Solved I think my pc has a virus

[saskiat]

Hey,

My pc randomly says that I need to reconnect the file history drive and sometimes a windows powershell window opens up and then closes real fast again. I think it might be some malware program.

FRST log down here:
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 24-05-2017

Gestart door USER (Beheerder) op MSI (25-05-2017 22:26:03)

Gestart vanaf C:\Users\USER\Downloads\Programma's

Geladen Profielen: USER (Beschikbare Profielen: USER)

Platform: Windows 10 Home Versie 1703 (X64) Taal: Nederlands (Nederland)

Internet Explorer Versie 11 (Standaardbrowser: Chrome)

Boot Modus: Normal

Handleiding voor Farbar Recovery Scan Tool:


==================== Processen (gefilterd) =================


(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)


(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe

(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe

() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe

() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

 

[saskiat]

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) D:\Downloads programma's\Anti-Malware\MBAMService.exe

(Malwarebytes) D:\Downloads programma's\Anti-Malware\mbamtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Register (gefilterd) ====================


(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)


HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-08-07] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)

HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-24] ()

HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299008 2015-04-21] (MSI)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [540104 2016-03-10] (Veeam Software AG)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3920552 2015-08-07] (Synaptics Incorporated)

HKLM\...\Run: [Malwarebytes TrayApp] => D:\DOWNLOADS PROGRAMMA'S\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)

HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)

HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw

HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\Run: [Spotify Web Helper] => C:\Users\USER\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-25] (Spotify Ltd)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-06]

ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)


==================== Internet (gefilterd) ====================


(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)


Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66

Tcpip\..\Interfaces\{77c667b9-66ea-458f-81d9-4e6b61395a3a}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66


Internet Explorer:

==================

HKU\S-1-5-21-1030029077-151505353-1107238123-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-nl/?ocid=iehp

SearchScopes: HKU\S-1-5-21-1030029077-151505353-1107238123-1001 -> {7074C031-816D-46F7-B707-8296300AA0C2} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)


FireFox:

========

FF DefaultProfile: yi1zh0v0.default

FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\yi1zh0v0.default [2017-04-01]

FF Homepage: Mozilla\Firefox\Profiles\yi1zh0v0.default -> google.nl

FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\yi1zh0v0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-01]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-21] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-21] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

StartMenuInternet: FIREFOX.EXE - D:\Downloads programma's\Firefox\firefox.exe


Chrome:

=======

CHR DefaultProfile: Default

CHR StartupUrls: Default -> "hxxp://google.nl/"

CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]

CHR Extension: (Google Presentaties) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-21]

CHR Extension: (Google Documenten) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-21]

CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-21]

CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-21]

 

[saskiat]

CHR Extension: (Google Spreadsheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-21]

CHR Extension: (Offline Documenten) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]

CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]

CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-21]

CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]

CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-19]


==================== Services (gefilterd) ====================


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)

R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Bestand niet getekend]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Bestand niet getekend]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)

R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-08] (Rivet Networks) [Bestand niet getekend]

R3 lfsvc; C:\WINDOWS\SysWOW64\lfsvc.dll [22528 2015-10-30] (Microsoft Corporation) [Bestand niet getekend]

R2 MBAMService; D:\Downloads programma's\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-04-21] (Micro-Star International Co., Ltd.) [Bestand niet getekend]

R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)

R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [101888 2016-03-10] (Veeam Software AG) [Bestand niet getekend]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]


===================== Drivers (gefilterd) ======================


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)

R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-25] (Malwarebytes)

R1 MpKsl1a3d95cb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31719003-CBC7-44C5-A1A1-04583243DCDF}\MpKsl1a3d95cb.sys [44928 2017-05-25] (Microsoft Corporation)

R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)

R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)

S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-08-07] (Realsil Semiconductor Corporation)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [43680 2015-11-15] (Synaptics Incorporated)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-07] (Synaptics Incorporated)

S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)

S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)

S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()


==================== NetSvcs (gefilterd) ===================


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)



==================== Een Maand Aangemaakt bestanden en mappen ========


(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


2017-05-25 21:23 - 2017-05-25 21:23 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-05-25 21:23 - 2017-05-25 21:23 - 00000881 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-05-25 21:23 - 2017-05-25 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-05-25 21:23 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-05-10 19:31 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-05-10 19:31 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-05-10 19:31 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-05-10 19:31 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-05-10 19:31 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2017-05-10 19:31 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-05-10 19:31 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-05-10 19:31 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-05-10 19:31 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2017-05-10 19:31 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-05-10 19:31 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-05-10 19:31 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2017-05-10 19:31 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-05-10 19:31 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-05-10 19:31 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2017-05-10 19:31 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-05-10 19:31 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2017-05-10 19:31 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-05-10 19:31 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-05-10 19:31 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2017-05-10 19:31 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-05-10 19:31 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-05-10 19:31 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-05-10 19:31 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-05-10 19:31 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-05-10 19:31 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe

2017-05-10 19:31 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2017-05-10 19:31 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-05-10 19:31 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2017-05-10 19:31 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-05-10 19:31 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-05-10 19:31 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2017-05-10 19:31 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-05-10 19:31 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-05-10 19:31 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-05-10 19:31 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-05-10 19:31 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-05-10 19:31 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2017-05-10 19:31 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-05-10 19:31 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-05-10 19:31 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2017-05-10 19:31 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2017-05-10 19:31 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2017-05-10 19:31 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-05-10 19:31 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2017-05-10 19:31 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2017-05-10 19:31 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-05-10 19:31 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-05-10 19:31 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2017-05-10 19:31 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-05-10 19:31 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-05-10 19:31 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-05-10 19:31 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-05-10 19:31 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-05-10 19:31 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2017-05-10 19:31 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-05-10 19:31 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-05-10 19:31 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-05-10 19:31 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-05-10 19:31 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-05-10 19:31 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-05-10 19:31 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-05-10 19:31 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-05-10 19:31 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe

2017-05-10 19:31 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-05-10 19:31 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-05-10 19:31 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-05-10 19:31 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-05-10 19:31 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-05-10 19:31 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2017-05-10 19:31 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-05-10 19:31 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-05-10 19:31 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2017-05-10 19:31 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-05-10 19:31 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2017-05-10 19:31 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll

2017-05-10 19:31 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2017-05-10 19:31 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2017-05-10 19:31 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2017-05-10 19:31 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-05-10 19:31 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-05-10 19:31 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2017-05-10 19:31 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2017-05-10 19:31 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-05-10 19:31 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-05-10 19:31 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-05-10 19:31 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2017-05-10 19:31 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2017-05-10 19:31 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2017-05-10 19:31 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2017-05-10 19:31 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-05-10 19:31 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-05-10 19:31 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-05-10 19:31 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-05-10 19:31 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-05-10 19:31 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-05-10 19:31 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-05-10 19:31 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-05-10 19:31 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-05-10 19:31 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-05-10 19:31 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-05-10 19:31 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2017-05-10 19:31 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-05-10 19:31 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-05-10 19:31 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-05-10 19:31 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-05-10 19:31 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-05-10 19:31 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-05-10 19:31 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2017-05-10 19:31 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe

