Zoek.exe v5.0.0.0 Updated 22-March-2015 Tool run by frans on ma 23-03-2015 at 11:33:35,77. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: c:\Users\frans.PC_van_hannah\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-03-22-200643.log 36670 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Acer Arcade Deluxe Acer Crystal Eye webcam Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Adobe Flash Player 17 NPAPI Adobe Photoshop 6.0 Adobe Reader X (10.1.13) - Nederlands Adobe© Photoshop© Album Starter Edition 3.2 ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update AVerMedia C038 USB Capture Card 1.0.0.23 AVG 2015 AVG Security Toolbar BUFFALO Backup Utility BUFFALO BuffaloTools Launcher Buffalo RAMDISK Utility BUFFALO TurboCopy BUFFALO TurboPC for FLASH/HDD BufferChm CCleaner CHVIDEOCR Compatibility Pack for the 2007 Office system Core FTP LE Destination Component DeviceManagementQFolder DocProc DocProcQFolder eSupportQFolder HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photo Creations HP Photosmart 5520 series Basissoftware van het apparaat HP Photosmart 5520 series Help HP Photosmart 5520 series Productverbeteringsonderzoek HP Photosmart Essential HP Product Assistant HP Scanjet G4000 series 9.0 HP Update hpg4000 hpg4000QFolder HPProductAssistant ImageMixer 3 SE for SD Intel(R) Graphics Media Accelerator Driver iTunes Java 8 Update 40 Java Auto Updater Launch Manager LightScribe 1.4.142.1 Macromedia Dreamweaver 3 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office File Validation Add-In Microsoft Office Professional Editie 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 36.0.4 (x86 nl) Mozilla Maintenance Service MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTI Backup NOW 4.7 NTI CD & DVD-Maker OpenOffice.org 3.4.1 PanoStandAlone PowerProducer 3.72 QuickTime 7 Rapport RealPlayer Realtek High Definition Audio Driver Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) SolutionCenter swMSM Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Trusteer Eindpuntbeveiliging Update for Microsoft .NET Framework 3.5 SP1 (KB963707) USB Audio/Vide Driver USB Video Device Driver Visual Studio 2012 x86 Redistributables VisualLightBox WebReg Windows Media Player Firefox Plugin ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2015\avgwdsvc.exe C:\Program Files\BUFFALO\Backup_Utility\BUService.exe C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Users\frans.PC_van_hannah\Downloads\zoek.exe C:\Windows\system32\conime.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\frans\AppData\Roaming\Mozilla\Firefox\Profiles\1zzwftlg.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2015_1311_.backup ProfilePath: C:\Users\FRANS~1.PC_\AppData\Roaming\Mozilla\Firefox\Profiles\edolajb8.default-1425675150229 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2015_1311_.backup ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\bp1277ly.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2015_1311_.backup ProfilePath: C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\ppwktaxl.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2015_1311_.backup ProfilePath: C:\Users\HANNAH~1.PC_\AppData\Roaming\Mozilla\Firefox\Profiles\gp7anx9u.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2015_1311_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"= ==== Deleting Files \ Folders ====================== C:\Program Files\AVG Secure Search not found C:\Program Files\Common Files\AVG Secure Search not found C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} not found ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2038 MB CPU Info: Intel(R) Celeron(R) CPU 530 @ 1.73GHz CPU Speed: 1728,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 965 Express Chipset Family | Mobile Intel(R) 965 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Broadcom NetLink (TM) Fast Ethernet | Atheros AR5007EG Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ-850S Ports: COM3 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 51,1GB | D: 50,9GB | F: 465,8GB Hard Disks - Free: C: 3,3GB | D: 13,1GB | F: 39,3GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 09/14/07 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer Acadia Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Default Browser: Firefox 36.0.4 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 36.0.4 (x86 nl) Adobe Reader version: 10.1.13.16 Sun Java version: 1.8.0_40 (32-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\FRANS~1.PC_\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-03-13 12:13:11 AC841E83E5B0914C700D236AC2E84BB0 369664 ----a-w- C:\Windows\System32\WMPhoto.dll 2015-03-13 12:12:00 217B3071BA854D5D704EE24CFF7E5F9C 975360 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2015-03-13 12:11:16 9F0BF29BB9D6E77C6F909412FB052F1D 2064384 ----a-w- C:\Windows\System32\win32k.sys 2015-03-13 11:46:35 ED1E4D1CA97596E0871C1F59AC4DE8F0 34304 ----a-w- C:\Windows\System32\atmlib.dll 2015-03-13 11:46:35 AB272D0B2EF1C79E43E7744D098352B2 296960 ----a-w- C:\Windows\System32\atmfd.dll 2015-03-13 11:44:32 D9DD1D278927A9CD5FF135887928C8EC 49152 ----a-w- C:\Windows\System32\csrsrv.dll 2015-03-13 11:44:32 B5C66E0B251D954D6CED30E4FDB07792 64000 ----a-w- C:\Windows\System32\smss.exe 2015-03-13 11:44:31 D4A5343933339DDD59D648D94913A059 