Mededeling

Collapse
No announcement yet.

Map genaamd sh4ldr opeens op C-schijf

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Map genaamd sh4ldr opeens op C-schijf

    Op de root van de C-schijf tref ik opeens een map aan die sh4ldr heet. Googlen wijst richting een besmetting. Daarom de vraag of ik me hier echt zorgen over moet maken. Verwijderen via "delete" zou niet lukken, wat ik zo lees. Ik gebruik Windows 8.1.
    Onderstaand de logfiles:

    Malware:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 21-12-2014
    Scantijd: 11:52:37
    Logbestand: mwablog20141221.txt
    Beheerder: Ja

    Versie: 2.00.4.1028
    Malwaredatabase: v2014.12.21.02
    Rootkitdatabase: v2014.12.14.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 8.1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Gerheuts

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 344362
    Verstreken Tijd: 4 m, 38 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 1
    PUP.Optional.InstallCore, C:\Users\Gerheuts\AppData\Local\Temp\661250.Uninstall\uninstaller.exe, In Quarantaine, [dc9a3a2b5c2079bdc9b59665fa07ca36],

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    Hier de logfile van Adw Clean:

    # AdwCleaner v4.105 - Rapport aangemaakt 21/12/2014 op 12:03:26
    # Laatste Update 08/12/2014 door Xplode
    # Database : 2014-12-21.1 [Live]
    # Besturingssysteem : Windows 8.1 Pro (64 bits)
    # Gebruikersnaam : Gerheuts - GER
    # Gestart vanuit : C:\Users\Gerheuts\Desktop\adwcleaner_4.105.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    [#] Map Verwijderd : C:\Program Files (x86)\common files\system
    Map Verwijderd : C:\Program Files\common files\system

    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    *************************

    AdwCleaner[R0].txt - [4548 octets] - [13/12/2014 20:21:56]
    AdwCleaner[R1].txt - [1173 octets] - [21/12/2014 09:43:56]
    AdwCleaner[R2].txt - [1310 octets] - [21/12/2014 12:02:29]
    AdwCleaner[S0].txt - [5143 octets] - [13/12/2014 20:24:23]
    AdwCleaner[S1].txt - [1246 octets] - [21/12/2014 10:09:22]
    AdwCleaner[S2].txt - [1238 octets] - [21/12/2014 12:03:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1298 octets] ##########


    En tenslotte de logfile van E-Peek:

    E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2014
    E Dev
    Run at zo 21 dec 2014 12:06
    .
    Windows 8.1 Professional (64 bits)
    C:\Windows [NTFS - Fixed]
    Default Browser: Internet Explorer
    Boot mode: Normal boot
    User logged in: Gerheuts
    .
    Java x86: n/a
    Java x64: n/a
    .
    AV : Windows Defender [Updated - Running]
    AS : Windows Defender [Updated - Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    21-12-2014 ##### r-h-s-d+a- C:\Users\Gerheuts\AppData\Roaming\E Dev
    21-12-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev

    Files Modified Last 7 days :

    21-12-2014 01823174 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
    21-12-2014 00805462 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
    21-12-2014 00722278 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
    21-12-2014 00161964 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
    21-12-2014 00135394 r-h-s-d-a+ C:\Windows\system32\perfc009.dat

    Files Created Last 7 days :

    17-12-2014 00032400 r-h-s-d-a+ C:\Windows\SysWOW64\nvaudcap32v.dll
    16-12-2014 00146432 r-h-s-d-a+ C:\Windows\system32\poqexec.exe
    16-12-2014 00129536 r-h-s-d-a+ C:\Windows\SysWOW64\poqexec.exe

    ==================== RUNNING PROCESSES =========================================

    [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
    [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)
    [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD)
    [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
    [CloneCDTray] -Gerheuts- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe - (SlySoft, Inc.)
    [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
    [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
    [dwm] -DWM-1- C:\Windows\system32\dwm.exe - (Microsoft Corporation)
    [explorer] -Gerheuts- C:\Windows\Explorer.EXE - (Microsoft Corporation)
    [FlashUtil_ActiveX] -Gerheuts- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe - (Adobe Systems Incorporated)
    [FreemakeUtilsService] -SYSTEM- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe - (Freemake)
    [GfExperienceService] -SYSTEM- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe - (NVIDIA Corporation)
    [iexplore] -Gerheuts- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation)
    [iexplore] -Gerheuts- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation)
    [igfxCUIService] -SYSTEM- C:\Windows\system32\igfxCUIService.exe - (Intel Corporation)
    [igfxEM] -Gerheuts- C:\Windows\system32\igfxEM.exe - (Intel Corporation)
    [livecomm] -Gerheuts- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
    [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
    [LWEMon] -Gerheuts- C:\Program Files\Logitech\Gaming Software\LWEMon.exe - (Logitech Inc.)
    [MpCmdRun] -NETWORK SERVICE- C:\Program Files\Windows Defender\MpCmdRun.exe - (Microsoft Corporation)
    [MsMpEng] -SYSTEM- C:\Program Files\Windows Defender\MsMpEng.exe - (MsMpEng.exe)
    [NvBackend] -Gerheuts- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
    [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
    [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
    [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
    [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
    [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
    [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
    [OSPPSVC] -NETWORK SERVICE- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE - (Microsoft Corporation)
    [PresentationFontCache] -LOCAL SERVICE- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
    [RuntimeBroker] -Gerheuts- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
    [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
    [SettingSyncHost] -Gerheuts- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
    [SkyDrive] -Gerheuts- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
    [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
    [sppsvc] -NETWORK SERVICE- C:\Windows\System32\sppsvc.exe - (sppsvc.exe)
    [Start8_64] -SYSTEM- C:\Program Files (x86)\Stardock\Start8\Start8_64.exe - (Stardock Software, Inc)
    [Start8Config] -Gerheuts- C:\Program Files (x86)\Stardock\Start8\Start8Config.exe - (Stardock Software)
    [Start8Srv] -SYSTEM- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe - (Stardock Software, Inc)
    [taskhostex] -Gerheuts- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
    [TiWorker] -SYSTEM- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe - (Microsoft Corporation)
    [TrustedInstaller] -SYSTEM- C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation)
    [Updater] -SYSTEM- C:\Program Files (x86)\Popcorn Time\Updater.exe - (Company)
    [VSSVC] -SYSTEM- C:\Windows\system32\vssvc.exe - (Microsoft Corporation)
    [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
    [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
    Start Page = www.google.com
    Local Page = C:\Windows\SysWOW64\blank.htm
    Default_Page_URL = www.google.com
    Default_Search_URL = www.google.com
    Search Page = www.google.com

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
    => HKCR\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InProcServer32 DefaultC:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

    ==================== IE PAGES x64 ==============================================

    HKLM\Software\Microsoft\Internet Explorer\Main
    Start Page = www.google.com
    Local Page = C:\Windows\System32\blank.htm
    Default_Page_URL = www.google.com
    Default_Search_URL = www.google.com
    Search Page = www.google.com

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
    => HKCR\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InProcServer32 DefaultC:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

    ==================== Auto Load =================================================

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = userinit.exe,
    Shell = explorer.exe

    ==================== Auto Load x64 =============================================

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\Windows\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Windows Host File =========================================


    ==================== BHO =======================================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {00C6482D-C502-44C8-8409-FCE54AD9C208}
    HKCR\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208} Default = SnagIt Toolbar Loader
    => HKCR\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\InProcServer32 Default = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
    => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
    => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    ==================== BHO x64 ===================================================

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {00C6482D-C502-44C8-8409-FCE54AD9C208}
    HKCR\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208} Default = SnagIt Toolbar Loader
    => HKCR\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\InProcServer32 Default = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
    => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
    => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

