Knip

Alles weer zoals het zou moeten zijn THNX !

Loopt weer stuk sneller, volgens mij is alles weer wat het zou moeten zijn

# AdwCleaner v3.210 - Report created 22/05/2014 at 09:35:56 # Updated 19/05/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : rokn01 - LT21776 # Running from : C:\Documents and Settings\rokn01\My Documents\Downloads\adwcleaner_3.210.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v34.0.1847.137 [ File : C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3152 octets] - [18/05/2014 15:49:08] AdwCleaner[R1].txt - [1092 octets] - [19/05/2014 15:33:18] AdwCleaner[R2].txt - [1073 octets] - [22/05/2014 09:33:59] AdwCleaner[s0].txt - [3259 octets] - [18/05/2014 15:50:46] AdwCleaner[s1].txt - [1158 octets] - [19/05/2014 15:35:20] AdwCleaner[s2].txt - [996 octets] - [22/05/2014 09:35:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1055 octets] ##########

Zoek.exe v5.0.0.0 Updated 21-05-2014 Tool run by rokn01 on wo 21-05-2014 at 11:35:54,46. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\rokn01\My Documents\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 21-5-2014 11:38:51 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Documents and Settings\rokn01\Local Settings\Application Data\Secunia PSI deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\PokerStars.EU not found C:\Documents and Settings\rokn01\Application Data\GetRightToGo deleted C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\rokn01\LOCALS~1\Temp ==== ====== Java Cache ===== 2014-05-21 09:04:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-49389a76 ====== C:\WINDOWS\system32 ===== 2014-05-21 09:34:34 DAB02E4C509EBAA96C6F3BFABCCF37F9 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl 2014-05-21 09:34:34 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\WINDOWS\System32\javaws.exe 2014-05-21 09:34:24 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll 2014-05-21 09:34:24 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\WINDOWS\System32\java.exe 2014-05-21 09:34:24 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\WINDOWS\System32\javaw.exe 2014-05-18 13:49:58 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\WINDOWS\System32\sqlite3.dll 2014-05-18 11:10:26 5B26FF5D3FA607CDC89EA6AAA8BF76A1 17352880 ----a-w- C:\WINDOWS\System32\FlashPlayerInstaller.exe ====== C:\WINDOWS\system32\drivers ===== 2014-05-18 12:14:56 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2014-05-18 12:10:18 5F7B035B533B87EA936F8B04493879CC 50648 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys 2014-05-18 12:10:18 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys ====== C:\WINDOWS\Tasks ====== 2014-05-20 19:38:53 34018B6E10F31A560FFC918D3287340D 284 ----a-w- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-05-21 09:34:42 -------- d-----w- C:\Program Files\Common Files\Java 2014-05-21 09:09:59 -------- d-----w- C:\Program Files\QuickTime 2014-05-20 19:38:45 -------- d-----w- C:\Program Files\Apple Software Update 2014-05-20 19:36:27 -------- d-----w- C:\Program Files\Common Files\Apple 2014-05-20 19:20:54 -------- d-----w- C:\Program Files\Secunia 2014-04-28 13:25:53 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2014-04-28 13:25:49 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-04-28 13:24:33 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2014-04-28 13:18:47 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2014-04-28 13:14:54 -------- d-----w- C:\Program Files\Microsoft Analysis Services ======= C: ===== ====== C:\Documents and Settings\rokn01\Application Data ====== 2014-05-21 09:05:26 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer 2014-05-21 09:03:57 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Sun 2014-05-20 19:38:52 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Apple 2014-05-20 19:33:50 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe 2014-05-20 19:33:48 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Adobe 2014-05-10 12:28:08 -------- d-----w- C:\Documents and Settings\rokn01\Start Menu\Programs\WinRAR 2014-05-01 09:22:50 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\StickyNotes 2014-05-01 07:23:12 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Mozilla 2014-04-28 15:35:12 -------- d-----w- C:\Documents and Settings\rokn01\Application Data\No Company Name 2014-04-28 13:13:44 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Microsoft Help ====== C:\Documents and Settings\rokn01 ====== 2014-05-20 19:41:46 -------- d--h--r- C:\Documents and Settings\rokn01\Recent ====== C: exe-files == 2014-05-21 09:33:55 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-05-21 09:33:55 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-05-21 09:33:53 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-05-21 09:33:53 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-05-21 09:33:53 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-05-21 09:33:53 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-05-21 09:33:53 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-05-21 09:33:52 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-05-21 09:33:52 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-05-21 09:33:51 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-05-21 09:33:50 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-05-21 09:33:50 