Zoek.exe v5.0.0.1 Updated 20-December-2015 Tool run by Nancy on ma 21/12/2015 at 13:18:28,71. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Nancy\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-07-22-195343.log 1449 bytes C:\zoek-results2015-07-23-062447.log 37472 bytes C:\zoek-results2015-08-12-152338.log 751 bytes C:\zoek-results2015-08-14-150126.log 811 bytes ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\DAEMON Tools Lite deleted successfully C:\PROGRA~2\Soda PDF 7 deleted successfully C:\Users\Nancy\AppData\Roaming\DAEMON Tools Lite deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 32 Bit HP CIO Components Installer Acrobat.com Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 19 ActiveX Adobe Flash Player 19 NPAPI Adobe Refresh Manager Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Avast Free Antivirus Belgium e-ID middleware 4.1.10 (build 1698) Beyond Compare Version 3.3.5 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CleanUp CloneSpy 3.21 - 32 bit Core FTP LE CorelDRAW Essentials 4 - Content CorelDRAW Essentials 4 - Draw CorelDRAW Essentials 4 - Filters CorelDRAW Essentials 4 - ICA CorelDRAW Essentials 4 - IPM - No VBA CorelDRAW Essentials 4 - Lang BR CorelDRAW Essentials 4 - Lang DE CorelDRAW Essentials 4 - Lang EN CorelDRAW Essentials 4 - Lang ES CorelDRAW Essentials 4 - Lang FR CorelDRAW Essentials 4 - Lang IT CorelDRAW Essentials 4 - Lang NL CorelDRAW Essentials 4 - PHOTO-PAINT CorelDRAW Essentials 4 Crystal Reports 11 Crystal Reports 9.0 Definition Update for Microsoft Office 2010 (KB3114412) 32-Bit Edition doPDF 7.3 printer Fiscalc-Fiskobel PB 2011 Fiscalc-Fiskobel PB 2012 Fiscalc-Fiskobel PB 2013 GDR 1617 for SQL Server 2008 R2 (KB2494088) Google Update Helper HD Tune 2.55 Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) HP ENVY 4500 series Basissoftware van het apparaat HP ENVY 4500 series Help HP FWUpdateEDO2 HP Photo Creations HP Update HPDiagnosticAlert Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Java 8 Update 66 Java Auto Updater Junk Mail filter update Launch Manager Malwarebytes Anti-Malware versie 2.2.0.1024 McAfee Security Scan Plus Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Data Access Components (MDAC) 2.8 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Language Pack 2010 - Dutch/Nederlands Microsoft Office O MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office X MUI (Dutch) 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Report Viewer Redistributable 2008 SP1 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Native Client Microsoft SQL Server 2008 R2 Policies Microsoft SQL Server 2008 R2 RsFx Driver Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Browser Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 43.0.1 (x86 en-US) Mozilla Maintenance Service MSDE 2000 & Service Pack 3 MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Pdf995 PdfEdit995 PlayReady PC Runtime x86 Private Internet Access Support Files Productverbeteringsonderzoek voor HP ENVY 4500 series Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Driver REALTEK Wireless LAN Driver and Utility Revo Uninstaller 1.95 Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Service Pack 1 for SQL Server 2008 R2 (KB2528583) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition SQL Anywhere Studio 9, Software SQL Server 2008 R2 SP1 Common Files SQL Server 2008 R2 SP1 Database Engine Services SQL Server 2008 R2 SP1 Database Engine Shared SQL Server 2008 R2 SP1 Management Studio Sql Server Customer Experience Improvement Program Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD TeamViewer 8 TomTom HOME TomTom HOME Visual Studio Merge Modules Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition USB Video/Audio Driver VASCO Card Reader Plug-In (32-Bit) VASCO Smart Card Reader Plug-In (User) VLC media player WinCDEmu Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Writer WinRAR 5.21 (32-bit) WKB IBM Java runtime engine 1.3.0 ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.KLUWER2008R2\MSSQL\Binn\sqlservr.