Zoek.exe v5.0.0.0 Updated 20-September-2014 Tool run by Duquenne on zo 21-09-2014 at 8:53:37,70. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Duquenne\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-05-02-140628.log 24583 bytes C:\zoek-results2014-09-17-144532.log 27219 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Users\Duquenne\Downloads\zoek(1).exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Registry Search Results for "waittokill" ====================== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control] "WaitToKillServiceTimeout"="200" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control] "WaitToKillServiceTimeout"="200" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "WaitToKillServiceTimeout"="200" [HKEY_USERS\S-1-5-21-2008494405-2025870050-566855100-1000\Control Panel\Desktop] "WaitToKillAppTimeout"="2000" ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3071 MB CPU Info: AMD Turion(tm) 64 X2 Mobile Technology TL-64 CPU Speed: 933,8 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Display Adapters: Standaard-VGA grafische adapter | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen niet-PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Realtek RTL8187B 802.11b/g 54 Mbps draadloze USB 2.0-netwerkadapter | NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-5540A Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 141,0GB | D: 149,0GB Hard Disks - Free: C: 96,4GB | D: 148,9GB Manufacturer *: Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 12/18/07 | PacBel - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: PACKARD BELL BV EasyNote_SJ82 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 32.0.2 Internet Explorer Version: 11.0.9600.17280 Mozilla Firefox version: 32.0.2 (x86 nl) Adobe Reader version: 11.0.9.29 Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-20 07:47:19 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-THUIS-Microsoft-Windows-7-Home-Premium-(32-bit).dat ====== C:\Users\Duquenne\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-09-20 07:29:45 D4BF58CD6CCBA48FA0AB2A0634712F6A 408056 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-09-12 09:19:41 7C3D593AB1E2F5E5687D97772EF99AC7 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-09-12 09:19:39 E3D7B3F64C30994409BDF8E48048A854 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-09-12 09:19:38 6DD476318F524D2DCB73AFEB2EE27B4A 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-09-12 09:19:38 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 ----a-w- C:\Windows\System32\ieui.dll 2014-09-12 09:19:37 2E2E40E5D92EEA979548E307C5781038 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-09-12 09:19:36 CC8F34B345DA638D77BB48C035DA628D 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-09-12 09:19:36 AE7BCEA48C8AE4C1A26A2A26C94DD29D 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-09-12 09:19:36 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-09-12 09:19:35 D603AC77E17E5B9583E382F2EE0381A7 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-09-12 09:19:35 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-09-12 09:19:35 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-09-12 09:19:35 1D8C086A39B9794D7131384586811B25 678400 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-09-12 09:19:34 AA595171932ACC79DA9851067DCBDABF 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-09-12 09:19:34 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-09-12 09:19:34 010DFAF3EF93994B805BAA1493D47973 243200 ----a-w- C:\Windows\System32\dxtrans.dll 2014-09-12 09:19:33 95D7609E05218407071E353800581BF2 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-09-12 09:19:33 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-09-12 09:19:33 77F79126444896B5867E6761490735B8 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-09-12 09:19:33 5074835337862817DB3726558D0908DE 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-09-12 09:19:32 24225D0B94B800F4A78A0AC08E7FA4AE 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-12 09:19:32 074646C5A979DE79133DE4A8530A9C5D 603136 ----a-w- C:\Windows\System32\msfeeds.dll 2014-09-12 09:19:31 E16EA38E5E98E485BE566738367AF16F 673792 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-12 09:19:31 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-09-12 09:19:28 FD96C05DE700F5FD26273D6DDB6495A7 2185728 ----a-w- C:\Windows\System32\iertutil.dll 2014-09-12 09:19:28 D58988722C72D265B51A54103DFC2C6F 1812992 ----a-w- C:\Windows\System32\wininet.dll 2014-09-12 09:19:27 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 ----a-w- C:\Windows\System32\jscript9.dll 2014-09-12 09:19:26 6A3A809CA7A8F40C89E6F1D301898A66 2014208 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-09-12 09:19:26 41010A88B70A2168F801DC19EBD4CB4F 1190400 ----a-w- C:\Windows\System32\urlmon.dll 2014-09-12 09:19:24 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 ----a-w- C:\Windows\System32\mshtml.dll 2014-09-12 09:19:23 A3560FAFC1686D5EE9830B33B5C74B66 11769856 ----a-w- C:\Windows\System32\ieframe.dll 2014-09-12 09:17:52 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2014-09-12 07:32:14 1B85FA0D0A93C011B76678733F39DB6C 550912 ----a-w- C:\Windows\System32\kerberos.dll 2014-09-12 07:32:12 DCA0AC63EF309E17BEEDE8D90622285F 1059840 ----a-w- C:\Windows\System32\lsasrv.dll 2014-09-12 07:31:27 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-09-12 07:31:18 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-09-12 07:31:03 7D11D2B186C369E39D3B3759AE2775CE 445952 ----a-w- C:\Windows\System32\aepdu.dll 2014-09-12 07:30:59 11423EFD825011A0F5EC76D89D0C89A1 302592 ----a-w- C:\Windows\System32\aeinv.