA29-3771A1CFEDA9}

-> {HKLM...Wow...CLSID} = jZipShellExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\jZip\jZipShell.dll [Discordia Limited]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}

-> {HKCU...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

-> {HKCU...Wow...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Corel PaintShop Pro X5\(Default) = {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8}

-> {HKLM...CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [Corel Software, Inc.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}

-> {HKCU...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS]

-> {HKCU...Wow...CLSID} = SkyDriveEx

\InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}

-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension

\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler

-> {HKLM...Wow...CLSID} = NeroDigitalColumnHandler Class

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D}

-> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET]

-> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension

\InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET]

jZip\(Default) = {E677C7AD-2B66-4539-AA29-3771A1CFEDA9}

-> {HKLM...Wow...CLSID} = jZipShellExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\jZip\jZipShell.dll [Discordia Limited]

RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}

-> {HKLM...CLSID} = RUShellExt Class

\InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoRun = (REG_DWORD) dword:0x00000000

{unrecognized setting}

NoControlPanel = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableCursorSuppression = (REG_DWORD) dword:0x00000001

{unrecognized setting}

DisableTaskMgr = (REG_DWORD) dword:0x00000000

{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Users\Robbescheuten\Pictures\wallpaper\aurora_2-wallpaper-1920x1080.jpg

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AcerClearfiMediaAutoPlayMOVIE\

Provider = Acer

InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay

InvokeVerb = open

HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MOVIE [Acer Incorporated]

AcerClearfiMediaAutoPlayMUSIC\

Provider = Acer

InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay

InvokeVerb = open

HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MUSIC [Acer Incorporated]

ASHAshampoo_Burning_Studio_10BURNONARRIVAL\

Provider = Ashampoo Burning Studio 10

InvokeProgID = Ashampoo.BurningStudio10

InvokeVerb = autoplay-burn

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" [Ashampoo]

ASHAshampoo_Burning_Studio_10COPYONARRIVAL\

Provider = Ashampoo Burning Studio 10

InvokeProgID = Ashampoo.BurningStudio10

InvokeVerb = autoplay-copy

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -copy [Ashampoo]

ASHAshampoo_Burning_Studio_10RIPONARRIVAL\

Provider = Ashampoo Burning Studio 10

InvokeProgID = Ashampoo.BurningStudio10

InvokeVerb = autoplay-rip

HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -rip [Ashampoo]

CanonMPNEX50PictureOnArrival\

Provider = MP Navigator EX Ver5.0

InvokeProgID = MPNavigatorEX50.AutoplayHandler

InvokeVerb = open

HKLM\SOFTWARE\Classes\MPNavigatorEX50.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe /AUTOPLAY %1 [CANON INC.]

Corel PaintShop Pro X5ShowPicturesOnArrivalHandler\

InvokeProgID = PaintShopProX5.Image

InvokeVerb = Overzicht

HKLM\SOFTWARE\Classes\PaintShopProX5.Image\shell\Overzicht\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%1" [Corel, Inc.]

ExpressBurn.AutoPlay\

Provider = Express Burn

InvokeProgID = ExpressBurn.AutoPlay

InvokeVerb = open

HKLM\SOFTWARE\Classes\ExpressBurn.AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe [NCH Software]

MagicUSBCable\

Provider = @%windir%\system32\migwiz\wet.dll,-588

CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}

-> {HKLM...CLSID} = Magic USB Cable Class ID

\LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS]

MSFhConfigBackup\

Provider = @C:\Windows\system32\fhautoplay.dll,-100

InvokeProgID = FHConfig.AutoPlayHandler

InvokeVerb = config

HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.AudioCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.DVD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\

Provider = @C:\Windows\system32\shell32.dll,-17411

ProgID = Shell.Autoplay

InitCmdLine = PromptEachTime

HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}

-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\

Provider = @C:\Windows\system32\shell32.dll,-17411

ProgID = Shell.Autoplay

InitCmdLine = PromptEachTimeNoContent

HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}

-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSWMPBurnCDOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.BurnCD

InvokeVerb = Burn

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

MSWPDNetworkConfigHandler\

Provider = @C:\Windows\system32\wpdshext.dll,-503

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

MXFotomakerBrowseOnArrival\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.Brws

InvokeVerb = Brws

HKLM\SOFTWARE\Classes\Magix.Fotomaker.Brws\shell\Brws\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX]

MXFotomakerBurningCDArrival\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.Burn

InvokeVerb = Burn

HKLM\SOFTWARE\Classes\Magix.Fotomaker.Burn\shell\Burn\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" [MAGIX]

MXFotomakerHandleMTP\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.

