Zoek.exe v5.0.0.0 Updated 28-11-2014 Tool run by Beheerder on za 29/11/2014 at 10:47:13,37. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Beheerder\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-01-16-074407.log 16554 bytes C:\zoek-results2014-01-16-094835.log 11900 bytes ==== Empty Folders Check ====================== C:\Program Files\Tbccint deleted successfully C:\Program Files\Common Files\SWF Studio deleted successfully C:\PROGRA~2\CorelDRAW Graphics Suite X6 deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\smdmf deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3458912042-936064933-937572561-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\ProgramData\34dc5208-3f7e-436e-907b-3dc21b172840\maintainer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\YouCam\YouCamService.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Browny02\BrYNSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Beheerder\Downloads\zoek.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MaintainerSvc4.20.9060156 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\BEHEER~1\AppData\Roaming\Mozilla\Firefox\Profiles\qwknvmmt.default user.js not found ---- Lines TowerTilt removed from prefs.js ---- user_pref("extensions.TowerTilt.aul", "1413910394159"); user_pref("extensions.TowerTilt.irl", true); user_pref("extensions.TowerTilt.is", "EF22DDBE"); user_pref("extensions.TowerTilt.ug", "a25e0f70-7cf5-4d7d-bd98-a7a79d38b311"); ---- FireFox user.js and prefs.js backups ---- prefs_20142911_1111_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Tbccint deleted C:\Program Files\RCP deleted C:\PROGRA~2\34dc5208-3f7e-436e-907b-3dc21b172840 deleted C:\Users\Beheerder\AppData\LocalLow\Tbccint deleted C:\Users\Beheerder\AppData\Roaming\Systweak deleted C:\Users\Beheerder\AppData\Local\Tbccint deleted C:\Users\Beheerder\AppData\Local\Pay-By-Ads deleted C:\Users\Beheerder\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted C:\Users\Beheerder\AppData\LocalLow\SkwConfig.bin deleted C:\Windows\system32\tasks\RegClean Pro deleted C:\Windows\system32\tasks\RegClean Pro_DEFAULT deleted C:\Windows\system32\tasks\RegClean Pro_UPDATES deleted C:\Windows\tasks\RegClean Pro_DEFAULT.job deleted C:\Windows\tasks\RegClean Pro_UPDATES.job deleted C:\END deleted C:\Windows\System32\drivers\{5777ef1b-0ffc-46f6-9fb5-6c3856fbf79f}t.sys deleted C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gt.sys deleted C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}t.sys deleted C:\Windows\System32\drivers\{5eb8c762-4b85-4d26-9889-f7dc2bdff079}t.sys deleted C:\Windows\system32\roboot.exe deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted "C:\Windows\Installer\953242.msi" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2815 MB CPU Info: AMD Athlon(tm) X2 Dual-Core QL-62 CPU Speed: 2035,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: NVIDIA GeForce 9100M G | NVIDIA GeForce 9100M G | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Atheros AR5007EG Wireless Network Adapter CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7560S Ports: COM3 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 298,1GB Hard Disks - Free: C: 209,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 10/10/08 | MSI_NB - 20081010 Time Zone: Romance (standaardtijd) Motherboard *: MSI MS-1672 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: ESET NOD32 Antivirus 5.2 On-access scanning disabled (Outdated) Anti-Spyware: ESET NOD32 Antivirus 5.2 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 38.0.2125.111 Internet Explorer Version: 9.0.8112.16421 Google Chrome version: 38.0.2125.111 Adobe Reader version: 10.1.11.8 Sun Java version: 1.7.0_55 (32-bit) Shockwave Player version: 11.6.8r638 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BEHEER~1\AppData\Local\Temp ==== 2014-11-29 08:50:27 87C9C560D0E09FF0B1775DFC03662992 196608 ----a-w- C:\Users\Beheerder\AppData\Local\Temp\res.dll 2014-11-29 08:48:31 6C702159D65E70F9DACAA74A113FA5BD 5372736 ----a-w- C:\Users\Beheerder\AppData\Local\Temp\BS_Player_ControlBar_B\tbBS_P.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-11-22 11:38:58 1DE1C07B256961012DCE0674EA488DE7 499200 ----a-w- C:\Windows\System32\kerberos.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\Beheerder\AppData\Roaming ====== ====== C:\Users\Beheerder ====== 2014-11-29 09:15:04 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Beheerder\Downloads\RSIT.exe ====== C: exe-files == 2014-11-29 09:15:04 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Beheerder\Downloads\RSIT.exe === C: other files == 2014-11-24 19:37:50 3DFA5C06E4C45A174DE8788C0F4B2EDB 30924 ----a-w- C:\Users\Beheerder\Downloads\Ladybird-Ladybird-1994-7318394.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3458912042-936064933-937572561-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Facebook Update"="C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "YouCam Service"="C:\Program Files\CyberLink\YouCam\YouCamService.exe /s" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Facebook Update"="C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" ==== Startup Folders ====================== 2014-03-07 19:27:08 1115 ----a-w- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/08/2013 20:46] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3458912042-936064933-937572561-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3458912042-936064933-937572561-1000UA.job --a------ C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe [10/02/2013 22:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15/01/2013 15:12] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15/01/2013 15:12] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3458912042-936064933-937572561-1000Core" [C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3458912042-936064933-937572561-1000UA" [C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{1616425E-CAA0-45CA-8A15-4E37AC5AE54E}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [20/05/2014 18:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\BEHEER~1\AppData\Roaming\Mozilla\Firefox\Profiles\qwknvmmt.default - Undetermined - {587cb346-a3d8-4884-b39b-f0ed918b6f96} AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\qwknvmmt.default F51ECBBA611C75E47578295D5241630F - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat D654525C0902C21118AD29217E4ECB49 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Beheerder\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55 290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14 8B748A2C8282CAC6FD0323787D69A3EF - C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll - Skype Web Plugin D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== AdBlock - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Lone Tree - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip Google Wallet - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage-journal deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://rts.dsrlte.com?affID=na" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://rts.dsrlte.com?affID=na" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {09FDF567-810C-4999-829D-2555EEE0CBAD} Yahoo! Search Url="http://rts.dsrlte.com/?q={searchTerms}&r=630" {3F4B8032-3900-40A3-87A9-B1DA477EC884} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3 deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3 deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Beheerder\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Beheerder\AppData\Local\Mozilla\Firefox\Profiles\qwknvmmt.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=858 folders=170 138926036 bytes) ==== Empty Temp Folders ====================== C:\Users\Beheerder\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BEHEER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on za 29/11/2014 at 11:23:21,50 ======================