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\TOP\SQL Anywhere 9\Shared\Sybase Central 4.3\win32\scjview.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\Program Files\TeamViewer\Version8\tv_w32.exe C:\Users\Nancy\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] ==== Deleting Files \ Folders ====================== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" not found C:\Program Files\McAfee Security Scan deleted C:\PROGRA~2\ProductData deleted C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted C:\Users\Nancy\Downloads\avast_free_antivirus_setup_online_cnet.exe deleted C:\Users\Nancy\AppData\LocalLow\Unity deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3511 MB CPU Info: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz CPU Speed: 2127.8 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC | Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | TAP-Win32 Adapter V9 CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-S083C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 424.7GB | D: 40.0GB Hard Disks - Free: C: 292.7GB | D: 21.8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/01/10 | MEDION - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION E6214 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} Default Browser: Firefox 43.0.1 Internet Explorer Version: 11.0.9600.17358 Mozilla Firefox version: 43.0.1 (x86 en-US) Adobe Reader version: 15.9.20077.160923 Sun Java version: 1.8.0_66 (32-bit) Flash Player version: 19.0.0.245 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Nancy\AppData\Local\Temp ==== 2015-12-13 17:35:30 163396989C125C877C3495B0BC9C4F76 1082880 ----a-w- C:\Users\Nancy\AppData\Local\Temp\pidgenx.dll 2015-12-13 17:09:33 3825FCA0C6D4BCD6D0C2F7FDCD2F0131 6323 ----a-w- C:\Users\Nancy\AppData\Local\Temp\dt_63D6.tmp.exe 2015-12-13 13:03:16 FD5CABBE52272BD76007B68186EBAF00 455328 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\msvcp120.dll 2015-12-13 13:03:16 D199B1ADFFB14070E8C4DA9E879EDBEE 309760 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\DIFxAPI.dll 2015-12-13 13:03:16 CB24FA0F3BB9A0DBCF6F059AA83A7D63 2573456 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\DeviceManager\DeviceManager.exe 2015-12-13 13:03:16 A22498AF4AF7F2A2455F5F3093A5D94E 525120 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\CoreUtils.dll 2015-12-13 13:03:16 98ABCBD70CDA02B76E1A1E46C16192FA 35176 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\hpodss01.dll 2015-12-13 13:03:16 871E2A5F45A0017AE10EED6F359FABFD 1883792 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\FileExtractor.exe 2015-12-13 13:03:16 7F108D0BE055360CF4C73FDD21E3DB9A 178320 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\zlibwapi.dll 2015-12-13 13:03:16 6CC6F3A54BBB52CB9F69AA5E778BD602 58688 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\OESISCore.dll 2015-12-13 13:03:16 585D2EB9FBED6B7B9D0107BFB5C94043 531512 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\DeviceManager\DIFxAPI.dll 2015-12-13 13:03:16 2B9D51676DAF60095346D917C92F2A91 5306000 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\HPDiagnosticCoreUI.exe 2015-12-13 13:03:16 2AB58BFAFA9A43D943EC7AC0CF7C7F14 287376 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\libcurl.dll 2015-12-13 13:03:16 25AA41A0F7B96795B803F010C0955324 213312 