Zoek.exe v5.0.0.0 Updated 25-March-2015 Tool run by frans on do 26-03-2015 at 10:40:57,39. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\frans.PC_van_hannah\Desktop\zoek(3).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-03-22-200643.log 36670 bytes C:\zoek-results2015-03-23-122017.log 28407 bytes C:\zoek-results2015-03-24-104840.log 2888 bytes C:\zoek-results2015-03-24-133722.log 6815 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2015\avgwdsvc.exe C:\Program Files\BUFFALO\Backup_Utility\BUService.exe C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\conime.exe C:\Users\frans.PC_van_hannah\Desktop\zoek(3).exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2038 MB CPU Info: Intel(R) Celeron(R) CPU 530 @ 1.73GHz CPU Speed: 767,4 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 965 Express Chipset Family | Mobile Intel(R) 965 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Broadcom NetLink (TM) Fast Ethernet | Atheros AR5007EG Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ-850S Ports: COM3 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 51,1GB | D: 50,9GB Hard Disks - Free: C: 2,3GB | D: 13,1GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 09/14/07 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer Acadia Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Default Browser: Firefox 36.0.4 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 36.0.4 (x86 nl) Adobe Reader version: 10.1.13.16 Sun Java version: 1.8.0_40 (32-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\FRANS~1.PC_\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-03-13 12:13:11 AC841E83E5B0914C700D236AC2E84BB0 369664 ----a-w- C:\Windows\System32\WMPhoto.dll 2015-03-13 12:12:00 217B3071BA854D5D704EE24CFF7E5F9C 975360 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2015-03-13 12:11:16 9F0BF29BB9D6E77C6F909412FB052F1D 2064384 ----a-w- C:\Windows\System32\win32k.sys 2015-03-13 11:46:35 ED1E4D1CA97596E0871C1F59AC4DE8F0 34304 ----a-w- C:\Windows\System32\atmlib.dll 2015-03-13 11:46:35 AB272D0B2EF1C79E43E7744D098352B2 296960 ----a-w- C:\Windows\System32\atmfd.dll 2015-03-13 11:44:32 D9DD1D278927A9CD5FF135887928C8EC 49152 ----a-w- C:\Windows\System32\csrsrv.dll 2015-03-13 11:44:32 B5C66E0B251D954D6CED30E4FDB07792 64000 ----a-w- C:\Windows\System32\smss.exe 2015-03-13 11:44:31 D4A5343933339DDD59D648D94913A059 3604408 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-03-13 11:44:28 77B20066811D808B32CA778CA5BA3C46 3552184 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-03-13 11:40:50 259F6A6294AF75E74F93F480E05F264A 807936 ----a-w- C:\Windows\System32\msctf.dll 2015-03-13 11:36:23 2D357C80ABB17CFACB7B552BC9CC8548 279040 ----a-w- C:\Windows\System32\schannel.dll 2015-03-13 11:31:28 BAC7D3632B09A5DF7D2BD067933E49E0 2264064 ----a-w- C:\Windows\System32\msi.dll 2015-03-13 11:26:55 2BF660554AD726BD43869E2A452B547F 11587584 ----a-w- C:\Windows\System32\shell32.dll 2015-03-12 17:35:53 6C25D51EAAF0D4198230645E47C7991C 421376 ----a-w- C:\Windows\System32\vbscript.dll 2015-03-12 17:35:53 58C6BC3102CB0E8E90C90C1637BACB50 1139200 ----a-w- C:\Windows\System32\urlmon.dll 2015-03-12 17:35:53 36A4E86EFE3FBF965062F6D187895758 11776 ----a-w- C:\Windows\System32\mshta.exe 2015-03-12 17:35:53 0486EB0A27DACB23CB69F3DBA2B8C2E7 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2015-03-12 17:35:52 E3B153191510A97D65A60C4C05CFEF50 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2015-03-12 17:35:52 C9E5A3FF121596B51A9F72870CFB1D39 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2015-03-12 17:35:51 F335C46A9450BE16CF0F97D710F9129C 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2015-03-12 17:35:51 B21F322A78BD865BEC55286DCAA24657 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2015-03-12 17:35:51 33155036650823F2C6C608FD0F9B9AC9 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-03-12 17:35:50 E5315746C4E4851BCB256F15C16D5F91 1803264 ----a-w- C:\Windows\System32\iertutil.dll 2015-03-12 17:35:50 39D90322A16E5417BF7B12F03BB9BD8F 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-03-12 17:35:50 1FFF4BAE92A623FEC04CF450D6BF0DF7 231936 ----a-w- C:\Windows\System32\url.dll 2015-03-12 17:35:50 1AA9636013318C07C97B5FCE6E54211E 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-03-12 17:35:50 01A53348FDC2BFA3075CB6B6E054415C 717824 ----a-w- C:\Windows\System32\jscript.dll 