Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Eigenaar on do 05-01-2017 at 11:51:20,42. Microsoft Windows 10 Pro 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eigenaar\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 5-1-2017 11:52:59 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\CEWEFOTOBOEK deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\TicTacPhoto2014 deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Bluetooth deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Eigenaar\AppData\Local\ActiveSync deleted successfully C:\Users\Eigenaar\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Eigenaar\AppData\Local\EmieSiteList deleted successfully C:\Users\Eigenaar\AppData\Local\EmieUserList deleted successfully C:\Users\Eigenaar\AppData\Local\NetworkTiles deleted successfully C:\Users\Eigenaar\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\WINDOWS\SysWoW64\svchost.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Monitor.exe C:\WINDOWS\SysWoW64\ctfmon.exe C:\Users\Eigenaar\Desktop\zoek.exe C:\WINDOWS\SysWoW64\cmd.exe C:\Windows\SysWoW64\cmd.exe C:\WINDOWS\SysWoW64\cmd.exe C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe R2 - [ACDaemon] - ArcSoft Connect Daemon - c:\program files (x86)\common files\arcsoft\connection service\bin\acservice.exe R2 - [AcrSch2Svc] - Acronis Scheduler2 Service - c:\program files (x86)\common files\acronis\schedule2\schedul2.exe R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [afcdpsrv] - Acronis Nonstop Backup Service - c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe R2 - [ApHidMonitorService] - Alps HID Monitor Service - c:\program files\apoint2k\hidmonitorsvc.exe R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe R2 - [IconMan_R] - IconMan_R - c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [MBAMService] - Malwarebytes Service - c:\program files\malwarebytes\anti-malware\mbamservice.exe R2 - [MSMQ] - Message Queuing - c:\windows\system32\mqsvc.exe R2 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe R2 - [syncagentsrv] - Acronis Sync Agent Service - c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R2 - [ZAtheros Wlan Agent] - ZAtheros Wlan Agent - c:\program files (x86)\atheros\ath_wlanagent.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NvStreamNetworkSvc] - NVIDIA Streamer Network Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [Sense] - Windows Defender Advanced Threat Protection Service - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [UevAgentService] - User Experience Virtualization Service - c:\windows\system32\agentservice.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] @=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\CEWEFOTOBOEK not found C:\PROGRA~2\TicTacPhoto2014 not found C:\ProgramData\{b760ca3c-6a7e-9522-b760-0ca3c6a728f1} not found C:\ProgramData\{b760ca3c-6a7e-9522-b760-0ca3c6a728f1} not found C:\PROGRA~3\HPs deleted C:\PROGRA~3\HP deleted C:\found.000 deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Eigenaar\AppData\LocalLow\{727E7317-B8F3-BFF4-FD81-26B6DCE4DFF8} deleted C:\Users\Eigenaar\AppData\LocalLow\{92B243C5-0403-5B33-9E4E-36FD68B7E474} deleted C:\Users\Eigenaar\AppData\LocalLow\{C86126F2-0BE5-0FA3-4EF4-84AF8F30B945} deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\Syswow64\RENE82C.tmp deleted "C:\Users\Eigenaar\AppData\Roaming\Vso" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8031 MB CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz CPU Speed: 2558,5 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Bluetooth-apparaat (Personal Area Network) | Atheros AR5BWB222 Wireless Network Adapter | Microsoft Wi-Fi Direct Virtual Adapter CD / DVD Drives: 1x (E: | ) E: PIONEER DVD-RW DVRTD11RS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 244,6GB | D: 438,5GB Hard Disks - Free: C: 163,6GB | D: 68,7GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | 04/19/12 | ACRSYS - 1 Time Zone: Romance (standaardtijd) Motherboard *: Type2 - Board Vendor Name1 VA70_HC Country: Nederland Language: NLD ==== System Specs (Software) ====================== SP: SUPERAntiSpyware *Enabled/Updated* {222A897C-5018-402e-943F-7E7AC8560DA7} Default Browser: Google Chrome 55.0.2883.87 Internet Explorer Version: 11.576.14393.0 Google Chrome version: 55.0.2883.87 Adobe Reader version: 15.20.20042.205528 Sun Java version: 1.8.0_111 (32-bit) Sun Java version: 1.8.0_111 (64-bit) Flash Player version: 23.0.0.185 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-12-09 20:16:35 4E10FB1A015B49AC68F76C1A3F4D9C0F 4673304 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\Eigenaar\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-12-29 16:01:06 3BEC6134F1E45AEF5E971F69F0D38510 176064 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMChameleon.sys 2016-12-29 16:00:55 F3960CA85778E5D7611EE0F501972340 102856 ----a-w- C:\WINDOWS\Sysnative\drivers\farflt.sys 2016-12-29 16:00:55 205C2D377E1CA85A4465491DB8064DA9 91584 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-12-29 16:00:51 88BD122C3A35DE63D75D382DF75554CE 43968 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-12-29 16:00:36 4D7F3114147C31390262F19F74E5BF07 77416 ----a-w- C:\WINDOWS\Sysnative\drivers\mbae64.sys 2016-12-15 17:45:10 B0D9B87B795B7833C9152441CBD55CC4 624048 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-12-15 17:45:09 D24345315139AAF6E3DF106344EE9422 658784 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-12-15 17:45:09 5634BF53BE184314A82E638EAD67DE73 402272 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-12-15 17:45:09 19F2B54EE8861D90579BD0E3AE5182F9 2189664 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-12-15 17:44:20 B72D26074E72A757D788FB1BEF8B2F2E 377184 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys 2016-12-09 20:17:53 