Zoek.exe v5.0.0.0 Updated 26-February-2015 Tool run by Michel on za 28-02-2015 at 13:06:10,17. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Michel\Downloads\zoek.exe [Scan all users] [Checkboxes used] ==== System Restore Info ====================== 28-2-2015 13:08:00 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\InstallShield Installation Information deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager Akamai NetSession Interface AutoCAD 2015 - English AutoCAD 2015 Language Pack - English Autodesk 360 Autodesk App Manager Autodesk Application Manager Autodesk AutoCAD 2015 - English Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit Autodesk Content Service Autodesk Content Service Language Pack Autodesk Featured Apps Autodesk Material Library 2015 Autodesk Material Library Base Resolution Image Library 2015 Autodesk ReCap CCleaner Cisco Connect Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition Microsoft .NET Framework 4.5.2 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Mozilla Firefox 35.0.1 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 31.5.0 (x86 nl) Nero 12 Kwik Burn Express Essentials Nero Blu-ray Player Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Express Nero Express Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero SharedVideoCodecs Nero Update PCStreams PLDS OEM Content Prerequisite installer Rainlendar2 (remove only) Realtek High Definition Audio Driver Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SketchUp Import SkypeT 7.0 SopCast 3.9.2 Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TomTom HOME TomTom HOME Visual Studio Merge Modules Unibet Poker v1.8.1 Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition VLC media player 2.1.3 Vuze Wunderlist ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Michel\AppData\Local\Akamai\netsession_win.exe C:\Users\Michel\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Michel\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\InstallShield Installation Information not found C:\PROGRA~2\SopCast deleted C:\PROGRA~2\Search Extensions deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8065 MB CPU Info: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz CPU Speed: 3292,4 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-224DB Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 465,7GB | E: 465,7GB Hard Disks - Free: C: 396,7GB | E: 183,6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 01/06/14 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. B85M-G Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 35.0.1 Internet Explorer Version: 11.0.9600.17633 Mozilla Firefox version: 35.0.1 (x86 nl) Adobe Reader version: 11.0.10.32 Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Michel\AppData\Local\Temp ==== 2015-02-27 15:51:09 F492BD06804172F62F2AE56A07BE21DB 3247664 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\vsapi64.dll 2015-02-27 15:51:09 BDE21EC1618633A32EE2ED984B3FEDD8 93008 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\BPMNT.dll 2015-02-27 15:51:09 6F4DDB6409590FC53EB4287465964863 2866224 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\tscdll64.dll 2015-02-27 15:51:00 F82469A1100DA72AB6071C45FA665E96 318464 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\plugin\downloader.plugin.dll 2015-02-27 15:51:00 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\Tmcomm.sys 2015-02-27 15:51:00 DCFC19032C60CCC660D4346295DA42B9 45320 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\utilClientLoader.dll 2015-02-27 15:51:00 A6FF2533FCCCCC22E6FE7CCB4382D5EF 1908736 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\libeay32.dll 2015-02-27 15:51:00 A5E4B3FF51CF5B7926D9651908FEB666 1558912 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\dbghelp.dll 2015-02-27 15:51:00 A4A74365C700E005C49318C20C8D2EBF 1185296 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\tmufeng.dll 2015-02-27 15:51:00 99559F8DE53EAC2C8DBC23595803A69D 46352 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\TMEBC64.sys 2015-02-27 15:51:00 98D7D2F55A73A2F7640323572F68FD09 647728 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\tmfbeng.dll 2015-02-27 15:51:00 86428A172571540ACFA1FEB4945DF2C1 239664 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll 2015-02-27 15:51:00 670DA175BF2CA93A60D243EA24CE8220 788480 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\libcurl.dll 2015-02-27 15:51:00 65FB3391EB26F5AC647FC40501D8E21D 149264 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\symsrv.dll 2015-02-27 15:51:00 