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-05-21 09:33:50 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-05-21 09:33:50 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-05-21 09:33:50 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-05-21 09:33:46 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-05-21 09:33:46 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-05-21 09:33:46 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-05-21 09:33:46 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-05-21 09:33:45 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-05-21 09:33:45 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-05-21 09:32:54 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\rokn01\Application Data\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-21 09:17:55 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc4.exe 2014-05-21 09:17:54 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc3.exe 2014-05-21 09:04:17 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc2.exe 2014-05-21 09:02:43 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\chromeinstall-7u55 (1).exe 2014-05-21 09:01:50 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc5.exe 2014-05-20 19:33:37 C3E4419CD96A80693E52DCAC54F166B4 96768 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2014-05-20 19:33:37 ACEB3F702F3CC057C2894AB603785A52 59392 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe 2014-05-20 19:33:37 5D576B7CC0A128364B544389E497E89A 130208 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2014-05-20 19:33:37 3A78A7BE5EFC451F6CAE86254F575A3D 54432 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2014-05-20 19:33:37 3A78A7BE5EFC451F6CAE86254F575A3D 54432 ----a-w- C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2014-05-20 19:19:50 D8B9844FDFD05CD495F110FFF11C1EE5 5329480 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\PSISetup.exe 2014-05-20 17:31:33 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc25.exe 2014-05-20 07:55:40 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\mbam-setup-2.0.0.1000.exe 2014-05-19 13:32:20 5272726DBB7A409A2F4E55356E335128 1328723 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc15.exe 2014-05-19 13:26:26 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\RSIT.exe 2014-05-18 14:01:01 34FE1E227C2B2F2B9F0EDA027FCEC482 610798 ----a-w- C:\Documents and Settings\rokn01\Desktop\Downloads\MaxSDDMnew.exe 2014-05-18 14:00:09 F8ACF6FD6A3077B02B4528B25664D24F 368256 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc6.exe 2014-05-18 13:47:46 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\AdwCleaner.exe 2014-05-18 12:15:09 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc13.exe 2014-05-18 12:10:02 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc14.exe 2014-05-18 12:09:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc11.exe 2014-05-18 12:08:46 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc1.exe 2014-05-18 11:07:39 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe === C: other files == 2014-05-21 09:33:56 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-05-18 12:14:56 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 2014-05-18 12:10:18 5F7B035B533B87EA936F8B04493879CC 50648 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2014-05-18 12:10:18 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe LOGIN" "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE /splash" "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW" "InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Synchronization Manager"="%SystemRoot%\system32\mobsync.exe /logon" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 21:29] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 21:29] C:\WINDOWS\tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30-06-2009 17:33] ==== Chrome Look ====================== AdBlock - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\exzamo01\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\jebr02\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalAdmin\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=173 folders=47 19222293 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully C:\Documents and Settings\Default User\Local Settings\temp emptied successfully C:\Documents and Settings\exzamo01\Local Settings\temp emptied successfully C:\Documents and Settings\itsp01\Local Settings\temp emptied successfully C:\Documents and Settings\jebr02\Local Settings\temp emptied successfully C:\Documents and Settings\LocalAdmin\Local Settings\temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully C:\Documents and Settings\rokn01\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\rokn01\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on wo 21-05-2014 at 14:51:27,73 ======================

