[spellforce37]

Hello,

 

My computer is somehow infected with a virus that pop-up a weird website in nowwhere without reason. its really annoying me.

 

results:

 

scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 07-05-2017

Gestart door Koen (Beheerder) op DESKTOP-UFRJSRB (08-05-2017 17:22:09)

Gestart vanaf C:\Users\Koen\Downloads

Geladen Profielen: Koen (Beschikbare Profielen: defaultuser0 & Koen)

Platform: Windows 10 Home Versie 1703 (X64) Taal: Nederlands (Nederland)

Internet Explorer Versie 11 (Standaardbrowser: Chrome)

Boot Modus: Normal

Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processen (gefilterd) =================

 

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

 

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

(Hammer & Chisel, Inc.) C:\Users\Koen\AppData\Local\Discord\app-0.0.297\Discord.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

(Hammer & Chisel, Inc.) C:\Users\Koen\AppData\Local\Discord\app-0.0.297\Discord.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Hammer & Chisel, Inc.) C:\Users\Koen\AppData\Local\Discord\app-0.0.297\Discord.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

(Farbar) C:\Users\Koen\Downloads\FRST64 (1).exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

 

==================== Register (gefilterd) ====================

 

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178912 2016-03-16] (Intel Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)

HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)

HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\...\Run: [Discord] => C:\Users\Koen\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)

HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\...\Run: [mailruhomesearch] => "C:\Users\Koen\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred

GroupPolicy: Restrictie <======= AANDACHT

GroupPolicy\User: Restrictie <======= AANDACHT

 

==================== Internet (gefilterd) ====================

 

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{50650e6a-ab10-4e58-a8c1-0946ef94dd53}: [NameServer] 156.154.70.25,156.154.71.25

Tcpip\..\Interfaces\{50650e6a-ab10-4e58-a8c1-0946ef94dd53}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811040

SearchScopes: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B602A6048-AD89-4F59-AE46-87E3BB06AD63%7D&gp=811041

SearchScopes: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B602A6048-AD89-4F59-AE46-87E3BB06AD63%7D&gp=811041

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-22] (Oracle Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-22] (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-22] (Oracle Corporation)

BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Koen\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll => Geen bestand

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-22] (Oracle Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: cja99cea.default

FF ProfilePath: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default [2017-05-06]

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cja99cea.default -> Поиск@Mail.Ru

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cja99cea.default -> Поиск@Mail.Ru

FF Homepage: Mozilla\Firefox\Profiles\cja99cea.default -> hxxp://mail.ru/cnt/10445?gp=811040

FF Keyword.URL: Mozilla\Firefox\Profiles\cja99cea.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B591E4666-C10B-45E5-97AE-B1917046DC0D%7D&gp=811041

FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\Extensions\[email protected] [2017-05-06]

FF Extension: (Поиск@Mail.Ru) - C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\Extensions\[email protected] [2017-05-06]

FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-05-06]

FF SearchPlugin: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\searchplugins\mailru.xml [2017-05-06]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-19] ()

FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-22] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-22] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-19] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2017-02-16] (Nexon)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-20] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-20] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-1306870573-2952818353-1308505402-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Koen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://www.google.be/

CHR StartupUrls: Default -> "hxxp://www.google.be/"

CHR Profile: C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]

CHR Extension: (Google Slides) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]

CHR Extension: (Google Docs) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]

CHR Extension: (Google Drive) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]

CHR Extension: (YouTube) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]

CHR Extension: (Adblock Plus) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]

CHR Extension: (Google Sheets) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]

CHR Extension: (Super Animes - One Piece) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdnmgjgjnhckdanbopgidnokmicbnli [2016-10-08]

CHR Extension: (Google Docs Offline) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-09]

CHR Extension: (CloudConvert) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (Gmail) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]

CHR Extension: (Chrome Media Router) - C:\Users\Koen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]

 

==================== Services (gefilterd) ====================

 

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

 

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-10-09] ()

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-07] (EasyAntiCheat Ltd)

U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-05] (Hi-Rez Studios) [Bestand niet getekend]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)

R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [Bestand niet getekend]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [Bestand niet getekend]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Bestand niet getekend]

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-20] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-25] (Electronic Arts)

R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-25] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-01-25] ()

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

S2 0187701492968101mcinstcleanup; C:\Users\Koen\AppData\Local\Temp\018770~1.EXE -cleanup -nolog [X] <==== AANDACHT

 

===================== Drivers (gefilterd) ======================

 

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

 

R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2017-03-31] (COMODO)

R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831504 2017-03-31] (COMODO)

R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-03-31] (COMODO)

R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [129200 2017-03-31] (COMODO)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_274d0ab8ee30c459\nvlddmkm.sys [14847088 2017-04-21] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-28] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47552 2017-03-21] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-04-20] (NVIDIA Corporation)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-10-10] (Realtek                                            )

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)

S3 xhunter1; C:\Windows\xhunter1.sys [36832 2017-03-22] (Wellbia.com Co., Ltd.)

