Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Administrator on vr 26-02-2016 at 9:53:43,68. Microsoft Windows 7 Home Premium 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Administrator\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\PROGRA~2\iTunes deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\SafeSaver deleted successfully C:\PROGRA~3\VMware deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Administrator\AppData\Roaming\Solvusoft deleted successfully C:\Users\Administrator\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Administrator\AppData\Local\MigWiz deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Adobe Flash Player 20 ActiveX Adobe Reader X (10.1.16) Adobe Refresh Manager AIO_Scan Albelli Fotoboeken AMD USB Filter Driver Apple Application Support (64-bit) Apple Software Update ATI Catalyst Install Manager Audacity 2.1.0 Avast Free Antivirus Bing Bar Bonjour BufferChm Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver Updater Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) Copy D3DX10 Destinations DeviceDiscovery DJ_AIO_ProductContext DJ_AIO_Software DJ_AIO_Software_min Dropbox Dropbox Update Helper eLicenser Control F2100 F2100_Help Google Chrome Google Update Helper GPBaseService2 HD Tune 2.55 Hema Fotoalbum HitmanPro 3.7 HP Customer Participation Program 13.0 HP Deskjet All-In-One Driver Software 13.0 Rel. 1 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Java 8 Update 71 (64-bit) Java 8 Update 73 Java Auto Updater Junk Mail filter update KPN Back-up Online LAME v3.99.3 (for Windows) Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes Anti-Malware versie 2.2.0.1024 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 MP3 Cutter 1.9 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Online Plug-in Polar FlowSync versie 2.6.2 PowerLine Utility QuickTime 7 Realtek Ethernet Controller Driver For Windows 7 Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Revo Uninstaller Pro 3.1.5 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085616) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114742) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114548) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114745) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3114741) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3114748) 32-Bit Edition Self-service Plug-in Shop for HP Supplies SmartWebPrinting SolutionCenter Speccy Spotify Status Steinberg Eucon Adapter 6.5 64bit Steinberg Groove Agent ONE Allen Morgan Signature Drums Steinberg Groove Agent ONE Content Steinberg Groove Agent ONE Vintage Beatboxes Steinberg HALion Sonic SE 64bit Steinberg HALion Sonic SE Content Steinberg LoopMash Content Steinberg LoopMash Content 2 Steinberg Midi Loop Library Steinberg Padshop 64bit Steinberg Retrologue 64bit Steinberg REVerence Content 01 Steinberg Upload Manager Steinberg VST Amp Rack Content 01 Sweex Connected Home Universal Wireless Driver Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Toolbox TrayApp TuneUp Utilities 2013 TuneUp Utilities Language Pack (nl-NL) UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3114743) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Vuze WebReg Windows Installer Clean Up Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 WinRAR 5.01 (32-bit) ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Sweex\Common\RaRegistry.exe C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe C:\Program Files (x86)\Sweex\Common\RaUI.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Administrator\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TuneUp.UtilitiesSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TuneUp.UtilitiesSvc deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\iTunes not found C:\PROGRA~2\SafeSaver not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~3\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\roboot64.exe deleted "C:\Windows\Installer\d3621bee.msi" deleted "C:\Users\Administrator\AppData\Local\{57321EDE-96DC-4986-8132-5435D592C6A6}" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600) Memory (RAM): 