2017-05-10 19:31 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2017-05-10 19:31 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2017-05-10 19:31 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll

2017-05-10 19:31 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-05-10 19:31 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2017-05-10 19:31 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys

 

[saskiat]

2017-05-10 19:31 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2017-05-10 19:31 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-05-10 19:31 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys

2017-05-10 19:31 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2017-05-10 19:31 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2017-05-10 19:31 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll

2017-05-10 19:31 - 2017-04-19 08:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2017-05-10 19:31 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2017-05-10 19:31 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-05-10 19:31 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-05-10 19:31 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-05-10 19:31 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll

2017-05-10 19:31 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-05-10 19:31 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2017-05-10 19:31 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll

2017-05-10 19:31 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll

2017-05-10 19:31 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll

2017-05-10 19:31 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2017-05-10 19:31 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-05-10 19:31 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2017-05-10 19:31 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2017-05-10 19:31 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2017-05-10 19:31 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2017-05-10 19:31 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2017-05-10 19:31 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2017-05-10 19:31 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll

2017-05-10 19:31 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-05-10 19:31 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2017-05-10 19:31 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-05-10 19:31 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll

2017-05-10 19:31 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-05-10 19:31 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2017-05-10 19:31 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-05-10 19:31 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-05-10 19:31 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll

2017-05-10 19:31 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll

2017-05-10 19:31 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2017-05-10 19:31 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2017-05-10 19:31 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-05-10 19:31 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2017-05-10 19:31 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll

2017-05-10 19:31 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll

2017-05-10 19:31 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll

2017-05-10 19:31 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2017-05-10 19:31 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-05-10 19:31 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll

2017-05-10 19:31 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll

2017-05-10 19:31 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-05-10 19:31 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll

2017-05-10 19:31 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-05-10 19:31 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe

2017-05-10 19:31 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-05-10 19:31 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll

2017-05-10 19:31 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2017-05-10 19:31 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll

2017-05-10 19:31 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll

2017-05-10 19:31 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe

2017-05-10 19:31 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

2017-05-10 19:31 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll

2017-05-10 19:31 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2017-05-10 19:31 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll

2017-05-10 19:31 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll

2017-05-10 19:31 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll

2017-05-10 19:31 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll

2017-05-10 19:31 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2017-05-10 19:31 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-05-10 19:31 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll

2017-05-10 19:31 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-05-10 19:31 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2017-05-10 19:31 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll

2017-05-10 19:31 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2017-05-10 19:31 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2017-05-10 19:31 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2017-05-10 19:31 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2017-05-10 19:31 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2017-05-10 19:31 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-05-10 19:31 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-05-10 19:31 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2017-05-10 19:31 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2017-05-10 19:31 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2017-05-10 19:31 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-05-10 19:31 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll

2017-05-10 19:31 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe

2017-05-10 19:31 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-05-10 19:31 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2017-05-10 19:31 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll

2017-05-10 19:31 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll

2017-05-10 19:31 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2017-05-10 19:31 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2017-05-10 19:31 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2017-05-10 19:31 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2017-05-10 19:31 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll


==================== Een Maand Gewijzigd bestanden en mappen ========


(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


2017-05-25 22:26 - 2016-10-20 15:38 - 00000000 ____D C:\FRST

2017-05-25 22:26 - 2016-10-19 21:16 - 00000000 ____D C:\Users\USER\Downloads\Programma's

2017-05-25 22:13 - 2017-04-14 12:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-05-25 12:37 - 2017-04-14 12:50 - 00000000 ____D C:\Users\USER

2017-05-25 12:37 - 2016-10-29 12:54 - 00000000 ____D C:\Program Files (x86)\Steam

2017-05-25 12:25 - 2016-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA

2017-05-25 12:23 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-05-25 12:22 - 2015-07-24 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2017-05-25 11:50 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-05-25 11:47 - 2017-04-14 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2017-05-25 11:47 - 2016-10-19 18:09 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles

2017-05-24 16:14 - 2016-10-19 21:12 - 00000001 _____ C:\Users\Public\Documents\dgc.txt

2017-05-24 12:07 - 2017-04-14 13:01 - 02013658 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-05-24 12:07 - 2017-03-20 05:54 - 00902650 _____ C:\WINDOWS\system32\perfh013.dat

2017-05-24 12:07 - 2017-03-20 05:54 - 00184092 _____ C:\WINDOWS\system32\perfc013.dat

2017-05-24 12:07 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps

2017-05-24 12:01 - 2017-04-14 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-05-24 12:01 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI

2017-05-24 12:01 - 2016-11-17 17:17 - 00000000 ____D C:\ProgramData\Veeam

2017-05-24 12:01 - 2016-10-19 21:26 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVG

2017-05-24 12:01 - 2016-10-19 21:22 - 00000000 ____D C:\Users\USER\AppData\Local\AvgSetupLog

2017-05-24 12:01 - 2016-10-19 21:22 - 00000000 ____D C:\ProgramData\Avg

2017-05-24 11:59 - 2016-10-19 21:22 - 00000000 ____D C:\Users\USER\AppData\Local\Avg

2017-05-24 11:59 - 2016-10-19 21:22 - 00000000 ____D C:\ProgramData\MFAData

2017-05-23 21:08 - 2016-10-19 20:50 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2017-05-23 13:34 - 2016-10-19 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-05-23 13:32 - 2016-10-19 20:50 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-05-22 10:43 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM

2017-05-13 11:49 - 2017-04-05 18:08 - 00000000 ____D C:\Users\USER\Downloads\Finiah trash

2017-05-12 10:20 - 2016-10-21 19:14 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-05-12 10:20 - 2016-10-21 19:14 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-05-11 14:16 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache

2017-05-10 20:20 - 2017-04-14 12:49 - 00391272 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-05-10 20:20 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF

2017-05-10 20:20 - 2015-07-24 00:51 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-05-10 20:12 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism

2017-05-10 19:33 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-05-10 19:26 - 2016-10-19 18:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages

2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-04-27 23:47 - 2017-04-14 12:55 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-27 23:47 - 2017-04-14 12:55 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore


==================== Bestanden in de root van sommige mappen =======


2017-04-14 12:50 - 2017-04-14 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


==================== Bamital & volsnap ======================


(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)


C:\WINDOWS\system32\winlogon.exe => Bestand is getekend

C:\WINDOWS\system32\wininit.exe => Bestand is getekend

C:\WINDOWS\explorer.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend

C:\WINDOWS\system32\svchost.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend

C:\WINDOWS\system32\services.exe => Bestand is getekend

C:\WINDOWS\system32\User32.dll => Bestand is getekend

C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend

C:\WINDOWS\system32\userinit.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend

C:\WINDOWS\system32\rpcss.dll => Bestand is getekend

C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend

C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend

C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend


LastRegBack: 2017-05-24 15:55


==================== Eind van FRST.txt ============================


Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 24-05-2017

Gestart door USER (25-05-2017 22:26:35)

Gestart vanaf C:\Users\USER\Downloads\Programma's

Windows 10 Home Versie 1703 (X64) (2017-04-14 10:58:14)

Boot Modus: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1030029077-151505353-1107238123-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1030029077-151505353-1107238123-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-1030029077-151505353-1107238123-1000 - Limited - Disabled)

Gast (S-1-5-21-1030029077-151505353-1107238123-501 - Limited - Disabled)

USER (S-1-5-21-1030029077-151505353-1107238123-1001 - Administrator - Enabled) => C:\Users\USER


==================== Security Center ========================


(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Geïnstalleerde programma's ======================


(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)


7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)

Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )

Ansel (Version: 375.57 - NVIDIA Corporation) Hidden

AudioFXSetup (Version: 1.2.201 - Nahimic) Hidden

Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.)