381641E1625DD93D2855CFF095004C62 447488 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\ssleay32.dll 2015-02-27 15:51:00 22B8266910C5CA0325CC7E27967A354A 4175408 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\hc_core.dll 2015-02-27 15:51:00 227AAAE2B6E60ADD679F632C3BF51A61 148992 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\libexpatw.dll 2015-02-27 15:51:00 2191B4A8011D73906BC2B8A6D4E8B351 2667536 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\smv64.dll 2015-02-27 15:51:00 0DDC5509168F24D8248E103210890098 420400 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\TmEngDrv.dll 2015-02-27 15:51:00 0C33A49F9125FAD652A72554394C03C3 2253872 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\ICRCHdler.dll 2015-02-27 15:50:54 30EDABAABDE2E80FC59522AA10C17527 4645656 ----a-w- C:\Users\Michel\AppData\Local\Temp\HCBackup\hcpackage64.exe 2015-02-27 09:41:36 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Michel\AppData\Local\Temp\i4jdel0.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-02-25 13:11:01 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-25 13:11:01 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls 2015-02-25 11:54:26 FA12BA529B265805024F199BA0D06136 448 ----a-w- C:\Windows\Sysnative\cc_20150225_125425.reg 2015-02-23 15:32:29 27933426BFC4F3468BBA297DC80022F7 2026 ----a-w- C:\Windows\Sysnative\cc_20150223_163227.reg ====== C:\Windows\Sysnative\drivers ===== 2015-02-27 15:51:00 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys 2015-02-11 08:15:38 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 08:15:37 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 08:15:37 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-28 11:03:40 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-02-25 15:18:01 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird ======= C: ===== ====== C:\Users\Michel\AppData\Roaming ====== 2015-02-27 15:57:36 DC217166672D4A81381C87855FB2ED05 403769 ----a-w- C:\Users\Michel\AppData\Local\census.cache 2015-02-27 15:57:36 A848F9100A702A3F13170C84183F07BE 164383 ----a-w- C:\Users\Michel\AppData\Local\ars.cache 2015-02-27 15:56:46 0A41043257DD605E7BDBA3430E5F2ACB 10 ----a-w- C:\Users\Michel\AppData\Local\sponge.last.runtime.cache 2015-02-27 15:50:54 E84FFC99B48490E93373FC0F1DC9255B 36 ----a-w- C:\Users\Michel\AppData\Local\housecall.guid.cache 2015-02-19 13:24:41 -------- d-----w- C:\Users\Michel\AppData\Roaming\ArcSoft ====== C:\Users\Michel ====== 2015-02-28 11:03:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Michel\Desktop\RSITx64.exe 2015-02-27 15:50:45 9E62D6FBD3014087133D9BD2F601BAAE 2494944 ----a-w- C:\Users\Michel\Downloads\HousecallLauncher64.exe ====== C: exe-files == 2015-02-28 11:07:57 DCEC1D4C00835E0C18D9BBC096084956 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3575218038-46548151-2112694393-1000\$I4OB6G2.exe 2015-02-28 11:07:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$Recycle.Bin\S-1-5-21-3575218038-46548151-2112694393-1000\$R4OB6G2.exe 2015-02-28 11:03:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michel.exe 2015-02-28 11:03:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Michel\Desktop\RSITx64.exe 2015-02-28 08:13:01 BEFFD334BE955FE9A6389E0F2694BF83 2375496 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\CER\senddmp.exe 2015-02-28 08:13:01 8C55DC079572791E2974BE3C5C19E254 6552288 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\vcredist_x86.exe 2015-02-28 08:13:00 DCAB688A519A66E27A438D1DE6386DF8 314760 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\InstProxy.exe 2015-02-28 08:12:59 F9124CB6207C1E34DE0F7C4F150E887C 280456 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgrTaskClean.exe 2015-02-28 08:12:59 EEB818EB20A6BD314113FBAD1CF1F1B9 270216 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgrSvcACLReset.exe 2015-02-28 08:12:59 D58CFE90DF1996746EC44FD4E4F4B8F7 273800 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdSdsCheck.exe 2015-02-28 08:12:59 C81147AB3B711331DA930E56D896650C 597896 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgrSvc.exe 2015-02-28 08:12:59 A1E633080A2C2B976B29965AA696FD17 271240 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgrLauncher.exe 2015-02-28 08:12:59 1C005F9EFA319039CAD54D90732645C4 488328 ----a-w- C:\Users\Michel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe 2015-02-27 15:50:54 30EDABAABDE2E80FC59522AA10C17527 4645656 ----a-w- C:\Users\Michel\AppData\Local\Temp\HCBackup\hcpackage64.exe 2015-02-27 15:50:45 9E62D6FBD3014087133D9BD2F601BAAE 2494944 ----a-w- C:\Users\Michel\Downloads\HousecallLauncher64.exe 