3840 MB CPU Info: AMD Athlon(tm) II X2 260 Processor CPU Speed: 3232,4 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: AMD 760G | AMD 760G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (D: | G: | ) D: TSSTcorpCDDVDW SH-S223C | G: MagicISOVirtual DVD-ROM Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 465,7GB | E: 397,3GB | F: 68,5GB Hard Disks - Free: C: 151,5GB | E: 234,3GB | F: 54,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/16/32 | 7596MS - 20100903 Time Zone: West-Europa (standaardtijd) Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD 760GM -E51 (MS-7596) Country: Nederland Language: NLD ==== System Specs (Software) ====================== AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} Default Browser: Google Chrome 48.0.2564.116 Internet Explorer Version: 9.0.8112.16421 Google Chrome version: 48.0.2564.116 Adobe Reader version: 10.1.16.13 Sun Java version: 1.8.0_73 (32-bit) Sun Java version: 1.8.0_73 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ADMINI~1\AppData\Local\Temp ==== 2016-02-23 16:20:04 FBC76FB8AC96C179E4D0BC806B850748 230672 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_w32.exe 2016-02-23 16:20:04 FA1520D147762335B5DB0B26C243A84A 4346640 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe 2016-02-23 16:20:04 A5D231AA03D07428BB73BCCBF0CD5BA5 5301520 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe 2016-02-23 16:20:04 6117139656C0B01DB5C0364F64644B06 248592 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_w32.dll 2016-02-23 16:20:04 491FCF06D539E45EB27C5299ED490DCF 272656 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_x64.dll 2016-02-23 16:20:04 40F0FE266B0785EA2208A30A586CAD98 347408 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_Resource_nl.dll 2016-02-23 16:20:04 2FB0CF0CB5E25197D317AFCC5C65DB58 3998992 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_StaticRes.dll 2016-02-23 16:20:04 24B9BA271BC87C8B9FC05A688923652F 263952 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_x64.exe 2016-02-23 13:24:04 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\B18.tmp.exe 2016-02-23 08:43:47 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\D935.tmp.exe 2016-02-23 08:43:09 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\4751.tmp.exe 2016-02-21 23:55:34 0C08F8B7116778A5F507878257F4BD57 384512 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\tmp\SSFK_2.0.6.80.exe 2016-02-21 23:16:34 21D5EE1A419C265F3E8C3CDA62BDD118 387584 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\tmp\UninstallManager.exe 2016-02-19 12:52:01 715C98AA5955E7E07FB99D87F522E73A 200192 ------w- C:\Users\Administrator\AppData\Local\Temp\jna\jna8429816115605001137.dll 2016-02-19 00:29:00 9D6289057C897371383D2210154CE455 307880 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\tmp\wpm_v20.0.0.2515.exe 2016-02-13 21:58:56 95B14C3C23E1CB7793A906675FF4F7E2 115616 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\QQBrowser.exe 2016-02-13 21:58:56 66C3A1A73E29552A0A17A8F3E6D03A53 99840 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\Update.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-02-19 12:50:06 AAF471014A7AE196B48E9E4008C62EB3 110176 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll 2016-02-12 10:50:05 F6A78A4E59D2CEEFA9136BC2B478E47C 1363456 ----a-w- C:\Windows\Sysnative\appraiser.dll 2016-02-12 10:50:05 B90F30AFD61F10CED6049DF50450CCBB 677376 ----a-w- C:\Windows\Sysnative\generaltel.dll 2016-02-12 10:50:05 937314C7FF22A9F6640BEE767DA282A9 25024 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2016-02-12 10:50:05 8D36D17AD740E2C44BD5AD0751BAEF8A 696832 ----a-w- C:\Windows\Sysnative\invagent.dll 2016-02-12 10:50:05 6D437CA139C75F225B25BFA660381F2C 1162240 ----a-w- C:\Windows\Sysnative\aeinv.dll 2016-02-12 10:50:05 2F46AC58A1234A843DCE2454A4ACD7C3 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll 2016-02-12 10:50:05 2920FFC7DC7D0952B22A00309BC4267A 499712 ----a-w- C:\Windows\Sysnative\devinv.dll ====== C:\Windows\Sysnative\drivers ===== 2016-02-23 14:22:14 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-02-23 14:21:43 