Battery Calibration (x32 Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.) Hidden

Boot Configure (HKLM-x32\...\{A8174BDF-1401-4314-A350-B10B7277DCD7}) (Version: 20.015.07202 - Micro-Star International Co., Ltd.)

BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1507.1901 - Application)

BurnRecovery (x32 Version: 5.0.1507.1901 - Application) Hidden

calibre (HKLM-x32\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)

CheckDevicesConfigurator (Version: 1.2.201 - Nahimic) Hidden

Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.)

Dragon Gaming Center (x32 Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)

Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden

Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)

Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{c92e37dd-de51-4a9e-abfc-54c4b71d1b72}) (Version: 18.11.0 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)

Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.4.0.6 - GOG.com)

Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden

Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden

Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden

Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)

LauncherSetup (Version: 1.2.201 - Nahimic) Hidden

Malwarebytes versie 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)

Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8067.2115 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 50.1.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 nl)) (Version: 50.1.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)

MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.)

MSI Remind Manager (x32 Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.) Hidden

Nahimic for MSI (HKLM-x32\...\{1fd8e4b4-0aa8-4ade-afb4-b4ea2cbd6179}) (Version: 1.2.2 - Nahimic)

NahimicSettingsConfigurator (Version: 1.2.201 - Nahimic) Hidden

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)

NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)

NVIDIA Grafisch stuurprogramma 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)

NVIDIA PhysX Systeem Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden

NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden

Prison Architect (HKLM\...\Steam App 233450) (Version: - Introversion Software)

ProductDaemonSetup (Version: 1.2.201 - Nahimic) Hidden

qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7534 - Realtek Semiconductor Corp.)

SCM (HKLM\...\{EC3EEFE5-DFBE-4535-8A2A-CAEC82A9BB83}) (Version: 13.015.04213 - Application)

SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden

Spotify (HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)

The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)

UIInstallUpgrade (Version: 1.2.201 - Nahimic) Hidden

Veeam Endpoint Backup (HKLM\...\{97BBA6CF-338C-4284-B605-5A5AC00132F8}) (Version: 1.5.0.306 - Veeam Software AG)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

 

[saskiat]

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)


==================== Aangepaste CLSID (gefilterd): ==========================


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)



==================== Geplande Taken (gefilterd) =============


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


Task: {02D5B5E6-92E1-48FA-944B-353EEE632B14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-07] (Synaptics Incorporated)

Task: {04FA91DC-CF29-44A1-ABEA-DEF9D9473F84} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)

Task: {0764303B-DA6E-4FF2-B250-9EAA42870ECA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-25] (Microsoft Corporation)

Task: {1A410503-119A-4FCD-8DC0-5991C9D48C3C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)

Task: {2D8203E0-E1DC-49D8-ADF7-C6F5CE24DB15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)

Task: {42A67F6C-9B7B-49E2-B9CB-0A464D00ACA2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)

Task: {4706D11F-0332-4814-8EDB-4389A0712881} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)

Task: {475A3489-76C1-4D4B-8F92-3C2253205E33} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

Task: {48BC648D-5BD2-4D1F-B1A0-9B725F25248E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)

Task: {54096803-DA6B-4DA0-B98B-8E99CBE30BBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)

Task: {5B104597-E7A3-4817-9162-ED032DDA58EE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)

Task: {69549618-D55F-4249-96A1-96DC16D8B3A4} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-06-24] ()

Task: {69D9CF37-2308-4870-9253-2CA207D7C681} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-06-24] ()

Task: {7FCDF588-719C-421D-AB63-DCB5F51FBA97} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

Task: {978559B3-EF6A-4779-8DF0-1A0DE4B98552} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)

Task: {AE6EC150-F489-42A2-B8D9-2202A446D3FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()

Task: {B6988AC8-FEE7-4B50-8883-92FD4CDD7649} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)

Task: {E6589CFF-DC07-4A16-AE4F-67C2D499CA8C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)

Task: {F26D3798-1FA2-4442-9BBA-0570332F0F20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()

Task: {FAEFB965-6FF2-4A91-8A6E-010A9C4E5F39} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-06-24] ()

Task: {FEC91594-07D9-4FB7-8855-DC55F2AA7F60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)


(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)


Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


==================== Snelkoppelingen =============================


(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)


==================== Geladen Modules (gefilterd) ==============


2016-10-23 17:52 - 2017-01-20 20:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

2016-10-23 17:52 - 2017-01-20 20:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-04-14 12:50 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2015-06-24 00:19 - 2015-06-24 00:19 - 00198112 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll

2015-06-24 00:19 - 2015-06-24 00:19 - 00290272 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll

2016-11-02 00:05 - 2016-11-02 00:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe

2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-06-24 00:15 - 2015-06-24 00:15 - 00532448 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe

2015-06-24 00:15 - 2015-06-24 00:15 - 00813568 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe

2015-06-24 00:20 - 2015-06-24 00:20 - 00272384 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe

2014-01-22 19:44 - 2014-01-22 19:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll

2017-05-08 15:35 - 2017-05-08 15:35 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll

2017-05-08 15:35 - 2017-05-08 15:35 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2017-05-08 15:35 - 2017-05-08 15:35 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2017-05-04 23:26 - 2017-05-04 23:26 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll

2016-10-19 19:30 - 2016-10-19 19:30 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll

2017-05-04 23:26 - 2017-05-04 23:26 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll

2017-05-12 10:20 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll

2017-05-12 10:20 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll

2015-06-24 10:07 - 2015-06-24 10:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2016-10-23 17:52 - 2017-01-20 20:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-10-23 17:52 - 2017-01-20 20:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

2016-10-23 17:52 - 2017-01-20 20:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2015-06-24 00:14 - 2015-06-24 00:14 - 00167904 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIDevProps.dll

2015-06-24 00:15 - 2015-06-24 00:15 - 00258016 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll

2016-10-23 17:52 - 2017-01-20 15:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node

2016-10-23 17:52 - 2017-01-20 15:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node

2016-10-23 17:52 - 2017-01-20 15:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node

2016-10-23 17:52 - 2017-01-20 15:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node

2016-10-23 17:52 - 2017-01-20 15:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

2016-10-23 17:52 - 2017-01-20 15:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

2016-10-23 17:52 - 2017-01-20 15:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node

2017-01-29 18:30 - 2017-01-20 15:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

2016-10-29 12:55 - 2017-03-10 02:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2016-10-29 12:55 - 2017-04-26 01:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll

2016-10-29 12:55 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll

2016-10-29 12:55 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2016-10-29 12:55 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2016-10-29 12:55 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2016-10-29 12:55 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2016-10-29 12:55 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2016-10-29 12:55 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2016-10-29 12:55 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2016-10-29 12:55 - 2017-04-26 01:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2016-10-29 12:55 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2017-03-05 20:52 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll

2016-10-29 12:55 - 2017-04-26 01:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll

2016-10-29 12:55 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll


==================== Alternate Data Streams (gefilterd) =========


(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)



==================== Veilige Modus (gefilterd) ===================


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


==================== Bestandskoppeling (gefilterd) ===============


(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)



==================== Internet Explorer vertrouwde/beperkte toegang ===============


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)



==================== Hosts inhoud: ===============================


(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)


2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts



==================== Andere gebieden ============================


(Momenteel is er geen automatische fix voor dit onderdeel.)


