Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by nh on vr 16/05/2014 at 17:57:13,36. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\nh\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Fingerprint Sensor\ATService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\winlogon.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Windows\system32\hasplms.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Common Files\EuroPlus Shared\LblServices.exe C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe C:\Windows\system32\o2flash.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\nh\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\nh\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 16/05/2014 18:02:06 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Oracle deleted successfully C:\Users\nh\AppData\Roaming\uTorrent deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-766711486-2914748084-3959621308-1591\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-766711486-2914748084-3959621308-1591\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully ==== Installed Programs ====================== Adobe Flash Player 13 ActiveX Adobe Reader X (10.1.8) - Nederlands Aktiv PRO-Business Software ANT Drivers Installer x64 AuthenTec Fingerprint Software BioAPI Framework CCleaner Common Desktop Agent Custom D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dell Client System Update Dell Data Protection | Access Dell Edoc Viewer Dell Feature Enhancement Pack Dell Touchpad Dell Webcam Central DellAccess Dropbox Elevated Installer EMBASSY Client Core FortiClient SSLVPN v4.0.2300 Garmin Express Garmin Express Tray Gemalto Google Chrome Google Earth Plug-in Google Update Helper Intel PROSet Wireless Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel(R) USB 3.0 eXtensible Host Controller Driver Intel(R) WiDi Intel© PROSet/Wireless WiFi Software Intel© Trusted Connect Service Client Java 7 Update 55 Java Auto Updater Junk Mail filter update Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 32-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NiceLabel 5 Notepad++ NTRU TCG Software Stack Paint.NET v3.5.10 PC-CCID PDFCreator Preboot Manager Private Information Manager Samsung CLP-360 Series Samsung Easy Printer Manager Samsung Printer Live Update Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2863926) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition SPBA 5.9 Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) toolkit32for64bit Trend Micro Worry-Free Business Security Agent Trusted Drive Manager Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition Upek Touchchip Fingerprint Reader Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.0.7 Wave Crypto Runtime 2.0.7.0 x86 Wave Infrastructure Installer Wave Support Software Installer WIDCOMM Bluetooth Software Windows-stuurprogrammapakket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (64-bit) WinZip 17.0 ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8066 MB CPU Info: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz CPU Speed: 2953,9 MHz Sound Card: Luidsprekers / Hoofdtelefoon (I | Communicatie-hoofdtelefoons (ID | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Broadcom NetXtreme 57xx Gigabit Controller | Bluetooth-apparaat (Personal Area Network) #3 | Intel(R) Centrino(R) Advanced-N 6205 | Microsoft Virtual WiFi Miniport Adapter | Microsoft Virtual WiFi Miniport Adapter #2 CD / DVD Drives: 1x (D: | ) D: PLDS DVD-ROM DS-8D9SH Ports: COM Ports NOT Present. LPT1 Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 465,0GB Hard Disks - Free: C: 227,0GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 10/08/12 | DELL - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Dell Inc. 05GRXT Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Trend Micro Security Agent On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Trend Micro Security Agent Anti-spyware disabled (Outdated) Default Browser: Google Chrome 33.0.1750.154 Internet Explorer Version: 11.0.9600.17107 Google Chrome version: 33.0.1750.154 Adobe Reader version: 10.1.8.24 Sun Java version: 1.7.0_55 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-05-13 07:16:19 FA9AE40D5B4DE5C6B4E2072A642A5DBE 1289 ----a-w- C:\Windows\cfgrs.ini 2014-05-13 07:16:19 7025312EC34F8AA9D7588D46844D71BF 144 ----a-w- C:\Windows\cfgrs_ex.ini 2014-05-13 07:13:52 DC4061BC2FA8FBA9EC77D5157799F839 131 ----a-w- C:\Windows\cfgspyms.ini 2014-05-13 07:13:51 5C73CFABF3D5ABB60FB275FCD06AE57A 1269 ----a-w- C:\Windows\cfgms.ini 2014-05-11 14:58:12 604A1FD0BBA798EF7B0454AADF85FB66 714125585 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\nh\AppData\Local\Temp ==== 2014-05-16 15:55:25 62AEB8305A12986E4901CC4860ED0382 41984 ----a-w- C:\Users\nh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcyr9m_.dll ====== Java Cache ===== 2014-05-15 06:37:18 9A98A7B4061423A666FCDEF8FBE306D3 1651 ----a-w- C:\Users\nh\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-41f3c78d ====== C:\Windows\SysWOW64 ===== 2014-05-15 15:37:33 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 15:37:32 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-15 15:37:32 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 20:19:49 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-05-14 20:19:32 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 20:19:32 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-05-14 20:19:32 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 20:19:32 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 20:19:31 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll 2014-05-14 20:19:31 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-05-14 20:19:31 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 20:19:31 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 20:19:31 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 20:19:31 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-05-14 20:19:30 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll 2014-05-14 20:19:30 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-05-14 20:19:30 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 20:19:30 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-05-14 20:19:30 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 20:19:30 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 20:19:30 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 20:19:30 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-15 15:37:33 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-05-15 15:37:33 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-15 15:37:32 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-05-14 20:19:49 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-05-14 20:19:48 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-05-14 20:19:48 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-05-14 20:19:32 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-05-14 20:19:32 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-05-14 20:19:32 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-05-14 20:19:32 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll 2014-05-14 20:19:31 