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\FWManager.dll 2015-12-13 13:03:16 149A04A6ED3D6D21B14842046DCFC358 75584 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\Impl_SoftwareProductLib.dll 2015-12-13 13:03:16 0DAD17A2C6FAE0AF2889E597B1BDCC21 2901136 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\HPDiagnosticCore.dll 2015-12-13 13:03:16 0B1070EF49F3740334F2B158F8A99183 58688 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\Impl_FirewallLib.dll 2015-12-13 13:03:16 034CCADC1C073E4216E9466B720F9849 970912 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS536E\msvcr120.dll 2015-12-13 12:11:11 2504A1F4DA3B06B47CF2F81AFB365B79 585824 ----a-w- C:\Users\Nancy\AppData\Local\Temp\jre-8u66-windows-au.exe 2015-12-12 16:33:54 8397BA6B2624DEB61E1E02F19956738B 301576 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS2686\InstallDiagnosticAlert.exe 2015-12-12 16:33:54 01F44CB82172ED933E16E1EC04855C66 591360 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS2686\HPDiagnosticAlert.msi 2015-12-12 16:33:07 F60ADAB3D6F8B1BB5DF30FA4CB8EA3EE 109928 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS25EC\ExecuteProcess.exe 2015-12-12 16:33:07 C04DEF4BB12C0BCA65F1E2F58AF2E8DD 354872 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS25EC\HPeDiag.dll 2015-12-12 16:33:07 5989F0EC30DDB78903C90A3203CB7197 502784 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS25EC\CIOUM64.msi 2015-12-12 16:33:07 56EBCA6D3AC3952D69C8825E68433230 301928 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS25EC\Dot4Scrubber.exe 2015-12-12 16:33:07 1F727D1F27A78BA35C14A5F3244D602F 351232 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS25EC\CIOUM32.msi 2015-12-12 16:25:08 2B9D51676DAF60095346D917C92F2A91 5306000 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\HPDiagnosticCoreUI.exe 2015-12-12 16:25:07 FD5CABBE52272BD76007B68186EBAF00 455328 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\msvcp120.dll 2015-12-12 16:25:07 D199B1ADFFB14070E8C4DA9E879EDBEE 309760 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\DIFxAPI.dll 2015-12-12 16:25:07 CB24FA0F3BB9A0DBCF6F059AA83A7D63 2573456 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\DeviceManager\DeviceManager.exe 2015-12-12 16:25:07 A22498AF4AF7F2A2455F5F3093A5D94E 525120 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\CoreUtils.dll 2015-12-12 16:25:07 98ABCBD70CDA02B76E1A1E46C16192FA 35176 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\hpodss01.dll 2015-12-12 16:25:07 871E2A5F45A0017AE10EED6F359FABFD 1883792 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\FileExtractor.exe 2015-12-12 16:25:07 7F108D0BE055360CF4C73FDD21E3DB9A 178320 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\zlibwapi.dll 2015-12-12 16:25:07 6CC6F3A54BBB52CB9F69AA5E778BD602 58688 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\OESISCore.dll 2015-12-12 16:25:07 585D2EB9FBED6B7B9D0107BFB5C94043 531512 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\DeviceManager\DIFxAPI.dll 2015-12-12 16:25:07 2AB58BFAFA9A43D943EC7AC0CF7C7F14 287376 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\libcurl.dll 2015-12-12 16:25:07 25AA41A0F7B96795B803F010C0955324 213312 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\FWManager.dll 2015-12-12 16:25:07 149A04A6ED3D6D21B14842046DCFC358 75584 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\Impl_SoftwareProductLib.dll 2015-12-12 16:25:07 0DAD17A2C6FAE0AF2889E597B1BDCC21 2901136 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\HPDiagnosticCore.dll 2015-12-12 16:25:07 0B1070EF49F3740334F2B158F8A99183 58688 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\Impl_FirewallLib.dll 2015-12-12 16:25:07 034CCADC1C073E4216E9466B720F9849 970912 ----a-w- C:\Users\Nancy\AppData\Local\Temp\7zS1FC6\msvcr120.dll 2015-12-12 14:49:31 B0EEA21A20D1A39662B1E28BC9B48684 67072 ----a-w- C:\Users\Nancy\AppData\Local\Temp\SDIAG_03b5cdd4-0ef4-4a96-8e57-c843c2a8b406\DiagPackage.dll 2015-12-12 14:49:31 2433E09C08C21455000F7E36D7653759 489472 ----a-w- C:\Users\Nancy\AppData\Local\Temp\SDIAG_ad0fe9bc-29a2-4c2e-8e5e-b0bf90aa25d5\DiagPackage.