2015-02-27 09:41:36 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Michel\AppData\Local\Temp\i4jdel0.exe 2015-02-25 15:18:02 D0B4E3C953DD7F7FF52B52F8E1A08E59 194176 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe 2015-02-25 15:18:02 C703A0230D5FCC97E2A409C08E260BDE 389744 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 2015-02-25 15:18:02 C69E1754C5CAB4FEC75B814A457B0086 22640 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\WSEnable.exe 2015-02-25 15:18:02 AE7DAFFEC2CDF695C95925C4C1F8EC02 119408 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe 2015-02-25 15:18:02 97F4E6D62117B3564BA5DEC70AC3DC29 901232 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe 2015-02-25 15:18:02 5D57A393388C0B8BC4BC6A509087BBF1 280176 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updater.exe 2015-02-25 15:18:02 111212196BAE61AC7F825C15404392DD 18544 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe 2015-02-25 15:18:01 A0A35F46A0E30DBF34E30690BE116168 117360 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe === C: other files == 2015-02-28 08:13:03 95298EE1C01E0539DF2CD81D574E5BDB 16795 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150228-Rainlendar2Backup.zip 2015-02-27 15:52:12 2B436A823F315AC146F7A64D7506A9A9 7785782 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\tmase.zip 2015-02-27 15:51:00 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2015-02-27 15:51:00 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\Tmcomm.sys 2015-02-27 15:51:00 99559F8DE53EAC2C8DBC23595803A69D 46352 ----a-w- C:\Users\Michel\AppData\Local\Temp\HouseCall\TMEBC64.sys 2015-02-27 15:51:00 80B1C5E84AD14BD509035C464A96C0BC 2703 ----a-w- C:\Users\Michel\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip 2015-02-27 09:17:56 4298AB5C5DAADD652967A7CB78C64E7B 16795 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150227-Rainlendar2Backup.zip 2015-02-26 10:17:00 3DAFC758CA25C8AD3DB51734528DE870 16795 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150226-Rainlendar2Backup.zip 2015-02-25 10:10:40 CFD175429F030C4448AB2844109447A5 16795 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150225-Rainlendar2Backup.zip 2015-02-24 08:45:50 B74E8DED9B98852289CE70253209ED03 16796 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150224-Rainlendar2Backup.zip 2015-02-23 09:28:12 CE91A181C363E253C2C3218B98EAE3A8 16796 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150223-Rainlendar2Backup.zip 2015-02-22 08:52:35 42126BF4A48C5A736F384FD846450159 16796 ----a-w- C:\Users\Michel\.rainlendar2\backups\20150222-Rainlendar2Backup.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3575218038-46548151-2112694393-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Akamai NetSession Interface"="C:\Users\Michel\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "Rainlendar2"="C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ADSKAppManager"="C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe -showminimized -checkautorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Akamai NetSession Interface"="C:\Users\Michel\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "Rainlendar2"="C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Folders ====================== 2014-06-14 10:45:35 1296 ----a-w- C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2015 16:03] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\{A2BB11D9-EA37-4593-B4EC-5DD3D32E3BAD}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{E28989EC-E537-4005-B3EA-24DCEC3789F0}" [C:\Users\Michel\Downloads\AutoCAD_2015_English_Win_32_64bit_wi_en-us_Setup.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\j5799jv4.default - British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk ProfilePath: C:\Users\Michel\AppData\Roaming\Thunderbird\Profiles\jyarxraq.default - British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk - XNote - %ProfilePath%\extensions\xnote@froihofer.net.xpi ProfilePath: C:\Users\Michel\AppData\Roaming\TomTom\HOME\Profiles\9p8f1q21.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\j5799jv4.default C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Michel\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Michel\AppData\Local\Mozilla\Firefox\Profiles\j5799jv4.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=120 folders=33 35114132 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Michel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Michel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 28-02-2015 at 13:18:38,51 ======================