    ==================== Auto Start Programs =======================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AdobeCS6ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    CloneCDTray = "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    EPSON Stylus Photo R285 = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S5B63.tmp" /EF "HKCU"

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
    Adobe Speed Launcher = 1419159859

    ==================== Auto Start Programs x64 ===================================

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    Start WingMan Profiler = C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
    AdobeAAMUpdater-1.0 = 3
    NvBackend = 2
    ShadowPlay = 2
    Start WingMan Profiler = 2
    Adobe ARM = 2
    AdobeCS6ServiceManager = 2
    BCSSync = 2
    StartCCC = 2
    SwitchBoard = 2
    RUN.CMD = 4
    Snagit 10.lnk = 3

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    EPSON Stylus Photo R285 = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S5B63.tmp" /EF "HKCU"

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Adobe Speed Launcher = 1419159859

    CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
    ==================== Extra Items IE ============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Extra Items IE x64 ========================================

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Internet Default Prefix ===================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Internet Default Prefix x64 ===============================

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Protocol Hijackers ========================================

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown


    ==================== Protocol Hijackers x64 ====================================

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown


    ==================== ShellServiceObjectDelayLoad ===============================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== ShellServiceObjectDelayLoad x64 =========================

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== Extra (Torpig/ConduitSearch) ==============================

    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
    SERV - R2 - [Freemake Improver] - Freemake Improver - c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe
    SERV - R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe
    SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
    SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
    SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
    SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
    SERV - R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - R2 - [Start8] - Stardock Start8 - c:\program files (x86)\stardock\start8\start8srv.exe
    SERV - R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
    SERV - R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
    SERV - R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
    SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - R3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S2 - [Service KMSELDI] - Service KMSELDI - c:\program files\kmspico\service_kms.exe
    SERV - S2 - [SpyHunter 4 Service] - SpyHunter 4 Service - c:\program files\enigma software group\spyhunter\sh4service.exe [x]
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
    SERV - S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

    *** Win32ShareProcess ***

    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    DRV - R0 - [WdFilter] - Windows Defender Mini-Filter Driver - C:\Windows\system32\Drivers\WdFilter.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
    DRV - R0 - [storahci] - Microsoft Standaard SATA AHCI-stuurprogramma - C:\Windows\system32\Drivers\storahci.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    DRV - S0 - [WdBoot] - Windows Defender Boot Driver - C:\Windows\system32\Drivers\WdBoot.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    WOW x64 - All Ok

    ==================== SvcHost x64 - White Listed ================================

    All Ok

    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks at C:\Windows\Tasks =============================

    C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


    ==================== Job tasks at C:\Windows\system32\Tasks ====================

    C:\Windows\system32\Tasks\[email protected] 3498 bytes [ 5-7-2014 10:42:32 ]
    => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    C:\Windows\system32\Tasks\CreateChoiceProcessTask 3546 bytes [ 8-6-2014 21:33:54 ]
    => C:\Windows\BrowserChoice\browserchoice.exe

    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3569473851-2412082960-3330132248-1001 3600 bytes [ 8-6-2014 21:38:59 ]

    C:\Windows\system32\Tasks\SpyHunter4Startup 3328 bytes [ 13-12-2014 19:28:18 ]
    => "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"

    C:\Windows\system32\Tasks\User_Feed_Synchronization-{38142201-73FF-4452-BDAE-0FF63C93BFA6} 3950 bytes [ 8-6-2014 21:49:32 ]
    => C:\Windows\system32\msfeedssync.exe


    ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

    There are no .job files found.

    ==================== End scanning at zo 21 dec 2014 12:06 (0 Min 6 Sec ) =======

  • #2
    momentje

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
      Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
      (hier en hier) kan je lezen hoe je dat doet.

      Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
      • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
        Code:
        emptyclsid;
        C:\sh4ldr;sf
        shortcutfix;
        emptyfolderscheck;
        firefoxlook; 
        Chromelook; 
        CHRdefaults;
        autoclean; 
        iedefaults; 
        filesrcm;  
        startupall;
        resetieproxy;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Ik krijg de bijlage er niet in...zoek.txt . Ik doe iets fout, maar wat? Of is het zo toch goed?

        Comment


        • #5
          Toch goed, hoe gaat het nu .

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Geen idee hoe het gaat, maar de map staat er nog steeds. Er is nu ook een map zoek_backup bijgekomen en een tekstbestandje zoek-results.

            Comment


            • #7
              Download ZHPDiag naar het bureaublad.

              Antivirussoftware uitschakelen
              Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

              ZHPDiag installeren
              • Dubbelklik op zhpdiag.exe om de installatie te starten.
              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
              • Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
              • Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.


              ZHPDiag uitvoeren
              Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
              • Dubbelklik op de snelkoppeling met de naam ZHPDiag
              • Het startvenster verschijnt, klik nu op "Configureren".
              • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het icoontje "Sélectionner une langue" en kies "Néerlandais".
              • Klik daarna links onderaan op het icoontje "Diagnosemogelijkheden".
              • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.


              ZHPDiag.txt logbestand plaatsen
              • Voeg het logbestand met de naam "ZHPDiag.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op het bureaublad.)

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Hier het tekstbestandje van ZHP Diag.
                Bijgevoegde Bestanden

                Comment


                • #9
                  Kopieer onderstaande code volledig:

                  Code:
                  Script ZHPFix
                  
                  
                  [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI]   =>PUP.KMSpico^
                  [HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service]   =>Crapware.SpyHunter^
                  [HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]   =>Toolbar.Ask
                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico   =>PUP.KMSpico^
                  D:\eMule\emule.exe   =>P2P.eMule^
                  
                  shortcutfix
                  emptytemp
                  emptyflash
                  Antivirussoftware uitschakelen
                  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPFix.

                  ZHPFix uitvoeren
                  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
                  • Dubbelklik de snelkoppeling ZHPFix op het bureaublad.
                  • Druk op de knop "Import"
                  • Druk daarna onderaan op de knop "Go".
                  • Wacht nu geduldig af tot er een logje opent


                  ZHPFix logbestand plaatsen.
                  • Voeg het logbestand met de naam "ZPHFix[r1].txt" als bijlage toe aan het volgende bericht.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    ps. ik zie nergens sh4ldr staan in de logjes, kan je aangeven waar het gevonden wordt ?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      In de bijlage het rapportje:
                      In de tweede bijlage een print van de C-schijf. Alles onder de map Windows was er eerst niet, overigens.
                      Bijgevoegde Bestanden

                      Comment


                      • #12
                        Start zoek.exe opnieuw aub.

                        Klik op de knop "Options" en vink nu de onderstaande opties aan.

                        Code:
                        Running processes
                        Recently Created
                        Startup Information
                        Installed Programs
                        Silent Runners
                        klik op run
                        Plaats de uitslag aub.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          In drie delen, want ik mag maar 50000 tekens gebruiken en het zijn er behoorlijk meer.