2015-03-12 17:35:49 32B8D8E88379691236C00A752138809F 9747968 ----a-w- C:\Windows\System32\ieframe.dll 2015-03-12 17:35:48 0E7D03201E0FBA5313D7FEACB49CE178 367104 ----a-w- C:\Windows\System32\html.iec 2015-03-12 17:35:47 6293D025E82071B9424877E30B6AC1C8 1129472 ----a-w- C:\Windows\System32\wininet.dll 2015-03-12 17:35:47 4C206711ACACE1505C0291EDD493E623 1810944 ----a-w- C:\Windows\System32\jscript9.dll 2015-03-12 17:35:44 6758029EB521092E2B606A373F77DBE0 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2015-03-12 17:35:43 969C5266346FA804ADF9106672622D1D 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2015-03-12 17:35:43 850C6A2F616874923D7E77680F9A87CE 176640 ----a-w- C:\Windows\System32\ieui.dll 2015-03-12 17:35:41 E118F7CFD80C1346BDC37B64E1270DD6 12375040 ----a-w- C:\Windows\System32\mshtml.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-22 17:40:11 -------- d-----w- C:\Program Files\Common Files\Java 2015-03-21 19:40:44 -------- d-----w- C:\Program Files\trend micro 2015-03-12 22:39:35 -------- d-----w- C:\Program Files\DIFX 2015-03-06 19:32:16 -------- d-----w- C:\Program Files\NewSoft ======= C: ===== ====== C:\Users\frans.PC_van_hannah\AppData\Roaming ====== 2015-03-12 22:37:56 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Roaming\Garmin 2015-03-07 11:19:44 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Roaming\CyberLink 2015-03-06 19:52:44 -------- d-----w- C:\Users\frans.PC_van_hannah\AppData\Local\NewSoft ====== C:\Users\frans.PC_van_hannah ====== 2015-03-25 08:56:05 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\adwcleaner_4.113.exe 2015-03-22 17:37:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-22 17:33:58 -------- d-----w- C:\ProgramData\Oracle 2015-03-22 16:48:59 45A11C9C96AB08DDEA7172C53452E447 561064 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\jxpiinstall.exe 2015-03-21 19:38:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\frans.PC_van_hannah\Desktop\RSIT.exe 2015-03-12 22:28:48 A0D35EC0B1954DC90EA0B5DD52587DA9 37745864 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\GarminExpress.exe 2015-03-06 19:52:43 -------- d-----w- C:\Users\Public\Documents\NewSoft ====== C: exe-files == 2015-03-25 08:56:05 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\adwcleaner_4.113.exe 2015-03-23 10:25:08 B0B40B39E21B6D14C1F488E568563024 22992 ----a-w- C:\Program Files\AVG\AVG2015\avgrdtestx.exe 2015-03-23 10:25:08 7671B203F17F02FCC96469B17638BDB2 70096 ----a-w- C:\Program Files\AVG\AVG2015\avguirux.exe 2015-03-23 10:25:08 5332FD96FAE3A8059D4BF3E76005FEF6 6325016 ----a-w- C:\Program Files\AVG\AVG2015\avgmfapx.exe 2015-03-22 17:37:50 A07427A93E1133A7F0F4691CC54B9294 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-03-22 17:37:50 94017ABBDE345580542D8301793EFF7A 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-03-22 17:37:50 30E9397C2F0C8FF128219D6A25E172BB 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-03-22 17:37:01 F95C5163F6D8955BEF59A896C7F7112D 159656 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\unpack200.exe 2015-03-22 17:37:01 A29B7A1BAD1A1EB608ACF7684F1F1E37 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\tnameserv.exe 2015-03-22 17:37:01 7833052815087E5BF9346AC78FDCED68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\ssvagent.exe 2015-03-22 17:37:00 DFB1F31DD4A08FA5892886DC7117064A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\rmid.exe 2015-03-22 17:37:00 AF28DAA2B4EB3AD87203202264A2491C 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\klist.exe 2015-03-22 17:37:00 946FD6292EAE3FBB93CC3BB01BA8763D 76712 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jp2launcher.exe 2015-03-22 17:37:00 751E8649890CC42727D80F8D6DE1F1CB 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\servertool.exe 2015-03-22 17:37:00 7162180C98D1BE5D1315FC05B3C91E9D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\pack200.exe 2015-03-22 17:37:00 689916BDF4F58C7F7AD25F8B3ABB783A 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\rmiregistry.exe 2015-03-22 17:37:00 3DB4CD42B36FD2C98E9B51E3CBC1670E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jjs.exe 2015-03-22 17:37:00 32700B34EE49959FAF64EC46D96B3630 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\ktab.exe 2015-03-22 17:37:00 1FA2D0F07730F502A857BFC63DA6C193 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\kinit.exe 2015-03-22 17:37:00 