3604408 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-03-13 11:44:28 77B20066811D808B32CA778CA5BA3C46 3552184 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-03-13 11:40:50 259F6A6294AF75E74F93F480E05F264A 807936 ----a-w- C:\Windows\System32\msctf.dll 2015-03-13 11:36:23 2D357C80ABB17CFACB7B552BC9CC8548 279040 ----a-w- C:\Windows\System32\schannel.dll 2015-03-13 11:31:28 BAC7D3632B09A5DF7D2BD067933E49E0 2264064 ----a-w- C:\Windows\System32\msi.dll 2015-03-13 11:26:55 2BF660554AD726BD43869E2A452B547F 11587584 ----a-w- C:\Windows\System32\shell32.dll 2015-03-12 17:35:53 6C25D51EAAF0D4198230645E47C7991C 421376 ----a-w- C:\Windows\System32\vbscript.dll 2015-03-12 17:35:53 58C6BC3102CB0E8E90C90C1637BACB50 1139200 ----a-w- C:\Windows\System32\urlmon.dll 2015-03-12 17:35:53 36A4E86EFE3FBF965062F6D187895758 11776 ----a-w- C:\Windows\System32\mshta.exe 2015-03-12 17:35:53 0486EB0A27DACB23CB69F3DBA2B8C2E7 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2015-03-12 17:35:52 E3B153191510A97D65A60C4C05CFEF50 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2015-03-12 17:35:52 C9E5A3FF121596B51A9F72870CFB1D39 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2015-03-12 17:35:51 F335C46A9450BE16CF0F97D710F9129C 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2015-03-12 17:35:51 B21F322A78BD865BEC55286DCAA24657 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2015-03-12 17:35:51 33155036650823F2C6C608FD0F9B9AC9 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-03-12 17:35:50 E5315746C4E4851BCB256F15C16D5F91 1803264 ----a-w- C:\Windows\System32\iertutil.dll 2015-03-12 17:35:50 39D90322A16E5417BF7B12F03BB9BD8F 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-03-12 17:35:50 1FFF4BAE92A623FEC04CF450D6BF0DF7 231936 ----a-w- C:\Windows\System32\url.dll 2015-03-12 17:35:50 1AA9636013318C07C97B5FCE6E54211E 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-03-12 17:35:50 01A53348FDC2BFA3075CB6B6E054415C 717824 ----a-w- C:\Windows\System32\jscript.dll 2015-03-12 17:35:49 32B8D8E88379691236C00A752138809F 9747968 ----a-w- C:\Windows\System32\ieframe.dll 2015-03-12 17:35:48 0E7D03201E0FBA5313D7FEACB49CE178 367104 ----a-w- C:\Windows\System32\html.iec 2015-03-12 17:35:47 6293D025E82071B9424877E30B6AC1C8 1129472 ----a-w- C:\Windows\System32\wininet.dll 2015-03-12 17:35:47 4C206711ACACE1505C0291EDD493E623 1810944 ----a-w- C:\Windows\System32\jscript9.dll 2015-03-12 17:35:44 6758029EB521092E2B606A373F77DBE0 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2015-03-12 17:35:43 969C5266346FA804ADF9106672622D1D 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2015-03-12 17:35:43 850C6A2F616874923D7E77680F9A87CE 176640 ----a-w- C:\Windows\System32\ieui.dll 2015-03-12 17:35:41 E118F7CFD80C1346BDC37B64E1270DD6 12375040 ----a-w- C:\Windows\System32\mshtml.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-22 17:40:11 -------- d-----w- C:\Program Files\Common Files\Java 2015-03-21 19:40:44 -------- d-----w- C:\Program Files\trend micro 2015-03-12 22:39:35 -------- d-----w- C:\Program Files\DIFX 2015-03-06 19:32:16 -------- d-----w- C:\Program Files\NewSoft ======= C: ===== ====== C:\Users\frans.PC_van_hannah\AppData\Roaming ====== 2015-03-12 22:37:56 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Roaming\Garmin 2015-03-07 11:19:44 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Roaming\CyberLink 2015-03-06 19:52:44 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Local\NewSoft ====== C:\Users\frans.PC_van_hannah ====== 2015-03-22 17:37:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-22 17:33:58 -------- d-----w- C:\ProgramData\Oracle 2015-03-22 16:48:59 45A11C9C96AB08DDEA7172C53452E447 561064 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\jxpiinstall.exe 2015-03-21 19:38:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\frans.PC_van_hannah\Desktop\RSIT.exe 2015-03-12 22:28:48 A0D35EC0B1954DC90EA0B5DD52587DA9 37745864 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\GarminExpress.exe 2015-03-06 19:52:43 -------- d-----w- C:\Users\Public\Documents\NewSoft ====== C: exe-files == 2015-03-23 10:25:08 B0B40B39E21B6D14C1F488E568563024 22992 ----a-w- C:\Program Files\AVG\AVG2015\avgrdtestx.exe 2015-03-23 10:25:08 7671B203F17F02FCC96469B17638BDB2 70096 ----a-w- C:\Program Files\AVG\AVG2015\avguirux.exe 2015-03-23 10:25:08 5332FD96FAE3A8059D4BF3E76005FEF6 6325016 ----a-w- C:\Program Files\AVG\AVG2015\avgmfapx.exe 2015-03-22 17:37:50 A07427A93E1133A7F0F4691CC54B9294 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-03-22 17:37:50 94017ABBDE345580542D8301793EFF7A 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-03-22 17:37:50 30E9397C2F0C8FF128219D6A25E172BB 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-03-22 17:37:01 F95C5163F6D8955BEF59A896C7F7112D 159656 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\unpack200.exe 2015-03-22 17:37:01 A29B7A1BAD1A1EB608ACF7684F1F1E37 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\tnameserv.exe 2015-03-22 17:37:01 7833052815087E5BF9346AC78FDCED68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\ssvagent.exe 2015-03-22 17:37:00 DFB1F31DD4A08FA5892886DC7117064A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\rmid.exe 2015-03-22 17:37:00 AF28DAA2B4EB3AD87203202264A2491C 