Logfile of random's system information tool 1.09 (written by random/random) Run by rokn01 at 2014-05-20 19:33:12 Microsoft Windows XP Professional Service Pack 3 System drive C: has 26 GB (34%) free of 76 GB Total RAM: 2038 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:33:57, on 20-5-2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Device Control\fsdevcon32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\INVENTORYCLIENT\client.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\rokn01\My Documents\Downloads\RSIT (1).exe C:\Program Files\trend micro\rokn01.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [installValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (file missing) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://view.atdmt.com O15 - ESC Trusted Zone: http://xenapp.cardo.net O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 O15 - ESC Trusted Zone: http://www.facebook.com O15 - ESC Trusted Zone: http://connect.facebook.net O15 - ESC Trusted Zone: http://static.ak.fbcdn.net O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com O15 - ESC Trusted Zone: http://static.meteorsolutions.com O15 - ESC Trusted Zone: TechEd | 2014 O15 - ESC Trusted Zone: http://view.atdmt.com (HKLM) O15 - ESC Trusted Zone: http://xenapp.cardo.net (HKLM) O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 (HKLM) O15 - ESC Trusted Zone: http://www.facebook.com (HKLM) O15 - ESC Trusted Zone: http://connect.facebook.net (HKLM) O15 - ESC Trusted Zone: http://static.ak.fbcdn.net (HKLM) O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com (HKLM) O15 - ESC Trusted Zone: http://static.meteorsolutions.com (HKLM) O15 - ESC Trusted Zone: TechEd | 2014 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.54.135.77/activex/AMC.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\Software\..\Telephony: DomainName = cardo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Device Control Daemon (fsdevcon) - F-Secure Corporation - C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: ProService for 8.3B (ProService8.3B) - Progress Software - C:\DLC\bin\ProSrvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Snow Inventory Client (SnowInventoryClient) - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe -- End of file - 12732 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2007-03-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-12-03 329712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-12-03 59376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-12-03 79856] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-12-03 176128] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-03-09 134656] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-03-09 166912] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-03-09 135680] "Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530] "Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626] "Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056] "Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530] "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896] "F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2014-02-28 348712] "F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2014-02-28 1879080] "InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"=C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [2013-06-19 265096] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] "DameWare MRC Agent"=C:\WINDOWS\system32\DWRCST.exe [2009-02-04 78848] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2009-03-09 205824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoBandCustomize"=0 "NoMovingBands"=0 "NoCloseDragDropBands"=0 "NoDriveTypeAutoRun"=323 "NoDesktopCleanupWizard"=1 "NoSMConfigurePrograms"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\AT&T Global Network Client\SwiApiMux.exe"="C:\Program Files\AT&T Global Network Client\SwiApiMux.exe:*:Enabled:SwiApiMux" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\rokn01\Desktop\utorrent.exe"="C:\Documents and Settings\rokn01\Desktop\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\IBM\Client Access\cwbunnav.exe"="C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe" "C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe"="C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe:*:Enabled:LEGO EV3" "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace" "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Documents and Settings\rokn01\My Documents\Downloads\Adobe_Photoshop_CS4_Extended_[_FULL_VERSION_Crack_]_downloader.exe"="C:\Documents and Settings\rokn01\My Documents\Downloads\Adobe_Photoshop_CS4_Extended_[_FULL_VERSION_Crack_]_downloader.exe:*:Enabled:YourFile Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client" "C:\Program Files\IBM\Client Access\cwbunnav.exe"="C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\rokn01\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\rokn01\Application Data\Spotify\spotify.exe:*:Enabled:Spotify" "C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-service" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2014-05-19 15:29:35 ----D---- C:\rsit 2014-05-18 16:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Max Secure 2014-05-18 16:00:44 ----D---- C:\Documents and Settings\rokn01\Application Data\GetRightToGo 2014-05-18 15:49:58 ----A---- C:\WINDOWS\system32\sqlite3.dll 2014-05-18 15:48:52 ----D---- C:\AdwCleaner 2014-05-18 14:14:56 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 2014-05-18 14:10:18 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2014-05-18 14:10:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2014-05-18 14:10:16 ----D---- C:\Program Files\Malwarebytes Anti-Malware 2014-05-18 13:10:26 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-05-01 09:21:40 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla 2014-04-28 17:35:12 ----D---- C:\Documents and Settings\rokn01\Application Data\No Company Name 2014-04-28 15:25:53 ----D---- C:\Program Files\Microsoft Synchronization Services 2014-04-28 15:25:49 ----D---- C:\Program Files\Common Files\DESIGNER 2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft Sync Framework 2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2014-04-28 15:18:47 ----D---- C:\Program Files\Microsoft Visual Studio 8 2014-04-28 15:14:54 ----D---- C:\Program Files\Microsoft Analysis Services 2014-04-28 15:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-04-28 15:11:51 ----RHD---- C:\MSOCache ======List of files/folders modified in the last 1 month====== 2014-05-20 19:33:23 ----D---- C:\Program Files\Trend Micro 2014-05-20 19:33:03 ----D---- C:\WINDOWS\Prefetch 2014-05-20 19:27:53 ----D---- C:\WINDOWS\Temp 2014-05-20 19:26:10 ----A---- C:\WINDOWS\SMSCFG.ini 2014-05-20 19:24:24 ----D---- C:\WINDOWS\system32\CatRoot2 2014-05-20 19:22:38 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2014-05-20 10:43:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2014-05-20 10:03:52 ----D---- C:\WINDOWS\system32\drivers 2014-05-20 09:49:46 ----D---- C:\WINDOWS 2014-05-19 14:59:14 ----SHD---- C:\WINDOWS\Installer 2014-05-19 14:59:14 ----SD---- C:\Documents and Settings\rokn01\Application Data\Microsoft 2014-05-19 14:59:14 ----D---- C:\Config.Msi 2014-05-19 14:45:39 ----RD---- C:\Program Files 2014-05-18 16:40:31 ----D---- C:\WINDOWS\system32 2014-05-18 16:40:26 ----D---- C:\WINDOWS\system32\drivers\etc 2014-05-18 16:18:59 ----RSD---- C:\WINDOWS\Fonts 2014-05-18 15:40:52 ----HD---- C:\WINDOWS\inf 2014-05-18 14:48:36 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2014-05-18 14:45:21 ----D---- C:\WINDOWS\Cursors 2014-05-18 14:44:58 ----SD---- C:\WINDOWS\Tasks 2014-05-18 14:10:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-18 13:50:19 ----D---- C:\Documents and Settings\rokn01\Application Data\Mozilla 2014-05-18 13:25:09 ----RSD---- C:\WINDOWS\assembly 2014-05-18 13:23:24 ----D---- C:\WINDOWS\Microsoft.NET 2014-05-18 13:18:13 ----RASH---- C:\boot.ini 2014-05-18 13:10:46 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2014-05-18 13:09:33 ----D---- C:\Documents and Settings\rokn01\Application Data\uTorrent 2014-05-10 14:38:14 ----D---- C:\Documents and Settings\rokn01\Application Data\Adobe 2014-05-10 14:38:03 ----D---- C:\Program Files\Common Files\Adobe 2014-05-10 14:28:08 ----D---- C:\Program Files\WinRAR 2014-05-02 11:22:25 ----D---- C:\WINDOWS\Debug 2014-05-01 20:44:52 ----D---- C:\CALC 2014-04-28 17:41:31 ----D---- C:\WINDOWS\WinSxS 2014-04-28 17:39:53 ----D---- C:\Program Files\Adobe 2014-04-28 15:37:09 ----A---- C:\WINDOWS\win.ini 2014-04-28 15:36:23 ----D---- C:\Program Files\Common Files\Microsoft Shared 2014-04-28 15:35:55 ----D---- C:\WINDOWS\SHELLNEW 2014-04-28 15:29:55 ----D---- C:\WINDOWS\system32\config 2014-04-28 15:26:57 ----D---- C:\Program Files\MSBuild 2014-04-28 15:25:49 ----D---- C:\Program Files\Common Files 2014-04-28 15:24:38 ----D---- C:\Program Files\Microsoft Office 2014-04-28 15:24:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft.NET 2014-04-23 17:48:57 ----D---- C:\Program Files\F-Secure 2014-04-23 15:54:11 ----D---- C:\Documents and Settings\rokn01\Application Data\Google 2014-04-23 15:52:58 ----D---- C:\Program Files\Google 2014-04-23 15:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure 2014-04-23 15:34:36 ----D---- C:\Documents and Settings\All Users\Application Data\fssg ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] R0 fsbts;fsbts; C:\WINDOWS\system32\Drivers\fsbts.sys [2014-04-23 44240] R0 FSFW;F-Secure Firewall Driver; C:\WINDOWS\System32\drivers\fsdfw.sys [2014-02-28 83464] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\Drivers\iaStor.sys [2009-02-11 329752] R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696] R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-11-24 154672] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-12-10 187392] R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2012-08-24 26624] R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [] R3 fsni;fsni; \??\C:\Program Files\F-Secure\NIF\bin\fsnixp32.sys [] R3 fsnitdi;fsnitdi; \??\C:\Program Files\F-Secure\NIF\bin\fsnitdi32.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAudN.sys [2007-04-27 666112] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-25 988032] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-25 210688] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-09 6278016] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424] R3 LenovoRd;LenovoRd; C:\WINDOWS\System32\Drivers\LenovoRd.sys [2007-06-08 81280] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-27 2236544] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 smsmdd;smsmdd; C:\WINDOWS\system32\DRIVERS\smsmdm.sys [2008-10-20 12448] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-14 40848] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-25 731136] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344] S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [] S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2009-10-08 11392] S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 catchme;catchme; \??\C:\DOCUME~1\rokn01\LOCALS~1\Temp\catchme.sys [] S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-07-23 112640] S3 gtermddo;gtermddo; \??