0A9C7408BADBA5D2C841817C22ACBF07 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\policytool.exe 2015-03-22 17:37:00 08363434BEC1B0AE6420C77820BC12E9 16296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\orbd.exe 2015-03-22 17:37:00 042B789E469D238D5FA9DEC4241CE3FD 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\keytool.exe 2015-03-22 17:36:59 A07427A93E1133A7F0F4691CC54B9294 272296 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javaws.exe 2015-03-22 17:36:59 94017ABBDE345580542D8301793EFF7A 191400 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javaw.exe 2015-03-22 17:36:59 79B6403F5BD398BB9880F00FAF7C69DA 68520 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\javacpl.exe 2015-03-22 17:36:59 6031BACB59D93E5ECB4ACDE6E12565EA 30632 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\jabswitch.exe 2015-03-22 17:36:59 30E9397C2F0C8FF128219D6A25E172BB 190888 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\java.exe 2015-03-22 17:36:59 2794D464D89260B0316C16A9FE24C660 15784 ----a-w- C:\Program Files\Java\jre1.8.0_40\bin\java-rmi.exe 2015-03-22 16:48:59 45A11C9C96AB08DDEA7172C53452E447 561064 ----a-w- C:\Users\frans.PC_van_hannah\Downloads\jxpiinstall.exe 2015-03-21 19:40:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\frans.exe 2015-03-21 19:38:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\frans.PC_van_hannah\Desktop\RSIT.exe === C: other files == 2015-03-22 17:37:01 9DCBFF045A2A43212A4763C3461A50B9 14130 ----a-w- C:\Program Files\Java\jre1.8.0_40\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3560068522-3834445045-2274803871-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN43B7C4SX0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-21-3560068522-3834445045-2274803871-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "BuffaloTools"="C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe" "Backup Utility TaskTray Tool"="C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe" "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN43B7C4SX0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="eNetHook.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint2K\\Apoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^frans.PC_van_hannah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] "item"="OpenOffice.org 3.4.1" "path"="C:\\Users\\frans.PC_van_hannah\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk" "backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ArcSoft Connection Service"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" ==== Startup Folders ====================== 2011-04-28 14:26:15 1116 ---ha-w- C:\Users\frans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK 2014-07-23 15:53:30 1787 ----a-w- C:\Users\frans.PC_van_hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk 2013-10-18 20:12:53 1032 ----a-w- C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2014-02-22 17:39:02 1294 ----a-w- C:\Users\hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA44CYKD Product Registration.lnk 2015-01-19 15:29:33 1032 ----a-w- C:\Users\hannah.PC_van_hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2012-07-11 18:46:16 1827 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Tray Utility.lnk 2012-07-11 18:46:16 1815 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\ArcSoft Connect Daemon" [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\HP-Online updateprogramma" [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\{D2C1964A-E9C5-4436-A850-5C9A56A30FB2}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Leader Technologies\PowerRegister\Seagate NA44CYKD Product Registration (hannah)" [C:\Users\hannah\AppData\Roaming\Leadertech\PowerRegister\Seagate NA44CYKD Product Registration.exe] "C:\Windows\system32\tasks\Leader Technologies\PowerRegister\Seagate Product Registration (hannah)" [C:\Users\hannah\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\frans\AppData\Roaming\Mozilla\Firefox\Profiles\1zzwftlg.default user_pref("browser.startup.homepage", "http://www.google.nl"); user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Nederlands"); user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Nederlands"); ProfilePath: C:\Users\hannah\AppData\Roaming\Mozilla\Firefox\Profiles\ppwktaxl.default user_pref("browser.search.defaulturl", "http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [30-06-2009 00:00]