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\klist.exe 2015-03-22 17:37:00 946FD6292EAE3FBB93CC3BB01BA8763D 76712 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jp2launcher.exe 2015-03-22 17:37:00 751E8649890CC42727D80F8D6DE1F1CB 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\servertool.exe 2015-03-22 17:37:00 7162180C98D1BE5D1315FC05B3C91E9D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\pack200.exe 2015-03-22 17:37:00 689916BDF4F58C7F7AD25F8B3ABB783A 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\rmiregistry.exe 2015-03-22 17:37:00 3DB4CD42B36FD2C98E9B51E3CBC1670E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jjs.exe 2015-03-22 17:37:00 32700B34EE49959FAF64EC46D96B3630 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\ktab.exe 2015-03-22 17:37:00 1FA2D0F07730F502A857BFC63DA6C193 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\kinit.exe 2015-03-22 17:37:00 0A9C7408BADBA5D2C841817C22ACBF07 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\policytool.exe 2015-03-22 17:37:00 08363434BEC1B0AE6420C77820BC12E9 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\orbd.exe 2015-03-22 17:37:00 042B789E469D238D5FA9DEC4241CE3FD 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\keytool.exe 2015-03-22 17:36:59 A07427A93E1133A7F0F4691CC54B9294 272296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javaws.exe 2015-03-22 17:36:59 94017ABBDE345580542D8301793EFF7A 191400 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javaw.exe 2015-03-22 17:36:59 79B6403F5BD398BB9880F00FAF7C69DA 68520 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javacpl.exe 2015-03-22 17:36:59 6031BACB59D93E5ECB4ACDE6E12565EA 30632 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jabswitch.exe 2015-03-22 17:36:59 30E9397C2F0C8FF128219D6A25E172BB 190888 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\java.exe 2015-03-22 17:36:59 2794D464D89260B0316C16A9FE24C660 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\java-rmi.exe 2015-03-22 16:48:59 45A11C9C96AB08DDEA7172C53452E447 561064 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\jxpiinstall.exe 2015-03-21 19:40:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\frans.exe 2015-03-21 19:38:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\frans.PC_van_hannah\Desktop\RSIT.exe === C: other files == 2015-03-22 17:37:01 9DCBFF045A2A43212A4763C3461A50B9 14130 ----a-w- C:\Program Files\Java\jre1.8.0_40\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3560068522-3834445045-2274803871-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN43B7C4SX0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-21-3560068522-3834445045-2274803871-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "BuffaloTools"="C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe" "Backup Utility TaskTray Tool"="C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe" "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN43B7C4SX0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="eNetHook.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint2K\\Apoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^frans.PC_van_hannah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] "item"="OpenOffice.org 3.4.1" "path"="C:\\Users\\frans.PC_van_hannah\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk" "backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ArcSoft Connection Service"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" ==== Startup Folders ====================== 2011-04-28 14:26:15 1116 ---ha-w- C:\Users\frans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK 2014-07-23 15:53:30 1787 ----a-w- C:\Users\frans.PC_van_hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk 2013-10-18 20:12:53 1032 ----a-w- C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2014-02-22 17:39:02 1294 ----a-w- C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA44CYKD Product Registration.lnk 2015-01-19 15:29:33 1032 ----a-w- C:\Users\hannah.PC_van_hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2012-07-11 18:46:16 1827 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Tray Utility.lnk 2012-07-11 18:46:16 1815 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:;@C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\ArcSoft Connect Daemon" [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\HP-Online updateprogramma" [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\{D2C1964A-E9C5-4436-A850-5C9A56A30FB2}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Leader Technologies\PowerRegister\Seagate NA44CYKD Product Registration (hannah)" [C:\Users\hannah\AppData\Roaming\Leadertech\PowerRegister\Seagate NA44CYKD Product Registration.exe] "C:\Windows\system32\tasks\Leader Technologies\PowerRegister\Seagate Product Registration (hannah)" [C:\Users\hannah\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\frans\AppData\Roaming\Mozilla\Firefox\Profiles\1zzwftlg.default user_pref("browser.startup.homepage", "http://www.google.nl"); user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Nederlands"); user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Nederlands"); ProfilePath: C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\ppwktaxl.default user_pref("browser.search.defaulturl", "http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885" []