HKU\S-1-5-21-1030029077-151505353-1107238123-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp

DNS Servers: 192.168.2.254 - 195.121.1.34

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is ingeschakeld.


==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"

HKLM\...\StartupApproved\Run: => "ShadowPlay"

HKLM\...\StartupApproved\Run: => "SCM"

HKLM\...\StartupApproved\Run32: => "SUPER CHARGER"

HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\StartupApproved\Run: => "Spotify Web Helper"


==================== Firewall regels (gefilterd) ===============


(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


FirewallRules: [{65496C59-7374-4B8A-925C-29EC4A07FDFC}] => (Allow) D:\Spellen\Skyrim\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{D13EF41D-5B6B-48BA-BF2F-DF7954CF38BC}] => (Allow) D:\Spellen\Skyrim\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{89173B3D-7024-44A4-B20B-DC1F0B0D4CA7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{4071970C-9879-43B5-9E38-0F60A61A6945}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [UDP Query User{1AA95D7A-2496-4A65-BAFD-EDA063F014DC}D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe

FirewallRules: [TCP Query User{C85B03B4-B368-47F3-80A6-368C14ADB2B0}D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe

FirewallRules: [UDP Query User{8546D593-58AD-49C1-A8E2-2418FDEF79FF}D:\spellen\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast\outlast\binaries\win64\olgame.exe

FirewallRules: [TCP Query User{FF3A5C29-4246-4DCA-8010-7BBED962A005}D:\spellen\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast\outlast\binaries\win64\olgame.exe

FirewallRules: [{83784A8C-200B-430C-B8E6-04BB1763F0FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{C423E01B-9C89-4346-B64B-2C4123AE6498}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{AF448771-77F6-466D-8A4E-CC7B7E65EE32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{3422EEAD-EB82-45A5-80C2-EE2DE11F121F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{2AB4A85C-99F6-4285-9521-1EF4428D1F63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{234B4874-5588-402C-B2BE-FE34DEF75FE7}] => (Allow) D:\Downloads programma's\Firefox\firefox.exe

FirewallRules: [{4B576B11-9DA3-4FF0-A21D-F11A49314CAB}] => (Allow) D:\Downloads programma's\Firefox\firefox.exe

FirewallRules: [{361ADB9A-DF1C-4669-AA58-D23FCA13F99F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{C56F732D-A243-487F-AA80-2CF7E01D496D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [UDP Query User{9C2E0FA5-7BAB-4CB6-A713-606925833AB8}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe

FirewallRules: [TCP Query User{5BAA58B3-E80E-4C2E-A83A-6C18177CDB80}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe

FirewallRules: [UDP Query User{633CEB3B-45E3-439E-BD8F-8918272A2D6B}C:\users\USER\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\USER\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{058E74FC-DBAB-47F1-91C8-7485B30AD730}C:\users\USER\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\USER\appdata\roaming\spotify\spotify.exe

FirewallRules: [{47773D8B-5F43-4D92-B16C-6FB4A2E2A950}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe

FirewallRules: [{50869F83-ABA4-458F-8F60-193DB6D62E5B}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe

FirewallRules: [{5CF7B18D-E3F3-4F97-B81E-BE8EAB7E5363}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe

FirewallRules: [{D5912FD9-7481-4C1E-8626-9C684F4E611B}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe

FirewallRules: [{908DCFE4-46C4-475A-A1B0-8F6BBC8510EC}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe

FirewallRules: [{DF60C91B-485D-4501-A085-5AF45180BBD8}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe

FirewallRules: [{6F683BF9-4AE8-43DC-A701-F686CF22E1F8}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

FirewallRules: [{3BC48A78-5CA5-4B75-949E-C50575182933}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe

FirewallRules: [{CD727368-50AD-41B5-9C70-0B886814DAF3}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe

FirewallRules: [{ADFEFAB7-1EDA-44BD-92AD-278ACD3B28AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe

FirewallRules: [{E14E19FC-4B99-4E88-944D-68C80F726698}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe

FirewallRules: [{8A1819D6-53A1-40CE-94EC-6F235F77DA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{5646CB98-A79B-4C0E-8099-091BCF01B22F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{71130062-0EE0-4B2A-87CF-EEEA84488BD7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{8AACA7A2-AB6C-4D82-834F-B7F23948D567}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{EE101B82-71DD-43D6-9738-CD0CAFF16B4E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{07A92AA9-B6CC-4879-A790-9FC24F6398FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{8A85A88F-5ECD-4164-A2D8-730FAE6300F2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{247C728E-2911-41D9-8336-BE31F9751E09}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{01394C87-2B9A-4FE0-ABDA-9703D63F6D33}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{208069BB-0BD0-43E0-AE49-3524F196D3F0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{8F173BB9-C7B3-474C-A4C7-CDC05C6C2940}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{0B926C05-DBA8-41DC-B6C0-18D73FE41945}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{B0162B99-3F8F-41E7-84BE-DDE12C255D9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe


==================== Herstelpunten =========================


05-05-2017 09:23:42 Gepland controlepunt

10-05-2017 19:31:43 Windows Update

18-05-2017 19:02:35 Gepland controlepunt

23-05-2017 13:32:50 Windows Update


==================== Defecte Apparaatbeheer Apparaten =============



==================== Eventlog fouten: =========================


Applicatiefouten:

==================

Error: (05/25/2017 09:23:37 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/25/2017 09:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: mbamtray.exe, versie: 3.0.0.912, tijdstempel: 0x58811d74

Naam van module met fout: mbamtray.exe, versie: 3.0.0.912, tijdstempel: 0x58811d74

Uitzonderingscode: 0xc0000005

Foutmarge: 0x00054645

Id van proces met fout: 0x2624

Starttijd van toepassing met fout: 0x01d2d58bede0b483

Pad naar toepassing met fout: D:\Downloads programma's\Anti-Malware\mbamtray.exe

Pad naar module met fout: D:\Downloads programma's\Anti-Malware\mbamtray.exe

Rapport-id: a4fe20b3-510c-4ba7-97d9-5ac32664bc2d

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:


Error: (05/25/2017 11:50:30 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/24/2017 12:10:19 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/23/2017 09:07:01 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll' niet maken.

Kan afhankelijke assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" niet vinden.

Gebruik sxstrace.exe voor een gedetailleerde diagnose.


Error: (05/23/2017 01:31:48 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.