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-12-13 12:36:17 31C9C2A6EAE88ECBEFFCB2AAECA4D250 597512 ---ha-w- C:\Windows\System32\HPDiscoPMC511.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2015-12-13 17:38:32 03942C779266E4E6A07BC3574EB86977 3486 ----a-w- C:\Windows\system32\Tasks\AutoKMS 2015-12-13 17:30:19 -------- d-----w- C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform 2015-12-12 16:18:03 F493AB8050BC37258B26C8D8F3DA4E72 3608 ----a-w- C:\Windows\system32\Tasks\HPCustParticipation HP ENVY 4500 series ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-13 17:25:26 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2015-12-13 17:23:44 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2015-12-13 17:22:44 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2015-12-13 17:22:06 -------- d-----w- C:\Program Files\Microsoft Office 2015-12-13 12:13:36 -------- d-----w- C:\Program Files\Common Files\Java 2015-12-12 16:18:26 -------- d-----w- C:\Program Files\HP Photo Creations 2015-12-12 12:47:02 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2015-12-12 12:18:18 -------- d-----w- C:\Program Files\BeID Minidriver 2015-12-12 12:18:15 -------- d-----w- C:\Program Files\Belgium Identity Card 2015-12-03 17:28:32 -------- d-----w- C:\Program Files\Common Files\AV ======= C: ===== ====== C:\Users\Nancy\AppData\Roaming ====== 2015-12-13 12:13:14 -------- d-----w- C:\Users\Nancy\AppData\Roaming\Sun 2015-12-13 12:11:32 -------- d-----w- C:\Users\Nancy\AppData\Locallow\Oracle 2015-12-12 16:18:05 -------- d-----w- C:\Users\Nancy\AppData\Roaming\HpUpdate ====== C:\Users\Nancy ====== 2015-12-20 14:59:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Nancy\Downloads\RSIT(1).exe 2015-12-14 18:07:29 6958563202CC03FD001711AAE73A8133 34 ----a-w- C:\Users\Nancy\.isqlHistory9 2015-12-13 18:10:05 1D749FC1137C46737F14EDD47219FDA3 1740288 ----a-w- C:\Users\Nancy\Downloads\adwcleaner_5.025.exe 2015-12-13 17:26:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-12-13 13:40:54 C83944D3394F892C26717DE725880D5E 6801752 ----a-w- C:\Users\Nancy\Downloads\ccsetup512.exe 2015-12-13 12:48:48 -------- d-----w- C:\Windows\system32\config\systemprofile\.oracle_jre_usage 2015-12-13 12:13:13 -------- d-----w- C:\Users\Nancy\.oracle_jre_usage 2015-12-13 07:52:03 011DB89C3FD275BD3C7770CBC50C999E 27758160 ----a-w- C:\Users\Nancy\Downloads\Setup_wa_2013_20150518.exe 2015-12-13 07:51:20 B422BA9890523089A0D713787F099B15 49815560 ----a-w- C:\Users\Nancy\Downloads\Setup_PB_2013_20150330.exe 2015-12-13 07:50:42 4CEE564D6543B86E8484C88E4A7B6D0F 30127360 ----a-w- C:\Users\Nancy\Downloads\Setup_wa_2014_20150518.exe 2015-12-13 07:49:42 DF37103CF4204C3B605AA57C3A643A63 44256312 ----a-w- C:\Users\Nancy\Downloads\Setup_fi_vb_2014_20150908.exe 2015-12-13 07:48:58 4273360D702A2474700EC02BE78E95A1 44264480 ----a-w- C:\Users\Nancy\Downloads\Setup_PB_2014_20150330.exe 2015-12-13 07:42:35 7A4E6B6741E322148737BD2BC0FA08D5 24599160 ----a-w- C:\Users\Nancy\Downloads\setup_ll_2015_20150701.exe 2015-12-13 07:42:00 D3A68AB7CFFB2F19FB12DFF2CB7464B7 30178960 ----a-w- C:\Users\Nancy\Downloads\Setup_FBL_2015_20150903.exe 2015-12-13 07:41:22 3B1131C71F75552961EA3537F1C5FA11 45739496 ----a-w- C:\Users\Nancy\Downloads\Setup_fi_vb_2015_20151207.exe 2015-12-13 