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2014-09-20 08:22:58 89B2680B9E67849F8E47C664858A2480 3148 ----a-w- C:\Windows\system32\Tasks\SidebarExecute ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-20 07:41:29 -------- d-----w- C:\Program Files\Tweaking.com 2014-09-16 16:17:41 -------- d-----w- C:\Program Files\trend micro ======= C: ===== 2014-09-16 07:55:28 2F8360DECB8043C7C6CAA75E4C13CA07 3656 ------w- C:\bootsqm.dat ====== C:\Users\Duquenne\AppData\Roaming ====== 2014-09-20 14:51:54 -------- d-----w- C:\Users\Duquenne\AppData\Local\Adobe 2014-09-20 07:41:47 -------- d-----w- C:\Users\Duquenne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-09-20 07:30:26 3EFC151688D56A94A20283FA84453268 109280 ----a-w- C:\Users\Duquenne\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-17 14:45:12 -------- d-----w- C:\Users\Duquenne\AppData\Local\VirtualStore 2014-09-17 14:40:24 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-09-17 14:40:24 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-17 14:40:24 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-09-17 14:40:24 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-09-17 14:40:23 -------- d-----w- C:\Users\Duquenne\AppData\Local\Temp ====== C:\Users\Duquenne ====== 2014-09-20 15:22:59 491D1C5CE5FF9323BE55D5C73F80099E 6431728 ----a-w- C:\Users\Duquenne\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411(1).exe 2014-09-20 15:22:32 491D1C5CE5FF9323BE55D5C73F80099E 6431728 ----a-w- C:\Users\Duquenne\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe 2014-09-20 07:40:33 39C80615F4ECFC3FC7DF6C8B8D321135 9700040 ----a-w- C:\Users\Duquenne\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-09-18 06:38:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Duquenne\De 2014-09-16 16:16:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Duquenne\Downloads\RSIT.exe 2014-09-16 08:20:02 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.310.exe 2014-09-09 11:16:14 13EC9896CB74B8BD8F6C92135DFACD20 1370467 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.309.exe ====== C: exe-files == 2014-09-20 15:22:59 491D1C5CE5FF9323BE55D5C73F80099E 6431728 ----a-w- C:\Users\Duquenne\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411(1).exe 2014-09-20 15:22:32 491D1C5CE5FF9323BE55D5C73F80099E 6431728 ----a-w- C:\Users\Duquenne\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe 2014-09-20 07:41:30 2237B196DE74B2516360F2E0A4B302A0 1346048 ----a-w- C:\Program Files\Tweaking.com\Windows Repair (All in One)\uninstall.exe 2014-09-20 07:40:33 39C80615F4ECFC3FC7DF6C8B8D321135 9700040 ----a-w- C:\Users\Duquenne\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-09-16 16:17:41 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Duquenne.exe 2014-09-16 16:16:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Duquenne\Downloads\RSIT.exe 2014-09-16 08:20:02 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.310.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2008494405-2025870050-566855100-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUS EPM tray" "hkey"="HKLM" "command"="C:\\Program Files\\EaseUS\\EaseUS Partition Master 10.0\\bin\\EpmNews.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM Tray Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUS EPM Tray Agent" "hkey"="HKLM" "command"="\"C:\\Program Files\\EaseUS\\EaseUS Partition Master 10.0\\bin\\TrayPopupE\\TrayTipAgentE.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-09-2014 10:45] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000Core.job --a------ C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-08-2014 12:07] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000UA.job --a------ C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-08-2014 12:07] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000Core" [C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000UA" [C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\{74350473-4CED-4466-A364-4442B7B5294C}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Duquenne\AppData\Roaming\Mozilla\Firefox\Profiles\azja0ukd.default 64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Duquenne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 5FDB2FD0DA5D57A4BFB7CDF8604A2783 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {AE115A3D-5F9F-49B8-8B07-76CDEB0E6176} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Duquenne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3 folders=1 787 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Duquenne\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Duquenne\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 21-09-2014 at 9:19:34,45 ======================