 

[saskiat]

Error: (05/22/2017 10:43:42 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/21/2017 11:55:03 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/20/2017 12:07:44 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.


Error: (05/20/2017 12:05:27 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: avgwdsvca.exe, versie: 16.151.0.8013, tijdstempel: 0x58ecb5cc

Naam van module met fout: avgcomma.dll, versie: 1.143.2.51391, tijdstempel: 0x584680c6

Uitzonderingscode: 0xc0000005

Foutmarge: 0x0000000000029133

Id van proces met fout: 0xf14

Starttijd van toepassing met fout: 0x01d2c9ba0f65d216

Pad naar toepassing met fout: C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

Pad naar module met fout: C:\Program Files (x86)\AVG\Framework\1\avgcomma.dll

Rapport-id: 1e4255c7-1bdf-47e5-8a73-dd9cd1afda37

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:



Systeemfouten:

=============

Error: (05/25/2017 10:23:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

en APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/25/2017 09:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

en APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/25/2017 06:59:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

en APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/25/2017 03:45:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

en APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/25/2017 11:47:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

en APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/25/2017 11:47:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

en APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/24/2017 03:21:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

en APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/24/2017 12:01:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

en APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/24/2017 12:01:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

en APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


Error: (05/24/2017 12:01:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart:

De aanvraag wordt niet ondersteund.



CodeIntegrity:

===================================

Date: 2017-05-25 14:27:14.830

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:27:54.500

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:08:36.471

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:07.895

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:07.817

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:06.780

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:06.709

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:04.625

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:04.596

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-05-23 21:05:04.482

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.



==================== Geheugen info ===========================


Processor: Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz

Percentage geheugen in gebruik: 44%

Totaal fysiek RAM-geheugen: 8107.23 MB

Beschikbaar fysiek RAM-geheugen: 4535.53 MB

Totaal Virtueel geheugen: 9387.23 MB

Beschikbaar Virtual geheugen: 5015.4 MB


==================== Schijven ================================


Drive c: (OS_Install) (Fixed) (Total:237.18 GB) (Free:178.76 GB) NTFS

Drive d: (Data) (Fixed) (Total:912.55 GB) (Free:697.71 GB) NTFS


==================== MBR & Partitietabel ==================


========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 5781E37C)


Partition: GPT.


========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 5781E359)


Partition: GPT.


==================== Eind van Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[saskiat]

RogueKiller V12.10.10.0 (x64) [May 22 2017] (Free) door Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 10 (10.0.15063) 64 bits version
Gestart in : Normale mode
Gebruiker : USER [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Verwijder -- Datum : 05/26/2017 13:20:15 (Duration : 00:18:01)

¤¤¤ Processen : 0 ¤¤¤

¤¤¤ Register : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1030029077-151505353-1107238123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Vervangen (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1030029077-151505353-1107238123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Vervangen (1)

¤¤¤ Taken : 0 ¤¤¤

¤¤¤ Bestanden : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host-bestand : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤

¤¤¤ Web Browsers : 1 ¤¤¤
[PUP.Gen2][Firefox:Addon] yi1zh0v0.default : Video Downloader professional [ffext_basicvideoext@startpage24] -> Verwijderd

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-3310A +++++
--- User ---
[MBR] 37789831eeed64de0f598bb9b4018066
[BSP] 68a5306a4fdafc15f32df7e70646bd74 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 616448 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 878592 | Size: 242869 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498274304 | Size: 900 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 95845de9640ccb028165a221f6be1fb1
[BSP] 53b201eca593b381027fafde8971d28f : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 934447 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1913749504 | Size: 19421 MB
User = LL1 ... OK
User = LL2 ... OK

 

[saskiat]

Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Scandatum: 26-05-17
Scantijd: 13:44
Logbestand: ddf.txt
Beheerder: Ja

-Software-informatie-
Versie: 3.1.2.1733
Versie componenten: 1.0.122
Update pakketversie: 1.0.2026
Licentie: Gratis

-Systeeminformatie-
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: MSI\USER

-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 367491
Dreigingen herkend: 0
(Geen kwaadaardige items gedetecteerd)
Dreigingen in quarantaine: 0
(Geen kwaadaardige items gedetecteerd)
Verstreken tijd: 1 min, 15 sec

-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)

Module: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)

Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)

Map: 0
(Geen kwaadaardige items gedetecteerd)

Bestand: 0
(Geen kwaadaardige items gedetecteerd)

Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)


(end)

 

[saskiat]

# AdwCleaner v6.047 - Logbestand aangemaakt 26/05/2017 op 13:48:14
# Bijgewerkt op 19/05/2017 door Malwarebytes
# Database : 2017-05-26.5 [Server]
# Besturingssysteem : Windows 10 Home (X64)
# Gebruikersnaam : USER - MSI
# Gestart vanuit : C:\Users\Saskia ter Horst\Downloads\AdwCleaner.exe
# Mode: Scannen
# Ondersteuning : https://www.malwarebytes.com/support



***** [ Services ] *****

Geen kwaadaardige services gevonden.


***** [ Mappen ] *****

Geen kwaadaardige mappen gevonden.


***** [ Bestanden ] *****

Geen kwaadaardige bestanden gevonden.


***** [ DLL ] *****

Geen kwaadaardige DLLs gevonden.


***** [ WMI ] *****

Geen kwaadaardige sleutels gevonden.


***** [ Snelkoppelingen ] *****

Geen geïnfecteerde snelkoppeling gevonden.


***** [ Geplande Taken ] *****

Geen kwaadaardige taak gevonden.


***** [ Register ] *****

Geen kwaadaardige register waardes gevonden.


***** [ Internetbrowsers ] *****

Geen kwaadaardige op Firefox gebaseerde browser items gevonden.
Geen kwaadaardige op Chromium gebaseerde browser items gevonden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1155 bytes] - [26/05/2017 13:48:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1228 bytes] ##########

 

[saskiat]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by USER (Administrator) on vr 26-05-2017 at 13:48:56,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\yi1zh0v0.default\extensions\staged (Folder)
Successfully deleted: C:\Users\USER\Documents\add-in express (Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7074C031-816D-46F7-B707-8296300AA0C2} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 26-05-2017 at 13:50:03,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[saskiat]

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 24-05-2017
Gestart door USER (Beheerder) op MSI (27-05-2017 10:56:35)
Gestart vanaf C:\Users\USER\Downloads\Programma's
Geladen Profielen: USER (Beschikbare Profielen: USER)
Platform: Windows 10 Home Versie 1703 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool:

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) D:\Downloads programma's\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Malwarebytes) D:\Downloads programma's\Anti-Malware\mbamtray.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Register (gefilterd) ====================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-24] ()
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299008 2015-04-21] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [540104 2016-03-10] (Veeam Software AG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3920552 2015-08-07] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\DOWNLOADS PROGRAMMA'S\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\Run: [Spotify Web Helper] => C:\Users\USER\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-25] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-06]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Tcpip\..\Interfaces\{77c667b9-66ea-458f-81d9-4e6b61395a3a}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66