                          Zoek.exe v5.0.0.0 Updated 22-12-2014
                          Tool run by Gerheuts on ma 22-12-2014 at 18:55:19,70.
                          Microsoft Windows 8.1 Pro 6.3.9600 x64
                          Running in: Normal Mode Internet Access Detected
                          Launched: C:\Users\Gerheuts\Desktop\zoek.exe [Scan all users] [Checkboxes used]

                          ==== Older Logs ======================

                          C:\zoek-results2014-12-21-132852.log 84787 bytes

                          ==== Running Processes ======================

                          C:\Windows\system32\wininit.exe
                          C:\Windows\system32\lsass.exe
                          C:\Windows\system32\svchost.exe -k DcomLaunch
                          C:\Windows\system32\svchost.exe -k RPCSS
                          C:\Windows\system32\nvvsvc.exe
                          C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                          C:\Windows\system32\atiesrxx.exe
                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                          C:\Windows\system32\svchost.exe -k netsvcs
                          C:\Windows\system32\svchost.exe -k LocalService
                          C:\Windows\system32\igfxCUIService.exe
                          C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
                          C:\Windows\system32\svchost.exe -k NetworkService
                          C:\Windows\System32\spoolsv.exe
                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                          C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
                          C:\Windows\system32\dashost.exe
                          C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
                          C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Windows\system32\svchost.exe -k imgsvc
                          C:\Program Files (x86)\Popcorn Time\Updater.exe
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Windows\system32\conhost.exe
                          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                          C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                          C:\Windows\system32\SearchIndexer.exe
                          C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                          C:\Windows\System32\WinLogon.exe
                          C:\Windows\System32\dwm.exe
                          C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
                          C:\Windows\system32\atieclxx.exe
                          C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                          C:\Windows\system32\nvvsvc.exe
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Windows\system32\conhost.exe
                          C:\Windows\system32\taskhostex.exe
                          C:\Windows\Explorer.EXE
                          C:\Windows\system32\igfxEM.exe
                          C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.ex e
                          C:\Program Files (x86)\Stardock\Start8\Start8Config.exe
                          C:\Windows\System32\skydrive.exe
                          C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                          C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
                          C:\Windows\System32\RuntimeBroker.exe
                          C:\Program Files\Logitech\Gaming Software\LWEMon.exe
                          C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
                          C:\Windows\System32\SettingSyncHost.exe
                          C:\Program Files\Internet Explorer\iexplore.exe
                          C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                          C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
                          C:\Windows\System32\WUDFHost.exe
                          C:\Users\Gerheuts\Desktop\zoek.exe
                          C:\Windows\system32\conhost.exe
                          C:\Windows\system32\wbem\wmiprvse.exe

                          ==== Installed Programs ======================

                          Adobe Photoshop CS6
                          Adobe Reader XI (11.0.10) - Nederlands
                          Alt.Binz 0.25.0
                          Assetto Corsa
                          BurnAware Free 7.7
                          CloneCD
                          CloneDVD Full 3.0.2.5
                          Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
                          E-Peek
                          eMule
                          EPSON-printersoftware
                          EPSON Copy Utility 3
                          Epson Print CD
                          EPSON Scan
                          EPSON Smart Panel
                          Freemake Video Converter versie 4.1.5
                          ImgBurn
                          Intel(R) Processor Graphics
                          Logitech Gaming Software 5.10
                          Malwarebytes Anti-Malware versie 2.0.4.1028
                          MGI PhotoSuite 8.05 (Alleen verwijderen)
                          Microsoft ASP.NET MVC 4 Runtime
                          Microsoft Office Access MUI (Dutch) 2010
                          Microsoft Office Excel MUI (Dutch) 2010
                          Microsoft Office Groove MUI (Dutch) 2010
                          Microsoft Office InfoPath MUI (Dutch) 2010
                          Microsoft Office Office 64-bit Components 2010
                          Microsoft Office OneNote MUI (Dutch) 2010
                          Microsoft Office Outlook MUI (Dutch) 2010
                          Microsoft Office PowerPoint MUI (Dutch) 2010
                          Microsoft Office Professional Plus 2010
                          Microsoft Office Proof (Dutch) 2010
                          Microsoft Office Proof (English) 2010
                          Microsoft Office Proof (French) 2010
                          Microsoft Office Proof (German) 2010
                          Microsoft Office Proofing (Dutch) 2010
                          Microsoft Office Publisher MUI (Dutch) 2010
                          Microsoft Office Shared 64-bit MUI (Dutch) 2010
                          Microsoft Office Shared MUI (Dutch) 2010
                          Microsoft Office Word MUI (Dutch) 2010
                          Microsoft Silverlight
                          Microsoft SQL Server Compact 3.5 SP2 ENU
                          Microsoft Visual C++ 2005 Redistributable
                          Microsoft Visual C++ 2005 Redistributable (x64)
                          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
                          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
                          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
                          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
                          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
                          Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
                          Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
                          Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
                          Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
                          Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
                          Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
                          Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
                          Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
                          Microsoft_VC80_CRT_x86
                          Microsoft_VC90_CRT_x86
                          NVIDIA-configuratiescherm 344.11
                          NVIDIA 3D Vision controllerstuurprogramma 344.11
                          NVIDIA 3D Vision stuurprogramma 344.11
                          NVIDIA GeForce Experience 2.1.5
                          NVIDIA GeForce Experience Service
                          NVIDIA Grafisch stuurprogramma 344.11
                          NVIDIA HD Audio-stuurprogramma 1.3.32.1
                          NVIDIA Install Application
                          NVIDIA LED Visualizer 1.0
                          NVIDIA Miracast virtuele audio 344.11
                          NVIDIA Network Service
                          NVIDIA Photoshop Plug-ins 64 bit
                          NVIDIA PhysX
                          NVIDIA PhysX systeemsoftware 9.14.0702
                          NVIDIA ShadowPlay 16.18.9
                          NVIDIA Stereoscopic 3D Driver
                          NVIDIA Update 16.18.9
                          NVIDIA Update Core
                          NVIDIA Virtual Audio 1.2.27
                          PDF Settings CS6
                          Popcorn Time
                          QuickPar 0.9
                          Revo Uninstaller Pro 2.5.0
                          rFactor2
                          ScanToWeb
                          Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
                          Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
                          Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
                          Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
                          SHIELD Streaming
                          SHIELD Wireless Controller Driver
                          Snagit 10.0.2
                          Spotnet
                          Stardock Start8
                          Steam
                          SubSync
                          TeamSpeak 3 Client
                          Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
                          Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
                          Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
                          Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
                          Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
                          Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
                          Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
                          Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
                          Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
                          Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
                          Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
                          Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
                          Video to Video
                          VLC media player
                          VSO ConvertXToDVD
                          VSOConvertX
                          WinRAR 5.10 (64-bit)
                          ZHPDiag 2014