\C:\DOCUME~1\rokn01\LOCALS~1\Temp\gtermddo.sys [] S3 GTF32BUS;GT F32 BUS; C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2008-02-13 35200] S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2008-02-13 8064] S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2008-02-13 21248] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-10 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-10 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-10 21568] S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102528] S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2009-07-23 100480] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-11-04 7680] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784] S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2009-09-18 764768] R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2013-07-29 684136] R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2009-02-04 234496] R2 fsdevcon;F-Secure Device Control Daemon; C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe [2014-02-28 408616] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2014-02-28 224296] R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2014-02-28 206888] R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-12-03 153584] R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2012-08-22 158832] R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2007-03-22 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 SnowInventoryClient;Snow Inventory Client; C:\Program Files\INVENTORYCLIENT\client.exe [2013-10-28 3359744] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2014-02-28 556072] R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2014-02-28 217128] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2013-06-06 60352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-13 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18 257712] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 Cwbrxd;Opdracht op afstand iSeries Access for Windows; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-13 136176] S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 ProService8.3B;ProService for 8.3B; C:\DLC\bin\ProSrvc.exe [1999-01-30 30208] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408] S3 smstsmgr;SMS Task Sequence Agent; C:\WINDOWS\system32\CCM\TSManager.exe [2009-09-18 246624] S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------

Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Scan Date: 20-5-2014 Scan Time: 10:36:47 Logfile: MBAMScanlog.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.20.02 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: rokn01 Scan Type: Threat Scan Result: Completed Objects Scanned: 383394 Time Elapsed: 20 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

​Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Device Control\fsdevcon32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\INVENTORYCLIENT\client.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [installValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (file missing) O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://view.atdmt.com O15 - ESC Trusted Zone: http://xenapp.cardo.net O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 O15 - ESC Trusted Zone: http://www.facebook.com O15 - ESC Trusted Zone: http://connect.facebook.net O15 - ESC Trusted Zone: http://static.ak.fbcdn.net O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com O15 - ESC Trusted Zone: http://static.meteorsolutions.com O15 - ESC Trusted Zone: TechEd | 2014 O15 - ESC Trusted Zone: http://view.atdmt.com (HKLM) O15 - ESC Trusted Zone: http://xenapp.cardo.net (HKLM) O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 (HKLM) O15 - ESC Trusted Zone: http://www.facebook.com (HKLM) O15 - ESC Trusted Zone: http://connect.facebook.net (HKLM) O15 - ESC Trusted Zone: http://static.ak.fbcdn.net (HKLM) O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com (HKLM) O15 - ESC Trusted Zone: http://static.meteorsolutions.com (HKLM) O15 - ESC Trusted Zone: TechEd | 2014 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.54.135.77/activex/AMC.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\Software\..\Telephony: DomainName = cardo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Device Control Daemon (fsdevcon) - F-Secure Corporation - C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: ProService for 8.3B (ProService8.3B) - Progress Software - C:\DLC\bin\ProSrvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Snow Inventory Client (SnowInventoryClient) - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe -- End of file - 12982 bytes

Heel stuk beter en sneller, super !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Microsoft Windows XP x86 Ran by rokn01 on zo 05-01-2014 at 17:42:23,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\rokn01\Application Data\getrighttogo" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on zo 05-01-2014 at 17:52:28,98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.016 - Report created 05/01/2014 at 14:12:18 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : rokn01 - LT21776 # Running from : C:\Documents and Settings\rokn01\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\FLEXnet Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v31.0.1650.63 [ File : C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url ************************* AdwCleaner[R0].txt - [1871 octets] - [05/01/2014 14:09:56] AdwCleaner[s0].txt - [1456 octets] - [05/01/2014 14:12:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1516 octets] ##########

