Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by MARCO on wo 04-06-2014 at 19:37:27,73. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\MARCO\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\9732161d37b73cb.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\20add2c4938dcf8.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\MARCO\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe ==== System Restore Info ====================== 4-6-2014 19:38:51 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\RichMediaViewV1 deleted successfully C:\Program Files\Siber Systems deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\MARCO\AppData\Local\calibre-cache deleted successfully C:\Users\MARCO\AppData\Local\Downloaded Installations deleted successfully C:\Users\MARCO\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2707463002-1117669999-1078469151-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{5f96e29b-fbb2-43ff-b000-37510184ddd7} deleted successfully ==== Installed Programs ====================== Adobe AIR Adobe Digital Editions 2.0 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.07) - Nederlands Adobe Shockwave Player 12.0 calibre Compatibiliteitspakket voor het 2007 Microsoft Office system dBpoweramp DSP Effects dBpoweramp Music Converter dBpoweramp Windows Media Audio 10 Codec DVD Shrink 3.2 Google Chrome Google Update Helper GrabIt 1.7.2 Beta 6 (build 1008) HTC BMP USB Driver HTC Driver Installer IPTInstaller IrfanView (remove only) Java 7 Update 55 Java Auto Updater Malwarebytes Anti-Malware versie 2.0.2.1012 MediaMonkey 3.2 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office File Validation Add-In Microsoft Office Professional Editie 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mp3tag v2.59a MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) NVIDIA Drivers QuickPar 0.9 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Shark007 Standard Codecs Soft Data Fax Modem with SmartCP swMSM Synaptics Pointing Device Driver SyncToy 2.1 (x86) TreeSize Professional V5.5 Windows Mobile Apparaatcentrum WinRAR ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\9732161d37b73cb.exe deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\9732161d37b73cb.exe deleted successfully ==== Deleting Files \ Folders ====================== C:\extensions.ini deleted C:\Windows\system32\tasks\RegistryDr_Popup deleted C:\Windows\system32\tasks\RegistryDr_Start deleted C:\Windows\System32\AI_RecycleBin deleted "C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\20add2c4938dcf8.exe" deleted "C:\Users\MARCO\AppData\Local\{22C0EAD7-E2CC-48B2-B727-F634BB56D9FD}" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 1023 MB CPU Info: Genuine Intel(R) CPU T2400 @ 1.83GHz CPU Speed: 1829,3 MHz Sound Card: Luidsprekers (USB Sound Device | Display Adapters: NVIDIA GeForce Go 7400 | NVIDIA GeForce Go 7400 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Intel(R) PRO/Wireless 3945ABG Network Connection | Intel(R) PRO/100 VE Network Connection CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-4084N Ports: COM3 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 223,5GB | D: 100,0MB Hard Disks - Free: C: 150,6GB | D: 71,3MB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 03/13/06 | ACRSYS - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: Hewlett-Packard 30A7 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Google Chrome 35.0.1916.114 Internet Explorer Version: 11.0.9600.17107 Google Chrome version: 35.0.1916.114 Adobe Reader version: 11.0.07.79 Sun Java version: 1.7.0_55 (32-bit) Flash Player version: 11.7.700.224 Shockwave Player version: 12.0.2r122 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\MARCO\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-06-03 18:46:20 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll ====== C:\Windows\system32\drivers ===== 2014-06-03 17:02:13 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-03 17:00:23 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-03 17:00:23 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-03 17:00:23 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-05-14 14:47:29 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-14 10:15:14 D3964885F0A11ACF51DA3AAA776973B2 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-05-14 10:15:13 4120DA10AA42A9996F4575DB9E3E6E6E 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-03 17:16:58 -------- d-----w- C:\Program Files\trend micro 2014-05-14 17:49:33 -------- d-----w- C:\Program Files\SyncToy 2.1 2014-05-14 16:45:49 -------- d-----w- C:\Program Files\Calibre2 ======= C: ===== ====== C:\Users\MARCO\AppData\Roaming ====== 2014-06-02 18:18:06 -------- d-----w- C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961 2014-05-28 15:09:04 -------- d-----w- C:\Users\MARCO\AppData\Locallow\Unity 2014-05-14 20:05:20 05060E4C6F40B8886D2096828FEAD9F4 509520 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-05-14 16:47:18 -------- d-----w- C:\Users\MARCO\AppData\Local\Adobe_Systems_Incorporate 2014-05-14 16:46:16 -------- d-----w- C:\Users\MARCO\AppData\Roaming\calibre ====== C:\Users\MARCO ====== 2014-06-03 18:45:38 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\MARCO\Downloads\adwcleaner_3.211.exe 2014-06-03 17:16:38 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\MARCO\Downloads\RSIT.exe 2014-06-03 16:59:32 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\MARCO\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-14 16:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2014-05-14 16:45:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-05-13 19:53:23 94425F8B96751C219C74EBEB9B9C1FFD 468 --sha-r- C:\ProgramData\ntuser.pol ====== C: exe-files == 2014-06-03 18:45:38 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\MARCO\Downloads\adwcleaner_3.211.exe 2014-06-03 17:16:58 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\MARCO.exe 2014-06-03 17:16:38 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\MARCO\Downloads\RSIT.exe 2014-06-03 16:59:32 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\MARCO\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-02 18:18:07 320B1FF1AD395699F81A112AAFDD4620 93696 ----a-w- C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\9732161d37b73cb.exe 2014-06-02 18:18:00 B52F1B06C66ED6F3D1EFE7093CF1A924 2211638 ----a-w- C:\Windows\Temp\RSTUpdater.exe === C: other files == 2014-06-03 17:02:13 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-03 17:00:23 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-03 17:00:23 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-03 17:00:23 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-02 18:18:07 C8127CCDA583CAA117D89BFFCBBA131F 17552 ----a-w- C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\RegFltrX86.sys 2014-06-02 18:18:07 743AF148DAB7BEFD06FAF51BA3063CA0 18064 ----a-w- C:\Users\MARCO\AppData\Local\41570d6978ceefa4cf03303c4b34e961\RegFltrX64.sys 2014-06-02 15:03:42 995091845C2B2ACCD9285D6E99E3745C 645432 ----a-w- C:\Users\MARCO\Downloads\wetransfer-53cb18.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " ==== Startup Folders ====================== 2013-07-12 16:35:38 289 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2013-07-12 16:35:38 289 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18-04-2014 14:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18-04-2014 14:31] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Launch HTC Sync Loader" [C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\system32\tasks\PrivacyDR_Popup" [C:\Program Files\Privacy DR\Splash.exe] "C:\Windows\system32\tasks\PrivacyDR_Start" [C:\Program Files\Privacy DR\PrivacyDR.exe] ==== Chrome Look ====================== Google Docs - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - MARCO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:31340" "ProxyOverride"=";*origin.com;*ea.com;*akamaihd.net" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Empty IE Cache ====================== C:\Users\MARCO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\MARCO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=7 296125 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\MARCO\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MARCO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 04-06-2014 at 19:55:36,21 ======================