851ED52AE3E62CD5374BD4BBFF7A9DAB 967168 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-12-09 20:17:39 CDBD029BAEC8D09F6FBD404632D9AF28 128352 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2016-12-09 20:17:36 FA918EC296EB410FF02867D008D02421 352096 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys 2016-12-09 20:17:25 9627BBAA50878F6833A6A7843EE3B1D9 258560 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys 2016-12-09 20:17:17 46171262D0E806779DEEDFCAB2F830CC 219488 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2016-12-09 20:17:07 0D50B3F3AB32D416786B58D4553859CE 42496 ----a-w- C:\WINDOWS\Sysnative\drivers\modem.sys 2016-12-09 20:17:01 E2DD2E5BDCCD225670831B439826065B 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-12-09 20:16:56 55CA5329D1ADEB8F8034045930147AE4 713216 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-12-09 20:16:51 D4D12BC29DE0F09280868FDCA65B3474 282624 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2016-12-09 20:16:38 93A77008A8932FC84A173C4E97E52874 223584 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2016-12-09 20:16:34 AF6963414B820B7C45578ED3300438A7 433504 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2017-01-04 18:57:49 -------- d-----w- C:\Program Files\trend micro 2016-12-30 20:52:36 -------- d---a-w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2016-12-29 16:04:08 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Alexandre_Miguel_Canotilh ====== C:\Users\Eigenaar ====== 2017-01-05 09:34:29 4DE53F972F6C234BE770D771D7C3BF4B 2418176 ----a-w- C:\Users\Eigenaar\Downloads\FRST64.exe 2017-01-04 18:56:35 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Eigenaar\Desktop\RSITx64.exe 2017-01-02 12:34:16 77388F14CF6F3E9B1739E8F53B34B3CF 3977168 ----a-w- C:\Users\Eigenaar\Downloads\AdwCleaner.exe 2016-12-30 20:52:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-12-29 15:58:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox ====== C: exe-files == 2017-01-05 10:43:55 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\1CDDD0B3-2C21-4828-BD44-B79F28D8C0A1\DismHost.exe 2017-01-05 10:20:54 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\06D2EAEE-355B-4DE7-811F-BE3120800C2B\DismHost.exe 2017-01-05 09:52:15 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\A71CBD87-8721-4F17-A533-E8F28ABEDBC7\DismHost.exe 2017-01-05 09:34:29 4DE53F972F6C234BE770D771D7C3BF4B 2418176 ----a-w- C:\Users\Eigenaar\Downloads\FRST64.exe 2017-01-04 18:57:50 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Eigenaar.exe 2017-01-04 18:56:35 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Eigenaar\Desktop\RSITx64.exe 2017-01-04 13:32:44 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\344402F9-1503-4376-AEF6-F09DF3FFD107\DismHost.exe 2017-01-04 12:14:14 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\FBB035F1-314C-4168-B410-AB3686C700E2\DismHost.exe 2017-01-04 09:29:31 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\BC2FA82C-2D7E-4349-9939-ECFD690F4D41\DismHost.exe 2017-01-02 14:05:03 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\3100543B-E823-4A8F-8F5F-332FC358AEC8\DismHost.exe 2017-01-02 12:34:16 77388F14CF6F3E9B1739E8F53B34B3CF 3977168 ----a-w- C:\Users\Eigenaar\Downloads\AdwCleaner.exe 2017-01-01 07:32:09 51A92D389974419D80CFBD811855FB0C 10021008 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00009b31\DAO.21525420.exe 2016-12-31 12:48:12 B993F84544B63DB689261B0C017DF36B 346512 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-12-31 12:48:08 492A41FF37D231A35C5144FAB1F05CB0 403856 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-12-31 07:07:38 AE1037C075B1C3F82B39617D9DC12A59 739312 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00009ac1\CoProc update.21523600.exe === C: other files == 2016-12-30 20:38:10 E80AC4B8C88A9DD6963A5F48E9612FF7 34477 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5X157CER\KlondikeLasVegasDraw3[1].zip 2016-12-30 20:38:10 8E0CC1A870DF405BEC3D24077FEAF1F8 17747 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\35TX3MD7\KlondikeCumulativeVegasDraw1[1].zip 2016-12-30 20:38:10 4C56F5F2CB83D4EB909252DF3A67C4F6 67531 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\TJSC7EWF\KlondikeCumulativeVegasDraw3[1].zip 2016-12-30 20:38:10 0FFFEF8ACA702DBBEEFFCF5B7347B7B6 17720 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5A6K0U7N\KlondikeLasVegasDraw1[1].zip 2016-12-30 20:38:09 807166C206A239897C2976D091C05E02 364348 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5A6K0U7N\Spider2Suit[1].zip 2016-12-30 20:38:09 4A89B2748D792167E162A643EEB610AB 201998 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5X157CER\Spider4Suit[1].zip 2016-12-30 20:38:07 69D572DEDCDF2D21833BAC20A7F99ADC 363725 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\35TX3MD7\Spider1Suit[1].zip 2016-12-30 20:38:06 DD211AEE21CF5CB1A6B8F3B02D9669AD 166453 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5A6K0U7N\KlondikeStandardDraw1[2].zip 2016-12-30 20:38:06 69BA829BBDC80AE044DC22BF83CF8CC2 166403 ----a-w- C:\Users\Eigenaar\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\5X157CER\KlondikeStandardDraw3[2].zip 2016-12-29 16:01:06 3BEC6134F1E45AEF5E971F69F0D38510 176064 ----a-w- C:\Windows\System32\drivers\MBAMChameleon.sys 2016-12-29 16:00:55 F3960CA85778E5D7611EE0F501972340 102856 ----a-w- C:\Windows\System32\drivers\farflt.sys 2016-12-29 16:00:55 205C2D377E1CA85A4465491DB8064DA9 91584 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-12-29 16:00:51 88BD122C3A35DE63D75D382DF75554CE 43968 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-12-29 16:00:36 4D7F3114147C31390262F19F74E5BF07 77416 ----a-w- C:\Windows\System32\drivers\mbae64.sys 2016-12-29 15:58:12 286D345E939E46AB9F6798A97AD8C2F4 150 ----a-w- C:\Windows_Repair_Toolbox\Final Tests\test.