Heel stuk beter inmiddels hij zal ea hebben verwijderd / rechtgezet

ComboFix 14-01-04.03 - rokn01 04-01-2014 19:47:42.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1287 [GMT 1:00] Gestart vanuit: c:\documents and settings\rokn01\Desktop\ComboFix.exe AV: F-Secure Client Security 11.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Client Security 11.00 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\jebr02\WINDOWS c:\documents and settings\rokn01\System c:\documents and settings\rokn01\System\win_qs8.jqx c:\windows\IsUn0413.exe c:\windows\XSxS . . (((((((((((((((((((( Bestanden Gemaakt van 2013-12-04 to 2014-01-04 )))))))))))))))))))))))))))))) . . 2014-01-04 10:56 . 2014-01-04 10:24 24064 ----a-w- c:\windows\zoek-delete.exe 2014-01-04 10:24 . 2014-01-04 10:50 -------- d-----w- C:\zoek_backup 2013-12-22 18:03 . 2013-12-26 08:42 -------- d-----w- c:\documents and settings\rokn01\Application Data\uTorrent 2013-12-07 20:49 . 2013-12-07 20:49 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\LEGO 2013-12-07 20:47 . 2013-12-07 20:47 -------- d-----w- c:\program files\IVI Foundation 2013-12-07 20:47 . 2013-12-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\IVI Foundation 2013-12-07 20:45 . 2013-12-07 20:45 -------- d-----w- c:\program files\LEGO Software 2013-12-07 20:44 . 2013-12-07 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\LEGO MINDSTORMS EV3 2013-12-07 20:44 . 2013-12-07 20:44 -------- d-----w- c:\program files\National Instruments 2013-12-07 20:43 . 2013-12-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-12 09:14 . 2012-05-09 08:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-12 09:14 . 2012-05-09 08:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-13 02:59 . 2009-06-30 23:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2009-06-30 23:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:03 . 2009-06-30 15:19 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:26 . 2009-06-30 23:01 1879040 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:57 . 2009-06-30 23:01 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:57 . 2009-06-30 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-29 07:57 . 2009-06-30 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-10-29 07:57 . 2009-06-30 23:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 00:45 . 2009-06-30 23:00 385024 ----a-w- c:\windows\system32\html.iec 2013-10-23 23:45 . 2009-06-30 23:00 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-12 15:56 . 2009-06-30 23:00 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2009-06-30 23:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2009-06-30 23:00 603136 ----a-w- c:\windows\system32\crypt32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-10-08 53600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680] "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530] "Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626] "Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056] "Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2013-06-25 348608] "F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2013-06-25 1878976] "InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe" [2013-06-19 265096] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-3-22 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-3-22 734872] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AT&T Global Network Client\\SwiApiMux.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"= "c:\\Documents and Settings\\rokn01\\Desktop\\utorrent.exe"= "c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"= "c:\\Program Files\\LEGO Software\\LEGO MINDSTORMS EV3 Home Edition\\MindstormsEV3.exe"= "c:\\Documents and Settings\\rokn01\\Application Data\\uTorrent\\uTorrent.exe"= . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29-4-2013 12:12 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [29-4-2013 12:12 83360] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [11-12-2013 12:30 73328] R2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\fsdevcon32.exe [29-4-2013 12:12 411584] R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [22-8-2012 19:48 158832] R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [8-10-2009 12:48 342368] R2 SnowInventoryClient;Snow Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [28-10-2013 17:50 3359744] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18-9-2009 17:48 9216] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [29-4-2013 12:12 146472] R3 fsni;fsni;c:\program files\F-Secure\NIF\bin\fsnixp32.sys [29-4-2013 12:12 50728] R3 fsnitdi;fsnitdi;c:\program files\F-Secure\NIF\bin\fsnitdi32.sys [29-4-2013 12:12 24104] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [29-4-2013 12:12 60352] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8-6-2007 7:36 81280] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30-6-2009 16:22 96256] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27-8-2010 14:23 112640] S3 gtermddo;gtermddo;\??