InvokeVerb =

HKLM\SOFTWARE\Classes\Magix.Fotomaker.\shell\\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" [MAGIX]

MXFotomakerImportPicturesOnArrival\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.ImportPic

InvokeVerb = ImportPic

HKLM\SOFTWARE\Classes\Magix.Fotomaker.ImportPic\shell\ImportPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /k "%1" [MAGIX]

MXFotomakerPlayVideoOnArrival\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.PlayV

InvokeVerb = PlayV

HKLM\SOFTWARE\Classes\Magix.Fotomaker.PlayV\shell\PlayV\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX]

MXFotomakerShowPicturesOnArrival\

Provider = MAGIX Digital Foto Maker 9

InvokeProgID = Magix.Fotomaker.ShwPic

InvokeVerb = ShwPic

HKLM\SOFTWARE\Classes\Magix.Fotomaker.ShwPic\shell\ShwPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX]

PowerDVD12.0PlayBluRayOnArrival\

Provider = PowerDVD 12

InvokeProgID = BluRay

InvokeVerb = PlayWithPowerDVD12.0

HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY BD "%L" [CyberLink Corp.]

PowerDVD12.0PlayCDAudioOnArrival\

Provider = PowerDVD 12

InvokeProgID = AudioCD

InvokeVerb = PlayWithPowerDVD12.0

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY CD "%L" [CyberLink Corp.]

PowerDVD12.0PlayDVDMovieOnArrival\

Provider = PowerDVD 12

InvokeProgID = DVD

InvokeVerb = PlayWithPowerDVD12.0

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY DVD "%L" [CyberLink Corp.]

PowerDVD12.0PlaySuperVideoCDMovieOnArrival\

Provider = PowerDVD 12

InvokeProgID = SVCD

InvokeVerb = PlayWithPowerDVD12.0

HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.]

PowerDVD12.0PlayVideoCDMovieOnArrival\

Provider = PowerDVD 12

InvokeProgID = VCD

InvokeVerb = PlayWithPowerDVD12.0

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.]

VLCPlayCDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.CDAudio

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.DVDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.SVCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.VCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WIA_{318E669C-9060-4020-9907-243E8A674815}\

Provider = Photoshop

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Adobe\Photoshop Elements 11\PhotoshopElementsEditor.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{51BD566E-A02D-4387-9A82-D929EA8C20B0}\

Provider = MAGIX Foto Manager 9

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaClsid;{51BD566E-A02D-4387-9A82-D929EA8C20B0};

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{794D8CD9-9B5D-4EEC-A723-314701919B20}\

Provider = MP Navigator EX Ver5.0

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Robbescheuten" & "All Users" startup folders:

---------------------------------------------------------------

C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}

Logitech . Productregistratie -> shortcut to: C:\Program Files (x86)\Logitech\Ereg\eReg.exe /remind /language=NLD /_WFM="." [Leader Technologies/Logitech]

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

0 -> launches: c:\program files\internet explorer\iexplore.exe [MS]

4801 -> launches: wscript.exe C:\Users\ROBBES~1\AppData\Local\Temp\launchie.vbs //B [MS]

ALU -> launches: C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto [null data]

ALUAgent -> launches: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [null data]

CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]

CreateChoiceProcessTask -> launches: C:\Windows\BrowserChoice\browserchoice.exe /launch [MS]

Hotkey Utility -> launches: "C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [Acer Incorporated]

Optimize Start Menu Cache Files-S-1-5-21-2617873385-1771127311-2925833956-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS]

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS]

Power Management -> launches: "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" [Acer Incorporated]

Scheduled Update for Ask Toolbar -> launches: C:\Program Files (x86)\Ask.com\UpdateTask.exe [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework

.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = mscoree.dll [MS]

.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID

SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}

-> {HKLM...CLSID} = Windows SmartScreen Task Handler

\InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

-> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler

\InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent /increment [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData

CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk

ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}

-> {HKLM...CLSID} = Proactive Scan

\InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}

-> {HKLM...CLSID} = BthSQM

\InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS]

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM...CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

-> {HKLM...Wow...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan

Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}

-> {HKLM...CLSID} = Data Integrity Scan

\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup

Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}

-> {HKLM...CLSID} = DsmRefreshTask Class

\InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory

File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}

-> {HKLM...CLSID} = FhTaskHandler Class

\InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D

-> {HKLM...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}

-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler

\InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}

-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler

\InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts

MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM...CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg

BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}

-> {HKLM...CLSID} = Binding Engine Task Handler

\InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]