07:40:37 FD63ABDA2AE3D41FD0BD179B347F12D6 36612800 ----a-w- C:\Users\Nancy\Downloads\Setup_PB_2015_20151130.exe 2015-12-13 07:40:02 CC01DE2DDA38280890E1A225E1B977C3 26946192 ----a-w- C:\Users\Nancy\Downloads\setup_ll_2016_20151028.exe 2015-12-13 07:39:27 FB7BF7043A48623BE0D8E11DA2D027DE 45100144 ----a-w- C:\Users\Nancy\Downloads\Setup_fi_vb_2016_20151208.exe 2015-12-13 07:38:50 C148157E94C87765324ED301784ABECC 24279120 ----a-w- C:\Users\Nancy\Downloads\Setup_PB_2016_20151028.exe 2015-12-13 07:38:13 F27662AFF14CE52C33869C52DA4F663F 34858600 ----a-w- C:\Users\Nancy\Downloads\Setup_wkz_2016_20151028.exe 2015-12-13 07:37:27 D8EDD61486D868B950F541234F6C74CE 34858608 ----a-w- C:\Users\Nancy\Downloads\Setup_wkz_2017_20151028.exe 2015-12-13 07:34:43 231A5BC51CAE167B60BD2095E80A2F3F 166759544 ----a-w- C:\Users\Nancy\Downloads\Setup_EPP_20150921_03.exe 2015-12-13 07:33:36 2599F6E66C66DB1069304B2A579DACA0 72650592 ----a-w- C:\Users\Nancy\Downloads\Setup_CDBPlus_20151202.exe 2015-12-13 07:32:48 823A59AD00A25F49A8611F46F74D0E79 56981176 ----a-w- C:\Users\Nancy\Downloads\SetupWS2015.exe 2015-12-13 07:32:05 33B46388287B32908CE3B7EC94CE1891 15347152 ----a-w- C:\Users\Nancy\Downloads\SetupUBL_20150806.exe 2015-12-13 07:31:12 47F3F0D359D7D657518D67AB0BD9F4CB 59565760 ----a-w- C:\Users\Nancy\Downloads\Setup_venb_2015_20151207.exe 2015-12-13 07:30:08 94D56B13C3311AE204EC44E47E5D5B83 58857176 ----a-w- C:\Users\Nancy\Downloads\Setup_venb_2016_20151208.exe 2015-12-13 07:29:14 E828CB5DE34D72E20F40A5944CF547C6 70466264 ----a-w- C:\Users\Nancy\Downloads\Setup_FIP_20151210.exe 2015-12-13 07:27:26 122372CCEF98E8A2BBD966930ECE176C 106330416 ----a-w- C:\Users\Nancy\Downloads\Setup_Ap_jr_20151211.exe 2015-12-12 16:18:26 -------- d-----w- C:\ProgramData\HP Photo Creations 2015-12-12 11:56:06 318CA81021CFE2C45E6D5383299292F7 26235096 ----a-w- C:\Users\Nancy\Downloads\Belgium_eID-QuickInstaller_4.1.10.1698(1).exe 2015-12-07 21:38:55 318CA81021CFE2C45E6D5383299292F7 26235096 ----a-w- C:\Users\Nancy\Downloads\Belgium_eID-QuickInstaller_4.1.10.1698.exe ====== C: exe-files == 2015-12-20 14:59:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Nancy\Downloads\RSIT(1).exe 2015-12-20 09:12:49 DDE6203BCCF143691236865B784AF60D 11564792 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-servicing-x86-30Sep13.exe 2015-12-20 09:12:49 D5EDEE557092775548463960848861D8 583920 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-IE9RTM-Servicing-X86-20Aug13.EXE 2015-12-20 09:12:49 B5C7B86E8DE3EB861A3ED9CD9CF43EBE 3429624 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-DotNet-Servicing-x86-17Feb14.exe 2015-12-20 09:12:49 B3C4BCA47813F45B5F43841885E04BB9 7957760 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-Servicing-X86-1Apr13.EXE 2015-12-20 09:12:49 ADA7CA17F5781445A459624CB117EB64 3989232 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-IE9GDR-Servicing-X86-20Aug13.EXE 2015-12-20 09:12:49 A243DE51EC59905C0EB98F9197512899 2061040 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-servicing-x86-26Mar14.exe 2015-12-20 09:12:49 821D139CAB6CBFDEA9B64473A57804E5 8021752 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-servicing-x86-19Dec13.exe 2015-12-20 09:12:49 26A2D94A6261DF852D33F3626F92BD8C 34346240 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-IE-Servicing-x86-7Mar14.exe 2015-12-20 09:12:49 1DECE4C7CADDFA8A49622A17380EFB15 8902904 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\windows6.1-servicing-x86-7jul-13.exe 2015-12-20 09:12:49 0FE48C3BAE363F827AA111DE7C1FD288 8113912 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-servicing-x86-5Sep14.exe 2015-12-20 09:12:48 FAB4C6B801BF036843ACBBDF84FC9553 19292920 