                          ==== Files Recently Created / Modified ======================

                          ====== C:\Windows ====
                          ====== C:\Users\Gerheuts\AppData\Local\Temp ====
                          ====== Java Cache =====
                          ====== C:\Windows\SysWOW64 =====
                          2014-12-17 11:52:13 BA3FF65B9E5224A1EAF60884C11C03FB 32400 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll
                          2014-12-16 07:06:35 7EAC336CFB845753DE556D8EEDD8BD58 129536 ----a-w- C:\Windows\SysWOW64\poqexec.exe
                          2014-12-11 14:49:25 C4FB74C1E96142E0A9E5DE78E3A0B494 28672 ----a-w- C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
                          2014-12-11 14:49:12 98C136EA9D0CA9C010FE49D863D29C6D 1612992 ----a-w- C:\Windows\SysWOW64\crypt32.dll
                          2014-12-11 14:46:15 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll
                          2014-12-11 14:46:13 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll
                          2014-12-11 14:46:12 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll
                          2014-12-11 14:46:12 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll
                          2014-12-11 14:46:12 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll
                          2014-12-11 14:46:12 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
                          2014-12-11 14:46:12 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll
                          2014-12-11 14:46:11 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
                          2014-12-11 14:46:11 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
                          2014-12-11 14:46:11 C6941899E6B0A1893D2D5A89241A43B6 661504 ----a-w- C:\Windows\SysWOW64\jscript.dll
                          2014-12-11 14:46:11 98F2784FC4A4A80CE20016C6281834EE 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll
                          2014-12-11 14:46:11 86181845803967FC51B64119E80FC18C 340992 ----a-w- C:\Windows\SysWOW64\html.iec
                          2014-12-11 14:46:11 713407DA59A9DBE5BD64A17D7A267DA1 326656 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
                          2014-12-11 14:46:11 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
                          2014-12-11 14:46:11 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
                          2014-12-11 14:46:11 476900A8699F5C3D954ADD4A35D33F89 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
                          2014-12-11 14:46:11 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll
                          2014-12-11 14:46:11 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
                          2014-12-11 14:46:11 0E4D9A13C7C6C8FC3ACCF1C8C28DE200 128000 ----a-w- C:\Windows\SysWOW64\iepeers.dll
                          2014-12-11 14:46:10 A9B598B04606F9869C42728FE95CBC7C 1489072 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
                          2014-12-11 14:46:08 CA7A00203E710E56C18D15B72148769F 790528 ----a-w- C:\Windows\SysWOW64\MrmCoreR.dll
                          ====== C:\Windows\SysWOW64\drivers =====
                          ====== C:\Windows\Sysnative =====
                          2014-12-16 07:06:35 E4A75F7BA48F4281405C782E3DB9F828 146432 ----a-w- C:\Windows\Sysnative\poqexec.exe
                          2014-12-11 14:49:25 83AEDC4636606B145851723AE7385781 34304 ----a-w- C:\Windows\Sysnative\DeviceSetupStatusProvider.dll
                          2014-12-11 14:49:12 F5BA843DE3475B8D7FD5AFC21857A7C1 1970432 ----a-w- C:\Windows\Sysnative\crypt32.dll
                          2014-12-11 14:46:15 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll
                          2014-12-11 14:46:13 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll
                          2014-12-11 14:46:12 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
                          2014-12-11 14:46:12 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll
                          2014-12-11 14:46:12 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll
                          2014-12-11 14:46:12 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll
                          2014-12-11 14:46:12 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll
                          2014-12-11 14:46:11 DDE455CF1B9F43775A53A4E577DFDC54 373760 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
                          2014-12-11 14:46:11 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
                          2014-12-11 14:46:11 D248949FCF2B72C1FD4EC15DA92065C0 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
                          2014-12-11 14:46:11 A41AC7E8D142FD0ECF6EF7F1BB63D478 812544 ----a-w- C:\Windows\Sysnative\jscript.dll
                          2014-12-11 14:46:11 62CFEE2A516C68540486EBF26F18ED4C 145408 ----a-w- C:\Windows\Sysnative\iepeers.dll
                          2014-12-11 14:46:11 507DC5EE1363EEB7D986B1026DF4E39D 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll
                          2014-12-11 14:46:11 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
                          2014-12-11 14:46:11 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
                          2014-12-11 14:46:11 284070B045F8B11B4A1FB32F72023038 417280 ----a-w- C:\Windows\Sysnative\html.iec
                          2014-12-11 14:46:11 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll
                          2014-12-11 14:46:11 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
                          2014-12-11 14:46:11 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll
                          2014-12-11 14:46:11 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
                          2014-12-11 14:46:10 418B5117F187DFFD96C52325CA0DF153 1762840 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll
                          2014-12-11 14:46:08 FB7F1B20A2C86D55F731E53EB04C9360 740864 ----a-w- C:\Windows\Sysnative\invagent.dll
                          2014-12-11 14:46:08 EE5ED8E6998D7E686F614BA8D876829B 192000 ----a-w- C:\Windows\Sysnative\aepic.dll
                          2014-12-11 14:46:08 DB7815ACB2D8F7CB03807059969F13B6 1091072 ----a-w- C:\Windows\Sysnative\MrmCoreR.dll
                          2014-12-11 14:46:08 C4A550C337ADB0EB4C4D4F388C27B815 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
                          2014-12-11 14:46:08 C4859B1344645E6109DE77F5577CD37F 396288 ----a-w- C:\Windows\Sysnative\devinv.dll
                          2014-12-11 14:46:08 8283D7B0DCB540AB58A864E4BF2451FD 830464 ----a-w- C:\Windows\Sysnative\appraiser.dll
                          2014-12-11 14:46:08 2DD8EC6F8DE5F8556ABC5F223D49EA07 412672 ----a-w- C:\Windows\Sysnative\generaltel.dll
                          2014-12-11 14:46:08 222F243A138149E51FEA4769A475A144 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll
                          ====== C:\Windows\Sysnative\drivers =====
                          2014-12-17 11:52:13 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
                          2014-12-13 18:28:01 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys
                          2014-12-11 14:46:07 B02118A776C368F7EE1A8CC81378D265 153920 -c--a-w- C:\Windows\Sysnative\drivers\dumpsd.sys
                          2014-12-11 14:46:07 A770340FC02B999EF0DE6C2A6BC8437C 39744 -c--a-w- C:\Windows\Sysnative\drivers\intelpep.sys
                          2014-12-11 14:46:07 7B7C482CF48E6EE33664340D1A78E6FE 238912 -c--a-w- C:\Windows\Sysnative\drivers\sdbus.sys
                          2014-12-11 14:46:07 24A8DFC07E4BAF29AEA26E383D4CC886 86336 ----a-w- C:\Windows\Sysnative\drivers\pdc.sys
                          ====== C:\Windows\Tasks ======
                          2014-12-13 18:28:18 7DD0C8E64DBA54E553B7686AA3839FF2 3328 ----a-w- C:\Windows\Sysnative\Tasks\SpyHunter4Startup
                          ====== C:\Windows\Temp ======
                          ======= C:\Program Files =====
                          2014-12-13 18:27:58 -------- d-----w- C:\Program Files\Enigma Software Group
                          ======= C:\PROGRA~2 =====
                          2014-12-21 16:43:43 -------- d-----w- C:\PROGRA~2\ZHPDiag
                          2014-12-21 11:06:18 -------- d-----w- C:\PROGRA~2\E Dev
                          ======= C: =====
                          2014-12-21 16:46:37 AC65FDD47A0FC943FAE407380E5C5449 512 ----a-w- C:\PhysicalDisk0_MBR.bin
                          2014-12-13 18:28:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
                          ====== C:\Users\Gerheuts\AppData\Roaming ======
                          2014-12-21 16:43:43 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\ZHP
                          2014-12-21 13:28:13 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
                          2014-12-21 13:28:13 -------- d-----w- C:\Users\Gerheuts\AppData\Local\Temp
                          2014-12-21 13:28:13 -------- d-----w- C:\Users\Default\AppData\Local\Temp
                          2014-12-21 13:28:13 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
                          2014-12-21 11:05:50 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\E Dev
                          2014-12-13 16:44:41 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\rmi
                          2014-12-13 16:42:18 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan
                          2014-12-13 16:42:18 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\QuickScan
                          2014-12-13 16:36:24 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\BSplayer Pro
                          2014-12-13 16:36:24 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\BSplayer
                          2014-11-29 18:12:40 -------- d-----w- C:\Users\Gerheuts\AppData\Local\QuickPar
                          2014-11-29 18:11:25 -------- d-----w- C:\Users\Gerheuts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
                          ====== C:\Users\Gerheuts ======
                          2014-12-21 16:43:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
                          2014-12-21 16:43:22 2A5CF47CC1E858B3F87259CE4F42EE9E 6868555 ----a-w- C:\Users\Gerheuts\Desktop\ZHPDiag2.exe
                          2014-12-21 11:06:25 2948807522953C32DA577DB6294268BE 111 ----a-w- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                          2014-12-13 19:21:38 7AC98BE8593253FDDF8293E1C60B04BA 2166272 ----a-w- C:\Users\Gerheuts\Desktop\adwcleaner_4.105.exe
                          2014-12-13 18:28:17 -------- d-----w- C:\Users\Gerheuts\Start Menu
                          2014-12-13 16:36:16 A84F7F5C093831C864091E184680C6DE 10554136 ----a-w- C:\Users\Public\Downloads\bsplayer268.1077(1).exe
                          2014-11-29 18:11:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar

                          ====== C: exe-files ==
                          2014-12-22 14:05:08 8AC560B0FE1D9532C9980DF09CA74CA1 431176 ----a-w- C:\Users\Gerheuts\AppData\Local\NVIDIA\NvBackend\Packages\00006a92\CoProc update.19159251.exe
                          2014-12-21 16:43:44 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe
                          2014-12-21 16:43:44 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
                          2014-12-21 16:43:44 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe
                          2014-12-21 16:43:44 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe
                          2014-12-21 16:43:44 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe
                          2014-12-21 16:43:44 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe
                          2014-12-21 16:43:44 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe
                          2014-12-21 16:43:44 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe
                          2014-12-21 16:43:44 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe
                          2014-12-21 16:43:43 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
                          2014-12-21 16:43:43 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
                          2014-12-21 16:43:43 97EEE26B60EBC5A2AFFF84AEB3F44968 8141824 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
                          2014-12-21 16:43:43 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe
                          2014-12-21 16:43:43 2E30F0D775442FFBF68E7AB4603BFFDB 3060224 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
                          2014-12-21 16:43:22 2A5CF47CC1E858B3F87259CE4F42EE9E 6868555 ----a-w- C:\Users\Gerheuts\Desktop\ZHPDiag2.exe
                          2014-12-20 11:54:24 0C657A50CC8017727FEB3B8A73D87B1B 4504192 ----a-w- C:\Users\Gerheuts\AppData\Local\NVIDIA\NvBackend\Packages\00006a8f\DAO.19154549.exe
                          2014-12-20 07:55:45 CC7ED069C2FC82B5B1555C2044C765CC 833728 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
                          2014-12-19 04:50:12 23F9D4CAE5C1A90415F77E1E051B2A0F 11592 ----a-w- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.vshost.exe
                          2014-12-19 04:50:02 3532ED2B4F964B014515B854A12E5908 1163264 ----a-w- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe
                          2014-12-17 11:52:10 E68D5DE8AE8EA0929955C69362563A8F 1701520 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{D027F860-87D6-4AAF-9E33-3D545CE85F9B}\NVNetworkService.exe
                          2014-12-17 11:52:10 B6C65AC0616D23170474217F1A9A0BBF 413840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C72BCC0A-8036-43D6-9F90-222329C5823D}\setup.exe
                          2014-12-17 10:55:58 C7C21D72170A3288958C89784A4D4C2F 31666248 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\f92c568c-85b7-48ce-af65-0adcf72e5dc3\GeForce_Experience_Update_v2.1.5.0.exe
                          2014-12-16 07:06:35 E4A75F7BA48F4281405C782E3DB9F828 146432 ----a-w- C:\Windows\System32\poqexec.exe
                          2014-12-16 07:06:35 7EAC336CFB845753DE556D8EEDD8BD58 129536 ----a-w- C:\Windows\SysWOW64\poqexec.exe
                          === C: other files ==
                          2014-12-17 11:52:13 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
                          2014-12-17 11:52:13 DBFE7B2DF103F74AE51840B3C5F25FE9 38032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{24D5161C-E0FC-4039-81D3-A934E28A4325}\nvvad64v.sys
                          2014-12-17 11:52:13 CE9812A9B6695E0FA4ACBDF18AC9076B 16032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{82C62DE0-49E8-44A4-A1B0-B66832D1DA89}\NVSWCFilter32.sys
                          2014-12-17 11:52:13 3EEDE5E218F0978D802CE3196E8B9028 32912 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{24D5161C-E0FC-4039-81D3-A934E28A4325}\nvvad32v.sys
                          2014-12-17 11:52:13 17D21ADA263B31EEDB7EA344AEA4F2E7 19616 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{82C62DE0-49E8-44A4-A1B0-B66832D1DA89}\NVSWCFilter64.sys
                          2014-12-17 11:52:10 F90B3BF40AC646908022CB7929CDE6FC 14480 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C72BCC0A-8036-43D6-9F90-222329C5823D}\NVI2SystemService32.sys
                          2014-12-17 11:52:10 C658C7BF6ADC0E453CD98FB81F8698DA 15504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C72BCC0A-8036-43D6-9F90-222329C5823D}\NVI2SystemService64.sys

                          ==== Startup Registry Enabled ======================

                          [HKEY_USERS\S-1-5-21-3569473851-2412082960-3330132248-1001\Software\Microsoft\Windows\CurrentVersion\Run]
                          "EPSON Stylus Photo R285"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU C:\Windows\TEMP\E_S5B63.tmp /EF HKCU"

                          [HKEY_USERS\S-1-5-21-3569473851-2412082960-3330132248-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
                          "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
                          "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
                          "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                          "CloneCDTray"="C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe /s"

                          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
                          "EPSON Stylus Photo R285"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU C:\Windows\TEMP\E_S5B63.tmp /EF HKCU"

                          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

                          ==== Startup Registry Enabled x64 ======================

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"
                          "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                          "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                          "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

                          ==== Startup Folders ======================

                          2014-06-09 11:34:28 2108 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk

                          ==== Other Scheduled Tasks ======================

                          "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
                          "C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"]
                          "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{38142201-73FF-4452-BDAE-0FF63C93BFA6}" [C:\Windows\system32\msfeedssync.exe]
                          "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

                          ==== Silent Runners ======================

                          "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
                          Output limited to non-default values, except where indicated by "{++}"


                          Startup items buried in registry:
                          ---------------------------------

                          HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
                          EPSON Stylus Photo R285 = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S5B63.tmp" /EF "HKCU" [SEIKO EPSON CORPORATION]
                          AdobeBridge = (empty string) [file not found]

                          HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
                          Adobe Speed Launcher = 1419259792 [file not found]

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                          Start WingMan Profiler = C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [Logitech Inc.]
                          AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated]
                          NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]
                          ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
                          BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS]
                          SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [Adobe Systems Incorporated]
                          AdobeCS6ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [Adobe Systems Incorporated]
                          Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
                          CloneCDTray = "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [SlySoft, Inc.]

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

                          {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = SnagIt Toolbar Loader
                          \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [TechSmith Corporation]
                          -> {HKLM...Wow...CLSID} = SnagIt Toolbar Loader
                          \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [TechSmith Corporation]

                          {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = Groove GFS Browser Helper
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                          -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
                          -> {HKLM...CLSID} = Office Document Cache Handler
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
                          -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

                          {00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = SnagIt Toolbar Loader
                          \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [TechSmith Corporation]
                          -> {HKLM...Wow...CLSID} = SnagIt Toolbar Loader
                          \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [TechSmith Corporation]

                          {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = Groove GFS Browser Helper
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                          -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
                          -> {HKLM...CLSID} = Office Document Cache Handler
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
                          -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

                          Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
                          -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
                          -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
                          -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
                          -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
                          -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                          \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

                          Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
                          -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
                          -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
                          -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
                          -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                          \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                          Comment


                          • #14
                            Hier deel 2:

                            Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

                            {8082C5E6-4C27-48ec-A809-B8E1122E8F97} = .contact shell extension handler
                            -> {HKLM...CLSID} = .contact shell extension handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {13D3C4B8-B179-4ebb-BF62-F704173E7448} = Windows Contact Preview Handler
                            -> {HKLM...CLSID} = CLSID_ContactReadingPane
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {CF67796C-F57F-45F8-92FB-AD698826C602} = contact_wab_auto_file
                            -> {HKLM...CLSID} = .contact shell context menu
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {16C2C29D-0E5F-45f3-A445-03E03F587B7D} = group_wab_auto_file
                            -> {HKLM...CLSID} = .group shell context menu
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {4F58F63F-244B-4c07-B29F-210BE59BE9B4} = .group shell extension handler
                            -> {HKLM...CLSID} = .group shell extension handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {6A451C0A-9597-4915-BCCE-6E859BC996B2} = Start8Shell extension
                            -> {HKLM...CLSID} = Start8Shell Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\Stardock\Start8\Start8Shell64.dll [Stardock Software, Inc]