-> {HKLM...Wow...CLSID} = Binding Engine Task Handler

\InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack

BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371}

-> {HKLM...CLSID} = PerfTrack TaskHandler class

\InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PI

Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}

-> {HKLM...CLSID} = TPM Maintenance Task Handler

\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}

-> {HKLM...CLSID} = TPM Maintenance Task Handler

\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play

Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}

-> {HKLM...CLSID} = Device Installation Group Policy Task Handler

\InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]

Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}

-> {HKLM...CLSID} = Device Installation Reboot Dialog Task

\InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]

Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM...CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM...CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servicing

StartComponentCleanup -> launches: dism.exe /online /cleanup-image /startcomponentcleanup /asynchronous [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync

BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}

-> {HKLM...CLSID} = Delayed Background Upload Task Handler

\InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]

-> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler

\InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}

-> {HKLM...CLSID} = Shell Create Object Task Delegate

\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

-> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate

\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]

FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}

-> {HKLM...CLSID} = FamilySafety.WebSync

\InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]

IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}

-> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby

\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

-> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby

\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM...CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform

SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}

-> {HKLM...CLSID} = SppSvcRestartTaskHandler Class

\InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

-> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class

\InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort

SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain

WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

-> {HKLM...Wow...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler

Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}

-> {HKLM...CLSID} = Maintenance Launcher Handler

\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}

-> {HKLM...CLSID} = Maintenance Configurator

\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}

-> {HKLM...CLSID} = Maintenance Launcher Handler

\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}

-> {HKLM...CLSID} = Maintenance Launcher Handler

\InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}

-> {HKLM...CLSID} = Time Synchronization Task Handler

\InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM

Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}

-> {HKLM...CLSID} = TPM Maintenance Task Handler

\InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate

Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

-> {HKLM...Wow...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WS

Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}

-> {HKLM...CLSID} = WinStore Tile Badge Updater

\InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]

License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]

Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}

-> {HKLM...CLSID} = WinStore License Sync task

\InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]

WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]

WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-2617873385-1771127311-2925833956-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Verzenden naar OneNote

MenuText = &Verzenden naar OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\

ButtonText = &Gekoppelde notities van OneNote

MenuText = &Gekoppelde notities van OneNote

CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}

-> {HKLM...CLSID} = Linked Notes button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Verzenden naar OneNote

MenuText = &Verzenden naar OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\

ButtonText = &Gekoppelde notities van OneNote

MenuText = &Gekoppelde notities van OneNote

CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}

-> {HKLM...Wow...CLSID} = Linked Notes button

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

ArcSoft Exchange Service, ADExchange, C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [ArcSoft, Inc.]

CCDMonitorService, CCDMonitorService, C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [Acer Incorporated]

Classic Shell Service, ClassicShellService, "C:\Program Files\Classic Shell\ClassicShellService.exe" [ivoSoft]

CLHNServiceForPowerDVD12, CLHNServiceForPowerDVD12, C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [CyberLink Corp.]

CyberLink PowerDVD 12 Media Server Monitor Service, CyberLink PowerDVD 12 Media Server Monitor Service, "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" [CyberLink]

CyberLink PowerDVD 12 Media Server Service, CyberLink PowerDVD 12 Media Server Service, "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" [CyberLink]

ePower Service, ePowerSvc, "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [Acer Incorporated]

ESET Service, ekrn, "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [ESET]

FABS - Helping agent for MAGIX media database, Fabs, C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX© AG]

IconMan_R, IconMan_R, "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe" [Realsil Microelectronics Inc.]

Intel® Capability Licensing Service Interface, Intel® Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [intel® Corporation]

Intel® Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [intel Corporation]

Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation]

Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [intel Corporation]

NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation]

NVIDIA Stereoscopic 3D Driver Service, Stereo Service, C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [NVIDIA Corporation]

NVIDIA Update Service Daemon, nvUpdatusService, C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [NVIDIA Corporation]

Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]

Protexis Licensing V2, PSI_SVC_2, "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.]

Wacom Consumer Service, WTabletServiceCon, C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [Wacom Technology, Corp.]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS,

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor MG6200 series\Driver = CNMLMAU.DLL [CANON INC.]

Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]

Virtual Monitor\Driver = C:\Windows\SysWOW64\LPPMn06u.DLL [LEAD Technologies, Inc.]

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Robbescheuten\AppData\Local\Mozilla\Firefox\Profiles\5l2ur4u4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ROBBES~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 29-05-2013 at 18:10:55,11 ======================

Link naar reactie
Delen op andere sites

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht als bijlage.

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.