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2016-02-23 14:21:43 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2016-02-23 14:21:43 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2016-02-23 13:49:39 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys 2016-02-22 14:34:39 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Windows\Sysnative\drivers\revoflt.sys ====== C:\Windows\Tasks ====== 2016-02-23 15:32:42 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-02-25 13:59:19 -------- d-----w- C:\Program Files\trend micro 2016-02-23 20:08:14 -------- d-----w- C:\Program Files\Speccy 2016-02-23 15:32:10 -------- d-----w- C:\Program Files\Bonjour 2016-02-22 14:34:38 -------- d-----w- C:\Program Files\VS Revo Group 2016-02-19 12:49:36 -------- d-----w- C:\Program Files\Java ======= C:\PROGRA~2 ===== 2016-02-23 15:32:35 -------- d-----w- C:\PROGRA~2\Apple Software Update 2016-02-23 15:32:10 -------- d-----w- C:\PROGRA~2\Bonjour 2016-02-19 12:40:18 -------- d-----w- C:\PROGRA~2\tinyumbrella 2016-02-19 09:02:08 -------- d-----w- C:\PROGRA~2\Windows Installer Clean Up 2016-02-19 09:02:01 -------- d-----w- C:\PROGRA~2\MSECACHE ======= C: ===== 2016-02-23 13:50:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Administrator\AppData\Roaming ====== 2016-02-23 16:20:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TeamViewer 2016-02-23 08:27:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs 2016-02-22 14:34:45 -------- d-----w- C:\Users\Administrator\AppData\Local\VS Revo Group ====== C:\Users\Administrator ====== 2016-02-25 14:13:18 -------- d-----w- C:\ProgramData\Logs 2016-02-25 14:12:06 7317CD4FC601C62774B484CE7427C198 5444000 ----a-w- C:\Users\Administrator\Downloads\dffsetup-msvcr100.exe 2016-02-25 13:58:55 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Administrator\Downloads\RSITx64.exe 2016-02-23 20:08:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-02-23 20:07:00 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\Administrator\Downloads\spsetup129.exe 2016-02-23 19:57:59 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Administrator\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-02-23 16:20:23 FC9E99A1FF6B14749C9DB45A2ECC2E87 5504104 ----a-w- C:\Users\Administrator\Downloads\TeamViewerQS_nl-idc5552wz4 (1).exe 2016-02-23 16:19:48 FC9E99A1FF6B14749C9DB45A2ECC2E87 5504104 ----a-w- C:\Users\Administrator\Downloads\TeamViewerQS_nl-idc5552wz4.exe 2016-02-23 16:16:33 C06C15446EB63ABA8474630B26CDA488 152447768 ----a-w- C:\Users\Administrator\Downloads\iTunes6464Setup (2).exe 2016-02-23 16:05:49 E38F964D09275CAB0DA2383F5BBC0868 6828320 ----a-w- C:\Users\Administrator\Downloads\ccsetup514.exe 2016-02-23 15:54:11 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (4).exe 2016-02-23 15:45:19 BF5353A2C87DD00E09C573CD06EA6C57 411280 ----a-w- C:\Users\Administrator\Downloads\fix_msvcr100.dll-setup.exe 2016-02-23 15:41:17 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Administrator\Downloads\WinThruster_2016_Setup (1).exe 2016-02-23 15:41:03 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Administrator\Downloads\WinThruster_2016_Setup.exe 2016-02-23 15:39:21 BF5353A2C87DD00E09C573CD06EA6C57 411280 ----a-w- C:\Users\Administrator\Downloads\fix_msvcp100.dll-setup.exe 2016-02-23 15:26:15 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (2).exe 2016-02-23 14:21:01 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024 (1).exe 2016-02-23 14:20:48 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe 2016-02-23 13:50:00 -------- d-----w- C:\Users\Administrator\Start Menu 2016-02-23 13:49:18 A752F420A0920E5D7A00F9BBF5D3BF51 3286400 ----a-w- C:\Users\Administrator\Downloads\SpyHunter-Installer.exe 2016-02-22 14:34:39 -------- d-----w- C:\ProgramData\VS Revo Group 2016-02-22 14:34:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2016-02-22 14:33:57 CFA5DD4880CC8C0EB30EA6610AF45AD3 11199448 ----a-w- C:\Users\Administrator\Downloads\RevoUninProSetup.exe 2016-02-22 14:25:18 9AD218BEB93F936F3046A5615CC058A5 167583000 ----a-w- C:\Users\Administrator\Downloads\iTunes6464Setup (1).exe 2016-02-22 14:15:35 8645EE33B2621D63891BAC7CE2614CCE 