                            {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
                            -> {HKLM...CLSID} = (no title provided)
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

                            {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
                            -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

                            {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
                            -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

                            {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
                            -> {HKLM...CLSID} = Werkruimten
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                            -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

                            {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
                            -> {HKLM...CLSID} = ImageExtractorShellExt Class
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

                            {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
                            -> {HKLM...CLSID} = CInfoTipShellExt Class
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

                            {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
                            -> {HKLM...CLSID} = Groove GFS Browser Helper
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
                            -> {HKLM...CLSID} = Groove Folder Synchronization
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
                            -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
                            -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
                            -> {HKLM...CLSID} = Groove GFS Stub Icon Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
                            -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                            -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                            -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                            -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
                            -> {HKLM...CLSID} = Groove XML Icon Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
                            -> {HKLM...CLSID} = Ondernemingsprojecten
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

                            {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
                            -> {HKLM...CLSID} = (no title provided)
                            \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

                            {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
                            -> {HKLM...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

                            {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = Snagit
                            -> {HKLM...CLSID} = Snagit
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [TechSmith Corporation]

                            {CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
                            -> {HKLM...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]

                            {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension
                            -> {HKLM...CLSID} = RUShellExt Class
                            \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group]

                            {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
                            -> {HKLM...CLSID} = DesktopContext Class
                            \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

                            {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
                            -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                            \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

                            HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

                            {8082C5E6-4C27-48ec-A809-B8E1122E8F97} = .contact shell extension handler
                            -> {HKLM...Wow...CLSID} = .contact shell extension handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {13D3C4B8-B179-4ebb-BF62-F704173E7448} = Windows Contact Preview Handler
                            -> {HKLM...Wow...CLSID} = CLSID_ContactReadingPane
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {CF67796C-F57F-45F8-92FB-AD698826C602} = contact_wab_auto_file
                            -> {HKLM...Wow...CLSID} = .contact shell context menu
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {16C2C29D-0E5F-45f3-A445-03E03F587B7D} = group_wab_auto_file
                            -> {HKLM...Wow...CLSID} = .group shell context menu
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {4F58F63F-244B-4c07-B29F-210BE59BE9B4} = .group shell extension handler
                            -> {HKLM...Wow...CLSID} = .group shell extension handler
                            \InProcServer32\(Default) = C:\Program Files\Common Files\System\wab32.dll [file not found]

                            {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
                            -> {HKLM...Wow...CLSID} = (no title provided)
                            \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

                            {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
                            -> {HKLM...Wow...CLSID} = Werkruimten
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                            -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                            \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

                            {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
                            -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

                            {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
                            -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

                            {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
                            -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
                            -> {HKLM...Wow...CLSID} = Groove Folder Synchronization
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
                            -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
                            -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                            -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
                            -> {HKLM...Wow...CLSID} = Groove XML Icon Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
                            -> {HKLM...Wow...CLSID} = Microsoft Outlook
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL [MS]

                            {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
                            -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
                            \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

                            {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
                            -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                            \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

                            {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
                            -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                            \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

                            {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = Snagit
                            -> {HKLM...Wow...CLSID} = Snagit
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [TechSmith Corporation]

                            {CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
                            -> {HKLM...Wow...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitShellExt.dll [TechSmith Corporation]

                            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

                            <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
                            -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

                            <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
                            -> {HKLM...CLSID} = Groove GFS Stub Execution Hook
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
                            <<!>> ("" [file not found]) Security Packages = ""

                            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

                            {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider
                            -> {HKLM...CLSID} = Smartcard WinRT Provider
                            \InProcServer32\(Default) = C:\Windows\system32\SmartcardCredentialProvider.dll [MS]

                            HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

                            <<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
                            -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                            \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

                            HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

                            SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
                            -> {HKLM...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
                            -> {HKLM...Wow...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitShellExt.dll [TechSmith Corporation]

                            WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
                            -> {HKLM...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

                            WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
                            -> {HKLM...Wow...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

                            WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
                            -> {HKLM...CLSID} = Work Folders Context Menu Handler
                            \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

                            XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

                            {FA507C3F-30C6-4DCA-9EE5-2656072EEC14}\(Default) = (no title provided)
                            -> {HKLM...CLSID} = TheAdvOSPropPage Class
                            \InProcServer32\(Default) = C:\Windows\system32\igfxOSP.dll [Intel Corporation]

                            HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

                            XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

                            SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
                            -> {HKLM...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
                            -> {HKLM...Wow...CLSID} = SnagItShellExt Class
                            \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitShellExt.dll [TechSmith Corporation]

                            WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
                            -> {HKLM...CLSID} = Work Folders Context Menu Handler
                            \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

                            XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

                            igfxDTCM\(Default) = {9B5F5829-A529-4B12-814A-E81BCB8D93FC}
                            -> {HKLM...CLSID} = TheDeskTopContextMenu Class
                            \InProcServer32\(Default) = C:\Windows\system32\igfxDTCM.dll [Intel Corporation]

                            igfxOSP\(Default) = {FA507C3F-30C6-4DCA-9EE5-2656072EEC14}
                            -> {HKLM...CLSID} = TheAdvOSPropPage Class
                            \InProcServer32\(Default) = C:\Windows\system32\igfxOSP.dll [Intel Corporation]

                            NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
                            -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                            \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

                            WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
                            -> {HKLM...CLSID} = Work Folders Context Menu Handler
                            \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

                            XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

                            {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
                            -> {HKLM...Wow...CLSID} = PDF Shell Extension
                            \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

                            HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

                            RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
                            -> {HKLM...CLSID} = RUShellExt Class
                            \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group]

                            WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
                            -> {HKLM...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

                            WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
                            -> {HKLM...Wow...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

                            XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
                            -> {HKLM...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
                            -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                            \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                            HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

                            WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
                            -> {HKLM...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

                            WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
                            -> {HKLM...Wow...CLSID} = WinRAR
                            \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


                            Group Policies {GPedit.msc branch and setting}:
                            -----------------------------------------------

                            Note: detected settings may not have any effect.

                            HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

                            NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            NoResolveTrack = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            NoResolveSearch = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            LinkResolveIgnoreLinkInfo = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            NoInternetOpenWith = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

                            PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
                            {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
                            User Account Control: Switch to the secure desktop when prompting for elevation}

                            ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
                            {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
                            User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

                            EnableCursorSuppression = (REG_DWORD) dword:0x00000001
                            {unrecognized setting}

                            ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000000
                            {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
                            User Account Control: Behavior Of The Elevation Prompt For Standard Users}

                            FilterAdministratorToken = (REG_DWORD) dword:0x00000001
                            {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
                            User Account Control: Admin Approval Mode for the Built-in Administrator Account}


                            Active Desktop and Wallpaper:
                            -----------------------------

                            Active Desktop may be disabled at this entry:
                            HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

                            Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
                            HKCU\Control Panel\Desktop\
                            Wallpaper = C:\Users\Gerheuts\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper


                            Windows Portable Device AutoPlay Handlers
                            -----------------------------------------

                            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

                            BridgeCS6ImportMediaOnArrival\
                            Provider = Adobe Bridge CS6
                            InvokeProgID = Adobe.adobebridgeCS6
                            InvokeVerb = launch
                            HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS6\shell\launch\command\(Default) = C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

                            BridgeCS6NonVolumeHandler\
                            Provider = Adobe Bridge CS6
                            ProgID = Adobe.adobebridgeMTP_1
                            HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = {1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}
                            -> {HKLM...CLSID} = Adobe Bridge CS6
                            \LocalServer32\(Default) = C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\bridgeproxy.exe -m [Adobe Systems, Inc.]