Internet Explorer:
==================
HKU\S-1-5-21-1030029077-151505353-1107238123-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-nl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: yi1zh0v0.default
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\yi1zh0v0.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\yi1zh0v0.default -> google.nl
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\yi1zh0v0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Downloads programma's\Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.nl/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-05-27]
CHR Extension: (Google Presentaties) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-21]
CHR Extension: (Google Documenten) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-21]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-21]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-21]
CHR Extension: (Google Spreadsheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-21]
CHR Extension: (Offline Documenten) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-21]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-19]

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Bestand niet getekend]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Bestand niet getekend]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-08] (Rivet Networks) [Bestand niet getekend]
R3 lfsvc; C:\WINDOWS\SysWOW64\lfsvc.dll [22528 2015-10-30] (Microsoft Corporation) [Bestand niet getekend]
R2 MBAMService; D:\Downloads programma's\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-04-21] (Micro-Star International Co., Ltd.) [Bestand niet getekend]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [101888 2016-03-10] (Veeam Software AG) [Bestand niet getekend]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-26] (Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-08-07] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [43680 2015-11-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-07] (Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-05-26 13:47 - 2017-05-26 13:48 - 00000000 ____D C:\AdwCleaner
2017-05-26 13:45 - 2017-05-26 13:45 - 00001388 _____ C:\Users\USER\Downloads\ddf.txt
2017-05-26 13:23 - 2017-05-26 13:23 - 01663672 _____ (Malwarebytes) C:\Users\USER\Downloads\JRT.exe
2017-05-26 13:21 - 2017-05-26 13:21 - 04110280 _____ C:\Users\USER\Downloads\AdwCleaner.exe
2017-05-26 13:20 - 2017-05-26 15:23 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-26 13:19 - 2017-05-26 13:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-26 13:19 - 2017-05-26 13:19 - 00000909 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-26 13:19 - 2017-05-26 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-26 13:19 - 2017-05-26 13:19 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-26 13:18 - 2017-05-26 13:18 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-26 13:18 - 2017-05-26 13:18 - 00000881 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-26 13:18 - 2017-05-26 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-26 13:18 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-26 13:16 - 2017-05-26 13:17 - 35462032 _____ (Adlice Software ) C:\Users\USER\Downloads\RogueKiller_setup.exe
2017-05-10 19:31 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 19:31 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 19:31 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 19:31 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 19:31 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 19:31 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 19:31 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 19:31 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 19:31 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 19:31 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 19:31 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 19:31 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 19:31 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 19:31 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 19:31 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 19:31 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 19:31 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 19:31 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 19:31 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 19:31 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 19:31 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 19:31 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 19:31 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 19:31 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 19:31 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 19:31 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 19:31 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 19:31 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 19:31 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 19:31 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 19:31 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 19:31 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 19:31 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 19:31 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 19:31 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 19:31 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 19:31 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 19:31 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 19:31 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 19:31 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 19:31 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 19:31 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 19:31 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 19:31 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 19:31 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 19:31 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 19:31 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 19:31 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 19:31 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 19:31 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 19:31 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 19:31 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 19:31 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 19:31 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 19:31 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 19:31 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 19:31 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 19:31 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 19:31 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 19:31 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 19:31 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 19:31 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 19:31 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 19:31 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 19:31 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 19:31 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 19:31 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 19:31 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 19:31 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 19:31 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 19:31 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 19:31 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 19:31 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 19:31 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 19:31 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 19:31 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 19:31 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 19:31 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 19:31 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 19:31 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 19:31 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 19:31 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 19:31 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 19:31 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 19:31 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 19:31 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 19:31 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 19:31 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 19:31 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 19:31 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 19:31 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 19:31 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 19:31 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 19:31 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 19:31 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 19:31 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 19:31 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 19:31 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 19:31 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 19:31 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 19:31 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 19:31 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 19:31 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 19:31 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 19:31 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 19:31 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 19:31 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 19:31 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 19:31 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 19:31 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 19:31 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 19:31 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 19:31 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 19:31 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-10 19:31 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 19:31 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-10 19:31 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-10 19:31 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-10 19:31 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-10 19:31 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-10 19:31 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-10 19:31 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-10 19:31 - 2017-04-19 08:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-10 19:31 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-10 19:31 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 19:31 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 19:31 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 19:31 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-10 19:31 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 19:31 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 19:31 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-10 19:31 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-10 19:31 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-10 19:31 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-10 19:31 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 19:31 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 19:31 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 19:31 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 19:31 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 19:31 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 19:31 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-10 19:31 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-10 19:31 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 19:31 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-10 19:31 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-10 19:31 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-10 19:31 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-10 19:31 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-10 19:31 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 19:31 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-10 19:31 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-10 19:31 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-10 19:31 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-10 19:31 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-10 19:31 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 19:31 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 19:31 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-10 19:31 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-10 19:31 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-10 19:31 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-10 19:31 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-10 19:31 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-10 19:31 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-10 19:31 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-10 19:31 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-10 19:31 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 19:31 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-10 19:31 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-10 19:31 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-10 19:31 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-10 19:31 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-10 19:31 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-10 19:31 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-10 19:31 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-10 19:31 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-10 19:31 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-10 19:31 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-10 19:31 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-10 19:31 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 19:31 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-10 19:31 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 19:31 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-10 19:31 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-10 19:31 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-10 19:31 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-10 19:31 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-10 19:31 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-10 19:31 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-10 19:31 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 19:31 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-10 19:31 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-10 19:31 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-10 19:31 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 19:31 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-10 19:31 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-10 19:31 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-10 19:31 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-10 19:31 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-10 19:31 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-10 19:31 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-10 19:31 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-10 19:31 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-10 19:31 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-10 19:31 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 19:31 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 19:31 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-10 19:31 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-10 19:31 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-05-27 10:56 - 2016-10-20 15:38 - 00000000 ____D C:\FRST
2017-05-27 10:56 - 2016-10-19 21:16 - 00000000 ____D C:\Users\USER\Downloads\Programma's
2017-05-27 10:55 - 2017-04-14 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-27 10:55 - 2016-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-27 10:55 - 2016-10-19 18:09 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2017-05-26 15:59 - 2017-04-14 12:50 - 00000000 ____D C:\Users\USER
2017-05-26 15:59 - 2016-10-29 12:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-26 15:14 - 2017-04-14 12:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-26 13:42 - 2016-10-19 21:12 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2017-05-26 13:36 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-26 13:22 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-26 13:22 - 2016-11-16 18:55 - 00000000 ____D C:\Users\USER\Downloads\Studiewijzers
2017-05-26 13:13 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-26 13:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-25 12:23 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 12:22 - 2015-07-24 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-24 12:07 - 2017-04-14 13:01 - 02013658 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-24 12:07 - 2017-03-20 05:54 - 00902650 _____ C:\WINDOWS\system32\perfh013.dat
2017-05-24 12:07 - 2017-03-20 05:54 - 00184092 _____ C:\WINDOWS\system32\perfc013.dat
2017-05-24 12:01 - 2017-04-14 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 12:01 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-05-24 12:01 - 2016-11-17 17:17 - 00000000 ____D C:\ProgramData\Veeam
2017-05-24 12:01 - 2016-10-19 21:26 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVG
2017-05-24 12:01 - 2016-10-19 21:22 - 00000000 ____D C:\Users\USER\AppData\Local\AvgSetupLog
2017-05-24 12:01 - 2016-10-19 21:22 - 00000000 ____D C:\ProgramData\Avg
2017-05-24 11:59 - 2016-10-19 21:22 - 00000000 ____D C:\Users\USER\AppData\Local\Avg
2017-05-24 11:59 - 2016-10-19 21:22 - 00000000 ____D C:\ProgramData\MFAData
2017-05-23 21:08 - 2016-10-19 20:50 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-23 13:34 - 2016-10-19 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 13:32 - 2016-10-19 20:50 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 10:43 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-13 11:49 - 2017-04-05 18:08 - 00000000 ____D C:\Users\USER\Downloads\Finiah trash
2017-05-12 10:20 - 2016-10-21 19:14 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 10:20 - 2016-10-21 19:14 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 14:16 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 20:20 - 2017-04-14 12:49 - 00391272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 20:20 - 2015-07-24 00:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 20:12 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 20:12 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-10 19:33 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 19:26 - 2016-10-19 18:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 23:47 - 2017-04-14 12:55 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 23:47 - 2017-04-14 12:55 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bestanden in de root van sommige mappen =======