133063960 ----a-w- C:\Users\Administrator\Downloads\iTunes64Setup (2).exe 2016-02-22 14:14:11 839F353DA85D5BBBB437369A769947B7 117766424 ----a-w- C:\Users\Administrator\Downloads\iTunesSetup (1).exe 2016-02-22 13:50:21 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (1).exe 2016-02-19 13:06:08 -------- d-----w- C:\Windows\SysNative\config\systemprofile\.oracle_jre_usage 2016-02-19 12:40:39 -------- d-----w- C:\Users\Administrator\.tu 2016-02-19 11:36:53 AEF3BA51F80472962C8DF5120BC4B969 2535424 ----a-w- C:\Users\Administrator\Downloads\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe 2016-02-19 09:11:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2016-02-19 09:01:54 D5F4AB6063B3B3795B1C0F0CF30C7DFB 359656 ----a-w- C:\Users\Administrator\Downloads\msicuu2.exe 2016-02-19 08:19:04 1CADD70D03B963BCEC32B222543544EF 112794960 ----a-w- C:\Users\Administrator\Downloads\iTunes64Setup (1).exe 2016-02-19 08:13:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-18 13:54:21 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2016-02-18 13:52:30 C06C15446EB63ABA8474630B26CDA488 152447768 ----a-w- C:\Users\Administrator\Downloads\iTunes6464Setup.exe 2016-02-18 13:28:12 56E1BBE600B9A48AB82DB8E321EDACB3 80521624 ----a-w- C:\Users\Administrator\Downloads\iTunes64Setup.exe 2016-02-18 13:24:41 ADACCDC99F8D4F2F96DE6C21337D84B0 137699152 ----a-w- C:\Users\Administrator\Downloads\iTunesSetup.exe ====== C: exe-files == 2016-02-25 14:12:06 7317CD4FC601C62774B484CE7427C198 5444000 ----a-w- C:\Users\Administrator\Downloads\dffsetup-msvcr100.exe 2016-02-25 13:59:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Administrator.exe 2016-02-25 13:58:55 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Administrator\Downloads\RSITx64.exe 2016-02-23 20:07:00 FF70EB133BE86B9F9EB18E274DAA6B6C 5111240 ----a-w- C:\Users\Administrator\Downloads\spsetup129.exe 2016-02-23 19:57:59 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Administrator\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-02-23 16:20:23 FC9E99A1FF6B14749C9DB45A2ECC2E87 5504104 ----a-w- C:\Users\Administrator\Downloads\TeamViewerQS_nl-idc5552wz4 (1).exe 2016-02-23 16:20:04 FBC76FB8AC96C179E4D0BC806B850748 230672 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_w32.exe 2016-02-23 16:20:04 FA1520D147762335B5DB0B26C243A84A 4346640 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe 2016-02-23 16:20:04 A5D231AA03D07428BB73BCCBF0CD5BA5 5301520 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe 2016-02-23 16:20:04 24B9BA271BC87C8B9FC05A688923652F 263952 ----a-w- C:\Users\Administrator\AppData\Local\Temp\TeamViewer\tv_x64.exe 2016-02-23 16:19:48 FC9E99A1FF6B14749C9DB45A2ECC2E87 5504104 ----a-w- C:\Users\Administrator\Downloads\TeamViewerQS_nl-idc5552wz4.exe 2016-02-23 16:16:33 C06C15446EB63ABA8474630B26CDA488 152447768 ----a-w- C:\Users\Administrator\Downloads\iTunes6464Setup (2).exe 2016-02-23 16:05:49 E38F964D09275CAB0DA2383F5BBC0868 6828320 ----a-w- C:\Users\Administrator\Downloads\ccsetup514.exe 2016-02-23 15:54:11 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (4).exe 2016-02-23 15:45:19 BF5353A2C87DD00E09C573CD06EA6C57 411280 ----a-w- C:\Users\Administrator\Downloads\fix_msvcr100.dll-setup.exe 2016-02-23 15:41:17 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Administrator\Downloads\WinThruster_2016_Setup (1).exe 2016-02-23 15:41:03 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\Administrator\Downloads\WinThruster_2016_Setup.exe 2016-02-23 15:39:21 BF5353A2C87DD00E09C573CD06EA6C57 411280 ----a-w- C:\Users\Administrator\Downloads\fix_msvcp100.dll-setup.exe 2016-02-23 15:26:15 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (2).exe 2016-02-23 14:21:01 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024 (1).exe 2016-02-23 14:20:48 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe 2016-02-23 13:49:18 A752F420A0920E5D7A00F9BBF5D3BF51 3286400 ----a-w- C:\Users\Administrator\Downloads\SpyHunter-Installer.exe 2016-02-23 13:24:04 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\B18.tmp.exe 2016-02-23 11:29:45 05675186AA439E13CF4D49B41FC78CCD 116736 ----a-w- C:\Windows\Temp\rnsA7B7.tmp.exe 2016-02-23 08:43:47 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\D935.tmp.exe 2016-02-23 08:43:09 CDB37B31840DF526120388CE4049EEB3 1041831 ----a-w- C:\Users\Administrator\AppData\Local\Temp\4751.tmp.exe 2016-02-22 19:01:10 45AB0193BCF8693503AF810B1E60D7FE 879512 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.116\48.0.2564.116_48.0.2564.109_chrome_updater.exe 2016-02-22 14:34:39 C1E5BFBDAB6B3439BBF3E8CDADD4A4A9 3689000 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe 2016-02-22 14:34:39 04EFED15350A230218D3884C95C1931F 7151696 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe 2016-02-22 14:34:38 FC6E5B19202BF78457710BE0D0C09CDF 1278743 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe 2016-02-22 14:34:38 C848B596D262A6CA401895DD0864035C 16409632 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe 2016-02-22 14:34:38 7F3B3ABA994FBFCC90FF8FED64111CDB 81360 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe 2016-02-22 14:33:57 CFA5DD4880CC8C0EB30EA6610AF45AD3 11199448 ----a-w- C:\Users\Administrator\Downloads\RevoUninProSetup.exe 2016-02-22 14:25:18 9AD218BEB93F936F3046A5615CC058A5 167583000 ----a-w- C:\Users\Administrator\Downloads\iTunes6464Setup (1).exe 2016-02-22 14:15:35 8645EE33B2621D63891BAC7CE2614CCE 133063960 ----a-w- C:\Users\Administrator\Downloads\iTunes64Setup (2).exe 2016-02-22 14:14:11 839F353DA85D5BBBB437369A769947B7 117766424 ----a-w- C:\Users\Administrator\Downloads\iTunesSetup (1).exe 2016-02-22 13:50:21 7D54D51615F50430009B9532CCAF4D97 125168408 ----a-w- C:\Users\Administrator\Downloads\icloudsetup (1).exe 2016-02-21 23:55:34 0C08F8B7116778A5F507878257F4BD57 384512 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\tmp\SSFK_2.0.6.80.exe 2016-02-21 23:16:34 21D5EE1A419C265F3E8C3CDA62BDD118 387584 ----a-w- C:\Users\Administrator\AppData\Local\Temp\iad79\tmp\UninstallManager.exe 2016-02-19 12:49:55 F690BEF3B352154024CC8DAEAFC3F017 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\klist.exe 2016-02-19 12:49:55 F04E05000139592EA72B3E142FB9FD62 76896 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\javacpl.exe 2016-02-19 12:49:55 D5FBC5CC71DA8B722FCE8C468ECC3258 15968 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\jjs.exe 2016-02-19 12:49:55 D4D330946BEB324853F2306D84B14C46 34400 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\jabswitch.exe 2016-02-19 12:49:55 D0C8D42154314DB21852CA22705DA54D 100448 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\jp2launcher.exe 2016-02-19 12:49:55 BA2A18514C6E4A53CC7A29422D96EFB4 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\policytool.exe 2016-02-19 12:49:55 AEE7112AE2291BF328ED71DD818D46B9 326752 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\javaws.exe 2016-02-19 12:49:55 A8B3DEDEB1CDB408FE126BC2940F86FA 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\tnameserv.exe 2016-02-19 12:49:55 6EF4C8F728EFBFDD1DA78309857DE59D 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\pack200.exe 2016-02-19 12:49:55 6E09FFD856EE0F55080AE3E21DDAE6E6 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\servertool.exe 2016-02-19 12:49:55 5795F96A8D838DEBEDA33EC156693229 206944 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\javaw.exe 2016-02-19 12:49:55 5057E094733E134AF2BD0D488AA4A412 15968 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\java-rmi.exe 2016-02-19 12:49:55 50376C0D63BB0D55151DAC03B7B79F8B 206944 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\java.exe 2016-02-19 12:49:55 36DD94F6DECDF2EE5F754F0F2F4EB271 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\orbd.exe 2016-02-19 12:49:55 36C7988BE7B9C4DA470A664098A03D00 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\kinit.exe 2016-02-19 12:49:55 31326AB9B941E6980B551F58C438E562 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\rmiregistry.exe 2016-02-19 12:49:55 2E82A41FC616F0FC98451E8318C2457D 66144 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\ssvagent.exe 2016-02-19 12:49:55 29C52B12475CEBB49436C7B18BE38450 15968 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\rmid.exe 2016-02-19 12:49:55 296A7CE0351BBFC7E4F80556126DD586 