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-7601-X86-Cab2.EXE 2015-12-20 09:12:48 F7C96F14E05CE6E7C81D2423A8D38029 4002040 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-RTM-Client-CAB1-X86.EXE 2015-12-20 09:12:48 F34BC12206B90B7271D38167AAD1E8B0 10289912 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-RTM-Client-CAB2-x86.EXE 2015-12-20 09:12:48 C55F8943B6EFEE0A8D0B942B8ECB531B 55337200 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-Servicing-X86.EXE 2015-12-20 09:12:48 A54382E9C1238113DF4E4F454C048603 899824 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-RTM-Client-ENUS-X86.EXE 2015-12-20 09:12:48 7D5A8A2F23475E4573F1B37903498A82 189688 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-SSCab-X86.EXE 2015-12-20 09:12:48 769089DC8DF6807A495E7140812B915E 18266864 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-7601-X86-Cab3.EXE 2015-12-20 09:12:48 72AD088C73E0ED2B25127875A2DDDE4F 382720 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\CheckSURPackage.EXE 2015-12-20 09:12:48 5D8B39FC3F50FD071C169C6CFA59D18E 8036088 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-RTM-Client-CAB3-x86.EXE 2015-12-20 09:12:48 57365E6A1E7CD8275CB3D596083A9376 5949688 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-7601-X86-NeutralCab.EXE 2015-12-20 09:12:48 5571B66EC52184DC54E71E7313B65FC5 1980664 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-7601-X86-Cab4.EXE 2015-12-20 09:12:48 3E22957DF8CAFA43F5044C4680F87E0D 5225208 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-RTM-Client-NEUTRAL-X86.EXE 2015-12-20 09:12:48 0DA5F06BBF11792564A2518A8D05C603 20560640 ----a-w- C:\c5d9e1cda0e623ceb9318d677ee2\Windows6.1-7601-X86-Cab1.EXE 2015-12-19 13:04:52 A6D875354ACF6C4EAE91B528CB47164A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1911627587-2711903257-3630052222-1000\$IO9N9BD.exe === C: other files == 2015-12-20 09:02:32 5B34048D0C873D419B68FCEFB960A541 29233505 ----a-w- C:\Users\Nancy\AppData\Local\ElevatedDiagnostics\2560293460\2015122009.000\DataStoreAndWULogFiles.zip 2015-12-20 08:56:59 70922A887095D53BE16701FE85B50FDE 29232643 ----a-w- C:\Users\Nancy\AppData\Local\ElevatedDiagnostics\2560293460\2015122008.000\DataStoreAndWULogFiles.zip 2015-12-14 21:24:12 56C66F994234F87C089322C7692E8F46 404 ----a-w- C:\Users\Nancy\AppData\Local\Temp\RelaunchUpdatedCF.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1911627587-2711903257-3630052222-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SybaseCentral43"="C:\Top\SQL Anywhere 9\Shared\Sybase Central 4.3\win32\scjview.exe -preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SybaseCentral43"="C:\Top\SQL Anywhere 9\Shared\Sybase Central 4.3\win32\scjview.exe -preload" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM Startup" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSScheduler" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LMgrVolOSD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LMgrVolOSD" "hkey"="HKLM" "command"="\"C:\\Program Files\\Launch Manager\\OSD.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Nancy\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wbutton] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wbutton" "hkey"="HKLM" "command"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\MCAFEE~1\\311~1.226\\SSSCHE~1.EXE" "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nancy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - .lnk] "item"="Inktwaarschuwingen controleren - " "path"="C:\\Users\\Nancy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - .lnk" "backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - .lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Windows\\system32\\RunDll32.