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436257\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075709812\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12312016075527361\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436429\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075709875\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12312016075527469\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436695\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075710000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070437382\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075711000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436695\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" [HKEY_USERS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075710000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070437382\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075711000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "Malwarebytes Anti-Malware (reboot)"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2Service" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SAOB Monitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SAOB Monitor" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Acronis\\OnlineBackupStandalone\\TrueImageMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrueImageMonitor.exe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqtra08.exe" "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Eigenaar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download.lnk] "path"="C:\\Users\\Eigenaar\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Download.lnk" "backup"="C:\\Windows\\pss\\Download.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\ProgramData\\{b760ca3c-6a7e-9522-b760-0ca3c6a728f1}\\Download.exe --startup=1" "item"="Download" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Eigenaar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Eigenaar\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE /tsr" "item"="OneNote 2010 Schermopname en Snel starten" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-10-2016 07:07] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-Eigenaar-PC-Eigenaar" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-359008621-143019482-330380727-1000UA" [C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6B83E432-CD8D-4763-9137-DB460B0FF4DA}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-07-16 11:47:48 -------- d-----w- C:\PROGRA~3\regid.1991-06.com.microsoft 2016-07-16 11:47:48 -------- d-----w- C:\PROGRA~3\USOPrivate 2016-07-16 11:47:48 -------- d-s---w- C:\PROGRA~3\Microsoft 2016-08-29 15:53:39 -------- d-----w- C:\PROGRA~3\ArcSoft 2016-10-14 16:45:10 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation 2016-10-14 16:45:27 -------- d-----w- C:\PROGRA~3\NVIDIA 2016-10-14 17:17:47 -------- d-sh--we C:\PROGRA~3\Application Data 2016-10-14 17:18:16 -------- d-----w- C:\PROGRA~3\USOShared 2016-10-14 17:20:57 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-11-15 07:04:34 -------- d-----w- C:\PROGRA~3\VS Revo Group ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [13-11-2016 21:28] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [13-11-2016 21:28] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17-01-2013 17:17] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Eigenaar\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Eigenaar\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] selector is not a valid CSS selector - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Avast SafePrice - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Whitelisted domains - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom AdbIck Plus - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhdkdphjifgeidjfpcninoillbefoag Chrome Media Router - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com/" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{C75F684F-4911-42C2-A646-32B9DBB96E28} - https://www.google.com/search?q={searchTerms} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [OneDrive] "C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436257\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075709812\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12312016075527361\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436429\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075709875\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12312016075527469\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436695\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070436695\..\RunOnce: [Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" (User '?') O4 - HKUS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075710000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-359008621-143019482-330380727-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075710000\..\RunOnce: [Uninstall C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" (User '?') O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070437382\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032017070437382\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User '?') O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075711000\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017075711000\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User '?') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: @oem52.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\Apoint2K\HidMonitorSvc.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2745 folders=142 41737492 bytes) ==== Empty Temp Folders ====================== C:\Users\Eigenaar\AppData\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 05-01-2017 at 12:28:29,02 ======================