\c:\docume~1\rokn01\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\rokn01\LOCALS~1\Temp\gtermddo.sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27-8-2010 14:30 100480] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17-5-2010 13:10 7680] S3 NetLogSvc;NetLogSvc;c:\progra~1\AT&TGL~1\NETLOG~1.EXE [8-10-2009 12:48 75616] S3 ProService8.3B;ProService for 8.3B;c:\dlc\bin\prosrvc.exe [18-11-2011 9:40 30208] S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [30-6-2009 16:22 65664] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [29-4-2013 12:12 40256] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [29-4-2013 12:12 25536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-06 10:46 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 09:14] . 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 19:29] . 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 19:29] . 2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . 2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . 2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . 2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.54.135.77/activex/AMC.cab . - - - - ORPHANS VERWIJDERD - - - - . c:\documents and settings\rokn01\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\rokn01\Local Settings\temp\{3E401CE9-6822-4CC3-8897-8005C492AF66}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=NLD /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY" AddRemove-ClientAccessExpressAFP Viewer - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressAFPPrinterDriver - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressAS400OperationsConsole - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressDirectoryUpdate - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressEmulator - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressEmulatorPdfPdt - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressEZSetup - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressFileTransferBase - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressFileTransferExcel - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressFileTransferWK4 - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressIRC - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressJavaToolbox - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressJRE - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressODBC - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOLEDB - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOnlineUsersGuide - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavAdmin - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavAFPMan - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavAppDev - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavBackup - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavBase - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavBasicOp - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavCABase - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavCommands - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavDatabase - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavFileSys - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavJobMan - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavLogSys - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavMonitors - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavNetworks - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavPackProd - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavSecurity - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavSysConfig - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavToolkit - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressOpNavUandG - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressREDIST - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressRequiredPrograms - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressSCSPrinterDriver - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressSPCOMP - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressTJ - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressToolkit - c:\windows\IsUn0413.exe AddRemove-ClientAccessExpressVBW - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2014-01-04 19:56 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(556) c:\program files\f-secure\hips\fshook32.dll c:\windows\system32\igfxdev.dll . Voltooingstijd: 2014-01-04 19:58:47 ComboFix-quarantined-files.txt 2014-01-04 18:58 ComboFix2.txt 2010-10-13 21:43 ComboFix3.txt 2010-10-11 15:49 . Pre-Run: 37.147.299.840 bytes free Post-Run: 37.123.178.496 bytes free . - - End Of File - - A659DAFFEBFFCC86702C3D1DE426D09C 16AAED9FF9BD7B064230E4D89FDC8B05

Internet gaat beter, opstarten duurd no 10 minuten