                            BurnAware\
                            Provider = BurnAware
                            InvokeProgID = BurnAwareOpen
                            InvokeVerb = open
                            HKLM\SOFTWARE\Classes\BurnAwareOpen\shell\open\command\(Default) = "C:\Program Files (x86)\BurnAware Free\burnaware.exe" [Burnaware]

                            ImgBurnBDBurningOnArrival_BuildImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleBDBurningOnArrival_BuildImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnBDBurningOnArrival_BurnImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleBDBurningOnArrival_BurnImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnCDBurningOnArrival_BuildImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleCDBurningOnArrival_BuildImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnCDBurningOnArrival_BurnImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleCDBurningOnArrival_BurnImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnDVDBurningOnArrival_BuildImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleDVDBurningOnArrival_BuildImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default ) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnDVDBurningOnArrival_BurnImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleDVDBurningOnArrival_BurnImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnHDDVDBurningOnArrival_BuildImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleHDDVDBurningOnArrival_BuildImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Defau lt) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnHDDVDBurningOnArrival_BurnImage\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = HandleHDDVDBurningOnArrival_BurnImage
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Defaul t) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

                            ImgBurnPlayBluRayOnArrival_ReadDisc\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = PlayBluRayOnArrival_ReadDisc
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

                            ImgBurnPlayCDAudioOnArrival_ReadDisc\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = PlayCDAudioOnArrival_ReadDisc
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

                            ImgBurnPlayDVDMovieOnArrival_ReadDisc\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = PlayDVDMovieOnArrival_ReadDisc
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

                            ImgBurnPlayHDDVDOnArrival_ReadDisc\
                            Provider = ImgBurn
                            InvokeProgID = ImgBurn.AutoPlay.1
                            InvokeVerb = PlayHDDVDOnArrival_ReadDisc
                            HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

                            MSFhConfigBackup\
                            Provider = @C:\Windows\system32\fhautoplay.dll,-100
                            InvokeProgID = FHConfig.AutoPlayHandler
                            InvokeVerb = config
                            HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]

                            MSPlayCDAudioOnArrival\
                            Provider = @wmploc.dll,-6502
                            InvokeProgID = WMP.AudioCD
                            InvokeVerb = play
                            HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

                            MSPlayDVDMovieOnArrival\
                            Provider = @wmploc.dll,-6502
                            InvokeProgID = WMP.DVD
                            InvokeVerb = play
                            HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

                            MSPlaySuperVideoCDMovieOnArrival\
                            Provider = @wmploc.dll,-6502
                            InvokeProgID = WMP.VCD
                            InvokeVerb = play
                            HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

                            MSPlayVideoCDMovieOnArrival\
                            Provider = @wmploc.dll,-6502
                            InvokeProgID = WMP.VCD
                            InvokeVerb = play
                            HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

                            MSPromptEachTime\
                            Provider = @C:\Windows\system32\shell32.dll,-17411
                            ProgID = Shell.Autoplay
                            InitCmdLine = PromptEachTime
                            HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
                            -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                            \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

                            MSPromptEachTimeNoContent\
                            Provider = @C:\Windows\system32\shell32.dll,-17411
                            ProgID = Shell.Autoplay
                            InitCmdLine = PromptEachTimeNoContent
                            HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
                            -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                            \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

                            MSWMPBurnCDOnArrival\
                            Provider = @wmploc.dll,-6502
                            InvokeProgID = WMP.BurnCD
                            InvokeVerb = Burn
                            HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

                            VLCPlayCDAudioOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.CDAudio
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

                            VLCPlayDVDAudioOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.OPENFolder
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

                            VLCPlayDVDMovieOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.DVDMovie
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

                            VLCPlayMusicFilesOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.OPENFolder
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

                            VLCPlaySVCDMovieOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.SVCDMovie
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

                            VLCPlayVCDMovieOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.VCDMovie
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

                            VLCPlayVideoFilesOnArrival\
                            Provider = VideoLAN VLC media player
                            InvokeProgID = VLC.OPENFolder
                            InvokeVerb = Open
                            HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

                            Comment


                            • #15
                              En tenslotte deel 3:

                              WIA_{29145F13-C5C8-4B3C-8E76-05396619E315}\
                              Provider = Photoshop
                              CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
                              InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
                              -> {HKLM...CLSID} = WPDShextAutoplay
                              \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

                              WIA_{630D89A4-B1C8-4609-93BC-2C1A18F47D74}\
                              Provider = EPSON Scan
                              CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
                              InitCmdLine = /WiaCmd;C:\Windows\twain_32\escndv\escndv.exe /StiDevice:%1 /StiEvent:%2;
                              -> {HKLM...CLSID} = WPDShextAutoplay
                              \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

                              WIA_{979848F0-DBC0-417B-A3BD-D001D4326433}\
                              Provider = EPSON Smart Panel
                              CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
                              InitCmdLine = /WiaCmd;C:\Program Files (x86)\Smart Panel\Smapanel.Exe /StiDevice:%1 /StiEvent:%2;
                              -> {HKLM...CLSID} = WPDShextAutoplay
                              \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


                              Startup items in "Gerheuts" & "All Users" startup folders:
                              ----------------------------------------------------------

                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
                              Snagit 10 -> shortcut to: C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe [TechSmith Corporation]


                              Non-disabled Scheduled Tasks: {++}
                              -----------------------------

                              C:\Windows\System32\Tasks
                              [email protected] -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
                              CreateChoiceProcessTask -> launches: C:\Windows\BrowserChoice\browserchoice.exe /launch [MS]
                              SpyHunter4Startup -> launches: "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s [file not found]
                              User_Feed_Synchronization-{38142201-73FF-4452-BDAE-0FF63C93BFA6} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
                              .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
                              -> {HKLM...CLSID} = (no title provided)
                              \InProcServer32\(Default) = mscoree.dll [MS]
                              .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
                              -> {HKLM...CLSID} = (no title provided)
                              \InProcServer32\(Default) = mscoree.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
                              AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
                              -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
                              -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\AppID
                              SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
                              -> {HKLM...CLSID} = Windows SmartScreen Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]
                              -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
                              AitAgent -> launches: aitagent /increment [MS]
                              Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
                              ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
                              StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
                              CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
                              Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
                              UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
                              SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
                              -> {HKLM...CLSID} = Certificate Services Client Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
                              -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
                              UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
                              -> {HKLM...CLSID} = Certificate Services Client Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
                              -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
                              ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
                              -> {HKLM...CLSID} = Proactive Scan
                              \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
                              BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
                              -> {HKLM...CLSID} = BthSQM
                              \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS]
                              Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
                              KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
                              -> {HKLM...CLSID} = KernelCeipCustomHandler
                              \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
                              Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]
                              UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
                              -> {HKLM...CLSID} = UsbCeip
                              \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
                              -> {HKLM...Wow...CLSID} = UsbCeip
                              \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
                              Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
                              -> {HKLM...CLSID} = Data Integrity Scan
                              \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
                              ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
                              Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
                              -> {HKLM...CLSID} = DsmRefreshTask Class
                              \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
                              Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
                              -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                              \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
                              SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
                              Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74}
                              -> {HKLM...CLSID} = Disk Footprint Diagnostics Task
                              \InProcServer32\(Default) = C:\Windows\system32\DfpCommon.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
                              File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
                              -> {HKLM...CLSID} = FhTaskHandler Class
                              \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Location
                              Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
                              WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D
                              -> {HKLM...CLSID} = WinSAT Task Manger Task
                              \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
                              -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                              \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
                              ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
                              -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                              \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
                              RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
                              -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                              \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
                              MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\MUI
                              LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
                              SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
                              -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                              \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
                              -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                              \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
                              BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
                              -> {HKLM...CLSID} = Binding Engine Task Handler
                              \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
                              -> {HKLM...Wow...CLSID} = Binding Engine Task Handler
                              \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
                              GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