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nancy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP ENVY 4500 series.lnk] "item"="Inktwaarschuwingen controleren - HP ENVY 4500 series" "path"="C:\\Users\\Nancy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - HP ENVY 4500 series.lnk" "backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP ENVY 4500 series.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Windows\\system32\\RunDll32.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService7] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "DBISQL9"="\"C:\\Top\\SQL Anywhere 9\\SQL Anywhere 9\\win32\\dbisqlg.exe\" -preload" "swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" "TomTomHOME.exe"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "AdobeAAMUpdater-1.0"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" "RtHDVBg"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVBg.exe /FORPCEE3 " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/12/2015 15:26] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe online update program" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (Nancy)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\HP online update program" [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\system32\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{02F280C5-87C4-4FB8-844E-333F69C0C052}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\49ptrqxq.default-1437292842120 user_pref("browser.startup.homepage", "https://www.google.be/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\49ptrqxq.default-1437292842120 - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi ProfilePath: C:\Users\Nancy\AppData\Roaming\TomTom\HOME\Profiles\5xpqt7rn.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\49ptrqxq.default-1437292842120 E7AC2BFD4928D251DAF1E51176C9EDD0 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery C45A130CA14334073C0FF795897A1D22 - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll - Silverlight Plug-In D6015DB8EA402753421FF62CA3909B62 - C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U66 776C6B8D53C56500BC355D513F11A105 - C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.660.18 F114FBA6246530B89DD1E04351E0EAC5 - C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\Nancy\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin B24F014C6DDA5A39CE7FCB2A8B862C5A - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[08/08/2015 08:44] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/08/2015 08:44] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - https://www.google.com/search?q={searchTerms} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [SybaseCentral43] "C:\Top\SQL Anywhere 9\Shared\Sybase Central 4.3\win32\scjview.exe" -preload O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.devoorzorg.be O15 - Trusted Zone: *.minfin.fgov.be O15 - Trusted Zone: http://*.fgov.be O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/diagnosis/static/resources/capicom.cab O18 - Protocol: linkscanner - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe ==== Empty IE Cache ====================== C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Nancy\AppData\Local\Mozilla\Firefox\Profiles\49ptrqxq.default-1437292842120\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=702 folders=266 1092780998 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Nancy\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Nancy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Nancy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FCLNUR34\static1.syndication.vmma.be" not found ==== EOF on ma 21/12/2015 at 13:57:23,65 ======================