Zoek.exe v5.0.0.0 Updated 02-Januari-2014 Tool run by rokn01 on za 04-01-2014 at 11:24:53,00. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\rokn01\Desktop\zoek\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-07-30-144224.log 5911 bytes ==== Empty Folders Check ====================== C:\Program Files\Axis Communications deleted successfully C:\Program Files\Hewlett-Packard deleted successfully C:\Program Files\PokerStars.EU deleted successfully C:\Program Files\Simpo PDF to Word deleted successfully C:\Program Files\Common Files\Apple deleted successfully C:\Documents and Settings\jebr02\Application Data\ICAClient deleted successfully C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully C:\Documents and Settings\rokn01\Application Data\DAEMON Tools Pro deleted successfully C:\Documents and Settings\rokn01\Application Data\Outlook deleted successfully C:\Documents and Settings\LocalService\Local Settings\Application Data\Google deleted successfully C:\Documents and Settings\rokn01\Local Settings\Application Data\CutePDF Writer deleted successfully C:\Documents and Settings\rokn01\Local Settings\Application Data\Downloaded Installations deleted successfully C:\Documents and Settings\rokn01\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\SearchProtect deleted C:\extensions deleted C:\Documents and Settings\rokn01\Local Settings\Application Data\SearchProtect deleted C:\Documents and Settings\rokn01\Local Settings\Application Data\cache deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\rokn01\LOCALS~1\Temp ==== 2013-12-22 18:04:09 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Documents and Settings\rokn01\Local Settings\Temp\utt11.tmp.exe ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-12-07 20:47:29 -------- d-----w- C:\Program Files\IVI Foundation 2013-12-07 20:45:13 -------- d-----w- C:\Program Files\LEGO Software 2013-12-07 20:44:03 -------- d-----w- C:\Program Files\National Instruments ======= C: ===== ====== C:\Documents and Settings\rokn01\Application Data ====== 2013-12-22 18:03:16 -------- d-----w- C:\Documents and Settings\rokn01\Application Data\uTorrent 2013-12-07 20:56:43 4DCAE2DDC67ADD848F56453773E16B81 208744 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2781560043-2945397114-2333775007-4818-0.dat 2013-12-07 20:49:10 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\LEGO ====== C:\Documents and Settings\rokn01 ====== 2014-01-03 14:13:24 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\rokn01\Desktop\RSIT.exe 2014-01-01 10:01:27 -------- d--h--r- C:\Documents and Settings\rokn01\Recent 2013-12-22 18:01:55 BE27EB2DF4A3740E9385BC810BECC18D 1340496 ----a-w- C:\Documents and Settings\rokn01\Desktop\utorrent.exe ====== C: exe-files == 2014-01-03 14:13:43 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\rokn01.exe 2014-01-03 14:13:24 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\rokn01\Desktop\RSIT.exe === C: other files == 2014-01-03 15:17:53 04E34D76A6EDA4D8A4F2393064F10D6C 17791 ----a-w- C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\24F3VB74\beelden[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe -show" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe LOGIN" "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE /splash" "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW" "InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s" "DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" "Synchronization Manager"="%SystemRoot%\system32\mobsync.exe /logon" "MobileConnect"="%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe -show" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Folders ====================== 2012-03-01 22:53:04 1483 ----a-w- C:\Documents and Settings\rokn01\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 20:29] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 20:29] C:\WINDOWS\tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31] C:\WINDOWS\tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "jqs@sun.com"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\ [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\DOCUME~1\rokn01\LOCALS~1\Temp\ccex.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\DOCUME~1\rokn01\LOCALS~1\Temp\crx4F.tmp[] Google Drive - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Zoeken=" "Default_Page_URL"="https://keypoint.assaabloy.net/Entrance-Systems/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Start Page"="Google" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="{searchTerms} - Bing=" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\exzamo01\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\jebr02\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalAdmin\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=176 folders=44 31157659 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\exzamo01\Local Settings\Temp emptied successfully C:\Documents and Settings\itsp01\Local Settings\Temp emptied successfully C:\Documents and Settings\jebr02\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalAdmin\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\rokn01\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\rokn01\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on za 04-01-2014 at 12:14:24,70 ======================

Zoek.exe v5.0.0.0 Updated 02-Januari-2014 Tool run by rokn01 on za 04-01-2014 at 11:24:53,00. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\rokn01\Desktop\zoek\zoek.exe [scan all users] [script inserted] [Checkboxes used] ===== Runcheck 11:29:58,67 ===== --- Create Environment Variables 11:29:59,78 --- Checking Input 11:30:22,64 --- AU AppData Check 11:30:28,92 --- Remove From Windows Installer 11:30:32,28 --- Empty Folders Check 11:34:05,34 --- IE Startpage Check 11:34:51,57 --- Program Files DB Check 11:36:12,10 --- C:\Documents and Settings\Administrator\Application Data DB Check 11:37:01,46 --- C:\Documents and Settings\Default User\Application Data DB Check 11:37:01,46