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\ktab.exe 2016-02-19 12:49:55 28544839468F2235F35088C066A20EFB 16480 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\keytool.exe 2016-02-19 12:49:55 25404A1ED6D2557ADFC59B03D765C341 197216 ----a-w- C:\Program Files\Java\jre1.8.0_71\bin\unpack200.exe 2016-02-19 11:36:53 AEF3BA51F80472962C8DF5120BC4B969 2535424 ----a-w- C:\Users\Administrator\Downloads\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe === C: other files == 2016-02-23 15:49:27 7145CF675972F3325F8A5ACDA7DA57BF 385134 ----a-w- C:\Users\Administrator\Downloads\msvcr100.zip 2016-02-23 14:22:14 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-02-23 14:21:43 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-02-23 14:21:43 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-02-23 14:21:43 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-02-23 13:50:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2016-02-23 13:49:39 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2016-02-22 14:34:39 9C41DE96339224A51AB950A3E74FBDA4 28 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\reg_lp.bat 2016-02-22 14:34:39 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2016-02-22 14:34:39 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys 2016-02-19 12:49:55 0D480A26CCFB8B6DA2E2B7A2805BA6C6 14130 ----a-w- C:\Program Files\Java\jre1.8.0_71\lib\deploy\ffjcext.zip ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" "Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2295969631-2129697342-2820095298-500\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" "Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Folders ====================== 2012-08-12 09:17:46 1975 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connected Home Utility.lnk 2012-08-23 20:17:50 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:4C:8C:\ProgramC:FilesC:x86\Dropbox\Update\DropboxUpdate.exe [] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [05-01-2016 13:35] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23-08-2012 21:19] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[13-08-2014 21:06] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05-01-2016 13:35] Google Drive - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast SafePrice - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck iCloud Bookmarks - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Google Docs Offline - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{4BBFB672-5A09-4412-B36A-68EC7AA18FE6} - http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= HKCU\Wow6432Node\SearchScopes "DefaultScope"="" HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3B0CE92E6B6831E46B8349AA8C2BD1B9 deleted successfully HKEY_CURRENT_USER\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E29EC0B3-86B6-4E13-B638-94AAC8B21D9B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3B0CE92E6B6831E46B8349AA8C2BD1B9 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [KPNBackupOnline] "C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe" minimized O4 - HKCU\..\Run: [Polar FlowSync] C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.4726.0226" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5860.0512" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [KPNBackupOnline] "C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe" minimized (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [KPNBackupOnline] "C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe" minimized (User 'Default user') O4 - Global Startup: Connected Home Utility.lnk = C:\Program Files (x86)\Sweex\Common\RaUI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KPN Back-up Online SC - KPN - C:\Program Files\KPN Back-up Online\BackupSC.exe O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sweex\Common\RaRegistry.exe O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sweex\Common\RaRegistry64.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=38 folders=12 23402592 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on vr 26-02-2016 at 10:24:08,20 ======================