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll 2014-05-14 20:19:31 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-05-14 20:19:31 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll 2014-05-14 20:19:31 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2014-05-14 20:19:31 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-05-14 20:19:31 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll 2014-05-14 20:19:31 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-05-14 20:19:31 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-05-14 20:19:30 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2014-05-14 20:19:30 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll 2014-05-14 20:19:30 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll 2014-05-14 20:19:30 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-05-14 20:19:30 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2014-05-14 20:19:30 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll 2014-05-14 20:19:30 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2014-05-14 20:19:30 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 20:19:31 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 20:19:30 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-15 15:37:28 -------- d-----w- C:\Program Files\Common Files\DESIGNER ======= C:\PROGRA~2 ===== 2014-05-08 20:02:39 -------- d-----w- C:\PROGRA~2\Wifi-fikser 2014-04-30 06:05:15 -------- d-----w- C:\PROGRA~2\Fortinet ======= C: ===== ====== C:\Users\nh\AppData\Roaming ====== 2014-05-12 06:07:00 -------- d-----w- C:\Users\nh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-apparaten 2014-05-11 10:23:25 -------- d-----w- C:\Users\nh\AppData\Local\Dell 2014-05-08 20:02:48 -------- d-----w- C:\Users\nh\AppData\Local\Telenet-Wifi-fikser ====== C:\Users\nh ====== 2014-05-08 20:02:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wifi-fikser 2014-05-08 18:14:57 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches 2014-04-30 06:05:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient 2014-04-29 13:04:43 -------- d-----w- C:\ProgramData\Brother 2014-04-17 13:07:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-05-14 20:19:48 94566D109585C5867B01B761276C2D1F 155136 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-05-14 20:19:48 6FF6FF2DD6B7CDD07049DCA1F7A18319 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-05-14 20:19:32 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 20:19:32 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 20:19:31 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-05-14 20:19:30 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-05-11 07:53:05 A95A497DBBE272FBD39349979D059AA0 30809896 ----a-w- C:\Windows\Temp\tmp34E5.tmp.exe === C: other files == 2014-05-14 20:19:31 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-05-14 20:19:30 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-766711486-2914748084-3959621308-1591\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "OfficeScanNT Monitor"="C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe -HideWindow" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "IntelPROSet"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PROSet/Wireless" "DFEPApplication"="c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe" "TdmNotify"="C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Nero MediaHome 4"="\"C:\\Program Files (x86)\\Nero\\Nero MediaHome 4\\NeroMediaHome.exe\" /AUTORUN" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Folders ====================== 2012-10-03 12:33:23 1073 ----a-w- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk 2013-11-22 09:05:44 1073 ----a-w- C:\Users\admincomitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk 2012-09-26 02:54:16 1073 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk 2012-09-26 02:54:16 1073 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk 2013-03-10 14:25:03 1010 ----a-w- C:\Users\nh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-12-18 13:21:34 1073 ----a-w- C:\Users\nh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk 2012-09-26 02:54:55 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 11:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/10/2012 11:48] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/10/2012 11:48] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{59265945-B9D6-40C0-B72D-A41952577668}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{9F1F699D-E029-434A-936D-4BCE8EA59475}" [C:\Users\nh\Desktop\Nils\AOE3\Age of Empires II HD\AoK HD.exe] "C:\Windows\SysNative\tasks\{A24B0737-4CBD-40CA-BC64-BADC566622D0}" [C:\Users\nh\Desktop\Nils\AOE3\Age of Empires II HD\AoK HD.exe] "C:\Windows\SysNative\tasks\Dell\Client System Update" ["C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files (x86)\Trend Micro\Security Agent\FirefoxExtension" [11/05/2014 15:35] ==== Chrome Look ====================== YouTube - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - nh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - nh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg32.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\nh\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://codidc01/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70752} (ObjWinNTCheck Class) - http://codidc01/officescan/console/ClientInstall/WinNTChk.cab?ver=17,0,0,2360 O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://codidc01/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://codidc01/officescan/console/ClientInstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://codidc01/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} (Encrypt Class) - http://codidc01/SMB/console/html/root/AtxEnc.cab?ver=17,0,0,2360 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = codinet.local O17 - HKLM\System\CCS\Services\Tcpip\..\{60259724-A28B-45BA-8DDF-7E85A0947A52}: NameServer = 208.67.222.222,8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = codinet.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = codinet.local O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg32.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FortiClient SSLVPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Program Files (x86)\Common Files\EuroPlus Shared\LblServices.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Trend Micro Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Common Client Solution Framework (TmCCSF) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe O23 - Service: Trend Micro Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe O23 - Service: Trend Micro Security Agent NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\nh\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\nh\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2467 folders=523 116738435 bytes) ==== Empty Temp Folders ====================== C:\Users\admin\AppData\Local\Temp emptied successfully C:\Users\admincomitor\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\nh\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\nh\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 16/05/2014 at 18:19:15,22 ======================