                              C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
                              BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371}
                              -> {HKLM...CLSID} = PerfTrack TaskHandler class
                              \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\PI
                              Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
                              -> {HKLM...CLSID} = TPM Maintenance Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
                              Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
                              -> {HKLM...CLSID} = TPM Maintenance Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
                              Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
                              -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                              \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
                              Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
                              -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                              \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
                              Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF}
                              -> {HKLM...CLSID} = Plug and Play Maintenance Task
                              \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS]
                              Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
                              AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
                              -> {HKLM...CLSID} = (no title provided)
                              \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\RAC
                              RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
                              -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                              \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
                              -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                              \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Ras
                              MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
                              -> {HKLM...CLSID} = RasMobilityManager
                              \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Registry
                              RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
                              -> {HKLM...CLSID} = RegistryIdleBackupHandler
                              \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
                              RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
                              MRT_HB -> launches: C:\Windows\system32\MRT.exe /EHB /Q [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
                              StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found]

                              C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
                              BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
                              -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
                              -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
                              BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E}
                              -> {HKLM...CLSID} = Backup Upload Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
                              -> {HKLM...Wow...CLSID} = Backup Upload Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
                              NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
                              -> {HKLM...CLSID} = Network State Change Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
                              -> {HKLM...Wow...CLSID} = Network State Change Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Shell
                              CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
                              -> {HKLM...CLSID} = Shell Create Object Task Delegate
                              \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
                              -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                              \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
                              FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
                              FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
                              -> {HKLM...CLSID} = FamilySafety.WebSync
                              \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
                              IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
                              -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                              \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
                              -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                              \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive
                              Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found]
                              Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found]

                              C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
                              SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
                              -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                              \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
                              -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                              \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
                              SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
                              WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
                              SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
                              Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
                              -> {HKLM...CLSID} = RunTask
                              \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
                              -> {HKLM...Wow...CLSID} = RunTask
                              \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
                              Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
                              -> {HKLM...CLSID} = Maintenance Launcher Handler
                              \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
                              Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
                              -> {HKLM...CLSID} = Maintenance Configurator
                              \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
                              Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
                              -> {HKLM...CLSID} = Maintenance Launcher Handler
                              \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
                              Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
                              -> {HKLM...CLSID} = Maintenance Launcher Handler
                              \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
                              MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
                              -> {HKLM...CLSID} = MsCtfMonitor task handler
                              \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
                              -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                              \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
                              ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
                              -> {HKLM...CLSID} = Time Synchronization Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]
                              SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
                              SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\TPM
                              Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
                              -> {HKLM...CLSID} = TPM Maintenance Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
                              UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\WDI
                              ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
                              -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                              \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
                              -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                              \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
                              Windows Defender Cache Maintenance -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS]
                              Windows Defender Cleanup -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS]
                              Windows Defender Scheduled Scan -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS]
                              Windows Defender Verification -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
                              QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
                              BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
                              UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
                              Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS]
                              Scheduled Start With Network -> launches: C:\Windows\system32\sc.exe start wuauserv [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
                              CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
                              -> {HKLM...CLSID} = Wininet Cache task object
                              \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
                              -> {HKLM...Wow...CLSID} = Wininet Cache task object
                              \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\WOF
                              WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
                              -> {HKLM...CLSID} = WOF Task Handler
                              \InProcServer32\(Default) = C:\Windows\system32\WofTasks.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
                              Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e}
                              -> {HKLM...CLSID} = Work Folder Logon Trigger Class
                              \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
                              Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b}
                              -> {HKLM...CLSID} = Work Folder Maintenance Task Class
                              \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]

                              C:\Windows\System32\Tasks\Microsoft\Windows\WS
                              Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
                              -> {HKLM...CLSID} = WinStore Tile Badge Updater
                              \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
                              License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
                              Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
                              -> {HKLM...CLSID} = WinStore License Sync task
                              \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
                              WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
                              WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
                              -> {HKLM...CLSID} = (no title provided)
                              \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS]

                              C:\Windows\System32\Tasks\WPD
                              SqmUpload_S-1-5-21-3569473851-2412082960-3330132248-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


                              Winsock2 Service Provider DLLs:
                              -------------------------------

                              Namespace Service Providers

                              HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
                              000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
                              000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
                              000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
                              000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
                              000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
                              000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

                              HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
                              000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
                              000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
                              000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
                              000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
                              000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
                              000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

                              Transport Service Providers

                              HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
                              0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                              %SystemRoot%\system32\mswsock.dll [MS], 01 - 10

                              HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
                              0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                              %SystemRoot%\system32\mswsock.dll [MS], 01 - 10


                              Toolbars, Explorer Bars, Extensions:
                              ------------------------------------

                              Toolbars

                              HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
                              {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = (no title provided)
                              -> {HKLM...CLSID} = Snagit
                              \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [TechSmith Corporation]

                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
                              {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = (no title provided)
                              -> {HKLM...Wow...CLSID} = Snagit
                              \InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [TechSmith Corporation]

                              Explorer Bars

                              HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
                              Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
                              InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

                              HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
                              Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
                              InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

                              Extensions (Tools menu items, main toolbar menu buttons)

                              HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
                              {2670000A-7350-4F3C-8081-5663EE0C6C49}\
                              ButtonText = Verzenden naar OneNote
                              MenuText = &Verzenden naar OneNote
                              CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
                              -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                              \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

                              {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
                              ButtonText = &Gekoppelde notities van OneNote
                              MenuText = &Gekoppelde notities van OneNote
                              CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
                              -> {HKLM...CLSID} = Linked Notes button
                              \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
                              {2670000A-7350-4F3C-8081-5663EE0C6C49}\
                              ButtonText = Verzenden naar OneNote
                              MenuText = &Verzenden naar OneNote
                              CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
                              -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                              \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

                              {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
                              ButtonText = &Gekoppelde notities van OneNote
                              MenuText = &Gekoppelde notities van OneNote
                              CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
                              -> {HKLM...Wow...CLSID} = Linked Notes button
                              \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]


                              Running Services (Display Name, Service Name, Path {Service DLL}):
                              ------------------------------------------------------------------

                              Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
                              AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
                              Freemake Improver, Freemake Improver, "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [null data]
                              Intel(R) HD Graphics Control Panel Service, igfxCUIService1.0.0.0, C:\Windows\system32\igfxCUIService.exe [Intel Corporation]
                              Network Connection Broker, NcbService, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\ncbservice.dll [MS]}
                              NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
                              NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation]
                              NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
                              NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation]
                              NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation]
                              Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]
                              Stardock Start8, Start8, "C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe" [Stardock Software, Inc]
                              Update service, Update service, C:\Program Files (x86)\Popcorn Time\Updater.exe [Company]
                              Windows Defender Network Inspection Service, WdNisSvc, "C:\Program Files\Windows Defender\NisSrv.exe" [MS]


                              Safe Mode Drivers & Services (subkey name, subkey default value):
                              -----------------------------------------------------------------

                              HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

                              <<!>> SystemEventsBroker, Service

                              HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

                              <<!>> SystemEventsBroker, Service


                              Print Monitors:
                              ---------------

                              HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
                              EPSON Stylus Photo R285 Series 64MonitorBE\Driver = E_ILMCKE.DLL [SEIKO EPSON CORPORATION]




                              ==== C:\zoek_backup content ======================

                              C:\zoek_backup (files=19 folders=24 14123865 bytes)

                              ==== EOF on ma 22-12-2014 at 18:58:12,64 ======================

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X