2017-04-14 12:50 - 2017-04-14 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Sommige bestanden in TEMP:
====================
2017-05-26 13:19 - 2017-03-18 22:57 - 1930320 _____ (Microsoft Corporation) C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2017-05-24 15:55

==================== Eind van FRST.txt ============================

 

[saskiat]

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 24-05-2017
Gestart door USER (27-05-2017 10:57:00)
Gestart vanaf C:\Users\USER\Downloads\Programma's
Windows 10 Home Versie 1703 (X64) (2017-04-14 10:58:14)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1030029077-151505353-1107238123-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1030029077-151505353-1107238123-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1030029077-151505353-1107238123-1000 - Limited - Disabled)
Gast (S-1-5-21-1030029077-151505353-1107238123-501 - Limited - Disabled)
USER (S-1-5-21-1030029077-151505353-1107238123-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Ansel (Version: 375.57 - NVIDIA Corporation) Hidden
AudioFXSetup (Version: 1.2.201 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.) Hidden
Boot Configure (HKLM-x32\...\{A8174BDF-1401-4314-A350-B10B7277DCD7}) (Version: 20.015.07202 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1507.1901 - Application)
BurnRecovery (x32 Version: 5.0.1507.1901 - Application) Hidden
calibre (HKLM-x32\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)
CheckDevicesConfigurator (Version: 1.2.201 - Nahimic) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c92e37dd-de51-4a9e-abfc-54c4b71d1b72}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.4.0.6 - GOG.com)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
LauncherSetup (Version: 1.2.201 - Nahimic) Hidden
Malwarebytes versie 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 nl)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.) Hidden
Nahimic for MSI (HKLM-x32\...\{1fd8e4b4-0aa8-4ade-afb4-b4ea2cbd6179}) (Version: 1.2.2 - Nahimic)
NahimicSettingsConfigurator (Version: 1.2.201 - Nahimic) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
Prison Architect (HKLM\...\Steam App 233450) (Version: - Introversion Software)
ProductDaemonSetup (Version: 1.2.201 - Nahimic) Hidden
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7534 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.10.0 - Adlice Software)
SCM (HKLM\...\{EC3EEFE5-DFBE-4535-8A2A-CAEC82A9BB83}) (Version: 13.015.04213 - Application)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
UIInstallUpgrade (Version: 1.2.201 - Nahimic) Hidden
Veeam Endpoint Backup (HKLM\...\{97BBA6CF-338C-4284-B605-5A5AC00132F8}) (Version: 1.5.0.306 - Veeam Software AG)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {02D5B5E6-92E1-48FA-944B-353EEE632B14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-07] (Synaptics Incorporated)
Task: {04FA91DC-CF29-44A1-ABEA-DEF9D9473F84} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {0764303B-DA6E-4FF2-B250-9EAA42870ECA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-25] (Microsoft Corporation)
Task: {1A410503-119A-4FCD-8DC0-5991C9D48C3C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {2D8203E0-E1DC-49D8-ADF7-C6F5CE24DB15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)
Task: {42A67F6C-9B7B-49E2-B9CB-0A464D00ACA2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {4706D11F-0332-4814-8EDB-4389A0712881} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {475A3489-76C1-4D4B-8F92-3C2253205E33} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {48BC648D-5BD2-4D1F-B1A0-9B725F25248E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {54096803-DA6B-4DA0-B98B-8E99CBE30BBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)
Task: {5B104597-E7A3-4817-9162-ED032DDA58EE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {69549618-D55F-4249-96A1-96DC16D8B3A4} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-06-24] ()
Task: {69D9CF37-2308-4870-9253-2CA207D7C681} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-06-24] ()
Task: {7FCDF588-719C-421D-AB63-DCB5F51FBA97} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {978559B3-EF6A-4779-8DF0-1A0DE4B98552} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)
Task: {AE6EC150-F489-42A2-B8D9-2202A446D3FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
Task: {B6988AC8-FEE7-4B50-8883-92FD4CDD7649} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {E6589CFF-DC07-4A16-AE4F-67C2D499CA8C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {F26D3798-1FA2-4442-9BBA-0570332F0F20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
Task: {FAEFB965-6FF2-4A91-8A6E-010A9C4E5F39} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-06-24] ()
Task: {FEC91594-07D9-4FB7-8855-DC55F2AA7F60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Snelkoppelingen =============================

(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

==================== Geladen Modules (gefilterd) ==============

2016-10-23 17:52 - 2017-01-20 20:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 17:52 - 2017-01-20 20:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-14 12:50 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-06-24 00:19 - 2015-06-24 00:19 - 00198112 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2015-06-24 00:19 - 2015-06-24 00:19 - 00290272 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
2016-11-02 00:05 - 2016-11-02 00:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-06-24 00:15 - 2015-06-24 00:15 - 00532448 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
2015-06-24 00:15 - 2015-06-24 00:15 - 00813568 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
2015-06-24 00:20 - 2015-06-24 00:20 - 00272384 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
2014-01-22 19:44 - 2014-01-22 19:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2015-06-24 10:07 - 2015-06-24 10:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-23 17:52 - 2017-01-20 20:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-23 17:52 - 2017-01-20 20:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-23 17:52 - 2017-01-20 20:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2015-06-24 00:14 - 2015-06-24 00:14 - 00167904 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIDevProps.dll
2015-06-24 00:15 - 2015-06-24 00:15 - 00258016 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-1030029077-151505353-1107238123-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp
DNS Servers: 192.168.2.254 - 195.121.1.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "SCM"
HKLM\...\StartupApproved\Run32: => "SUPER CHARGER"
HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1030029077-151505353-1107238123-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [{65496C59-7374-4B8A-925C-29EC4A07FDFC}] => (Allow) D:\Spellen\Skyrim\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D13EF41D-5B6B-48BA-BF2F-DF7954CF38BC}] => (Allow) D:\Spellen\Skyrim\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{89173B3D-7024-44A4-B20B-DC1F0B0D4CA7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4071970C-9879-43B5-9E38-0F60A61A6945}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{1AA95D7A-2496-4A65-BAFD-EDA063F014DC}D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{C85B03B4-B368-47F3-80A6-368C14ADB2B0}D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast 2\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{8546D593-58AD-49C1-A8E2-2418FDEF79FF}D:\spellen\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{FF3A5C29-4246-4DCA-8010-7BBED962A005}D:\spellen\outlast\outlast\binaries\win64\olgame.exe] => (Allow) D:\spellen\outlast\outlast\binaries\win64\olgame.exe
FirewallRules: [{83784A8C-200B-430C-B8E6-04BB1763F0FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C423E01B-9C89-4346-B64B-2C4123AE6498}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF448771-77F6-466D-8A4E-CC7B7E65EE32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3422EEAD-EB82-45A5-80C2-EE2DE11F121F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2AB4A85C-99F6-4285-9521-1EF4428D1F63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{234B4874-5588-402C-B2BE-FE34DEF75FE7}] => (Allow) D:\Downloads programma's\Firefox\firefox.exe
FirewallRules: [{4B576B11-9DA3-4FF0-A21D-F11A49314CAB}] => (Allow) D:\Downloads programma's\Firefox\firefox.exe
FirewallRules: [{361ADB9A-DF1C-4669-AA58-D23FCA13F99F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C56F732D-A243-487F-AA80-2CF7E01D496D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{9C2E0FA5-7BAB-4CB6-A713-606925833AB8}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{5BAA58B3-E80E-4C2E-A83A-6C18177CDB80}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{633CEB3B-45E3-439E-BD8F-8918272A2D6B}C:\users\USER\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\USER\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{058E74FC-DBAB-47F1-91C8-7485B30AD730}C:\users\USER\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\USER\appdata\roaming\spotify\spotify.exe
FirewallRules: [{47773D8B-5F43-4D92-B16C-6FB4A2E2A950}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{50869F83-ABA4-458F-8F60-193DB6D62E5B}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{5CF7B18D-E3F3-4F97-B81E-BE8EAB7E5363}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{D5912FD9-7481-4C1E-8626-9C684F4E611B}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{908DCFE4-46C4-475A-A1B0-8F6BBC8510EC}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{DF60C91B-485D-4501-A085-5AF45180BBD8}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{6F683BF9-4AE8-43DC-A701-F686CF22E1F8}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{3BC48A78-5CA5-4B75-949E-C50575182933}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{CD727368-50AD-41B5-9C70-0B886814DAF3}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe
FirewallRules: [{ADFEFAB7-1EDA-44BD-92AD-278ACD3B28AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{E14E19FC-4B99-4E88-944D-68C80F726698}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{8A1819D6-53A1-40CE-94EC-6F235F77DA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{5646CB98-A79B-4C0E-8099-091BCF01B22F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{71130062-0EE0-4B2A-87CF-EEEA84488BD7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8AACA7A2-AB6C-4D82-834F-B7F23948D567}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EE101B82-71DD-43D6-9738-CD0CAFF16B4E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{07A92AA9-B6CC-4879-A790-9FC24F6398FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8A85A88F-5ECD-4164-A2D8-730FAE6300F2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{247C728E-2911-41D9-8336-BE31F9751E09}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{01394C87-2B9A-4FE0-ABDA-9703D63F6D33}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{208069BB-0BD0-43E0-AE49-3524F196D3F0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8F173BB9-C7B3-474C-A4C7-CDC05C6C2940}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0B926C05-DBA8-41DC-B6C0-18D73FE41945}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0162B99-3F8F-41E7-84BE-DDE12C255D9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Herstelpunten =========================

05-05-2017 09:23:42 Gepland controlepunt
10-05-2017 19:31:43 Windows Update
18-05-2017 19:02:35 Gepland controlepunt
23-05-2017 13:32:50 Windows Update
26-05-2017 13:48:56 JRT Pre-Junkware Removal

==================== Defecte Apparaatbeheer Apparaten =============


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (05/26/2017 01:19:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/26/2017 01:18:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/26/2017 01:11:44 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/25/2017 09:23:37 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/25/2017 09:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: mbamtray.exe, versie: 3.0.0.912, tijdstempel: 0x58811d74
Naam van module met fout: mbamtray.exe, versie: 3.0.0.912, tijdstempel: 0x58811d74
Uitzonderingscode: 0xc0000005
Foutmarge: 0x00054645
Id van proces met fout: 0x2624
Starttijd van toepassing met fout: 0x01d2d58bede0b483
Pad naar toepassing met fout: D:\Downloads programma's\Anti-Malware\mbamtray.exe
Pad naar module met fout: D:\Downloads programma's\Anti-Malware\mbamtray.exe
Rapport-id: a4fe20b3-510c-4ba7-97d9-5ac32664bc2d
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (05/25/2017 11:50:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/24/2017 12:10:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/23/2017 09:07:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll' niet maken.
Kan afhankelijke assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error: (05/23/2017 01:31:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (05/22/2017 10:43:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.


Systeemfouten:
=============
Error: (05/27/2017 10:55:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/27/2017 10:55:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/26/2017 03:14:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/26/2017 01:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De NVIDIA LocalSystem Container-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 1000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (05/26/2017 01:37:20 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Het browserstuurprogramma heeft te veel ongeldige datagrammen van de externe computer EXPERIA ontvangen om MSI op transport NetBT_Tcpip_{77C667B9-66EA-458F-81D9-4E6B61395A3A} te kunnen benoemen. Raadpleeg het datagram voor verdere gegevens.
Er worden pas weer gebeurtenissen gegenereerd nadat de herstelfrequentie is verlopen.

Error: (05/26/2017 01:08:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/26/2017 01:08:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
en APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/25/2017 10:23:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/25/2017 09:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (05/25/2017 06:59:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


CodeIntegrity:
===================================
Date: 2017-05-25 14:27:14.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:27:54.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_01856dcc82b1034f\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:08:36.471
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:07.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:07.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:06.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:06.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:04.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:04.596
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 21:05:04.482
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Geheugen info ===========================

Processor: Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz
Percentage geheugen in gebruik: 37%
Totaal fysiek RAM-geheugen: 8107.23 MB
Beschikbaar fysiek RAM-geheugen: 5098.32 MB
Totaal Virtueel geheugen: 9387.23 MB
Beschikbaar Virtual geheugen: 6724.63 MB

==================== Schijven ================================

Drive c: (OS_Install) (Fixed) (Total:237.18 GB) (Free:178.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:912.55 GB) (Free:697.71 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 5781E37C)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5781E359)

Partition: GPT.

==================== Eind van Addition.txt ============================

 

[Broni]

These are clean.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[saskiat]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 23.0.0.185
Mozilla Firefox (50.1.0)
Google Chrome (58.0.3029.110)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[saskiat]

Farbar Service Scanner Version: 27-01-2016
Ran by USER (administrator) on 27-05-2017 at 19:20:32
Running from "C:\Users\USER\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[saskiat]

Sophos found nothing

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

 

[saskiat]

Thats amazing! thank you so much I did the last steps. I don't notice that much difference with my pc, but so far the weird powerhell blackbox hasn't shown up again. Thanks! you are a malware hero

 

[Broni]

Way to go!!
Good luck and stay safe