 

==================== NetSvcs (gefilterd) ===================

 

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

 

 

==================== Een Maand Aangemaakt bestanden en mappen ========

 

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

 

2017-05-08 17:19 - 2017-05-08 17:19 - 02429440 _____ (Farbar) C:\Users\Koen\Downloads\FRST64 (1).exe

2017-05-08 17:19 - 2017-05-08 17:19 - 00000000 ____D C:\Users\Koen\AppData\Local\CrashDumps

2017-05-08 06:53 - 2017-05-08 06:54 - 00071507 _____ C:\Users\Koen\Downloads\Addition.txt

2017-05-08 06:52 - 2017-05-08 17:22 - 00020470 _____ C:\Users\Koen\Downloads\FRST.txt

2017-05-08 06:52 - 2017-05-08 17:22 - 00000000 ____D C:\FRST

2017-05-08 06:51 - 2017-05-08 06:51 - 02429440 _____ (Farbar) C:\Users\Koen\Downloads\FRST64.exe

2017-05-07 23:11 - 2017-05-07 23:11 - 00109999 _____ C:\Users\Koen\Downloads\AutoFlaskManager-master (1).zip

2017-05-07 23:07 - 2017-05-07 23:07 - 00000000 ____D C:\Users\Koen\Desktop\Nieuwe map (3)

2017-05-07 23:03 - 2017-05-07 23:03 - 03114048 _____ C:\Users\Koen\Downloads\AutoHotkey_1.1.25.01_setup (2).exe

2017-05-07 23:00 - 2017-05-07 23:00 - 04475307 _____ C:\Users\Koen\Downloads\AutoHotkey_1.1.25.01 (2).zip

2017-05-07 23:00 - 2017-05-07 23:00 - 00041837 _____ C:\Users\Koen\Downloads\macro (3).ahk

2017-05-07 22:48 - 2017-05-07 22:48 - 03114048 _____ C:\Users\Koen\Downloads\AutoHotkey_1.1.25.01_setup (1).exe

2017-05-07 22:46 - 2017-05-07 22:46 - 04475307 _____ C:\Users\Koen\Downloads\AutoHotkey_1.1.25.01 (1).zip

2017-05-07 22:46 - 2017-05-07 22:46 - 00041837 _____ C:\Users\Koen\Downloads\macro (2).ahk

2017-05-07 22:39 - 2017-05-07 22:39 - 00000000 ____D C:\ahk

2017-05-07 22:37 - 2017-05-07 22:39 - 00001443 _____ C:\Users\Koen\Downloads\macro.ahk

2017-05-07 22:36 - 2017-05-07 22:36 - 00001444 _____ C:\Users\Koen\Downloads\steam_boys.txt

2017-05-07 20:50 - 2017-05-07 20:51 - 01949803 _____ C:\Users\Koen\Downloads\AutoFlask.zip

2017-05-07 20:42 - 2017-05-07 20:42 - 00954880 _____ C:\Users\Koen\Downloads\autopot (1).exe

2017-05-07 20:42 - 2017-05-07 20:42 - 00030771 _____ C:\Users\Koen\Downloads\beta-autopot-2.6 (1).zip

2017-05-07 20:42 - 2017-05-07 20:42 - 00030427 _____ C:\Users\Koen\Downloads\beta-autopot-2.6.tar.gz

2017-05-07 20:37 - 2017-05-07 20:37 - 00000058 _____ C:\Users\Koen\Downloads\Config.ini

2017-05-07 20:36 - 2017-05-07 20:36 - 00954880 _____ C:\Users\Koen\Downloads\autopot.exe

2017-05-07 20:36 - 2017-05-07 20:36 - 00030771 _____ C:\Users\Koen\Downloads\beta-autopot-2.6.zip

2017-05-07 19:37 - 2017-05-07 19:37 - 00000000 ___HD C:\VTRoot

2017-05-07 19:14 - 2017-05-06 11:14 - 00024576 _____ C:\Users\Koen\Desktop\CSGO skill enabler.exe

2017-05-07 19:11 - 2017-05-07 23:10 - 00054954 _____ C:\WINDOWS\system32\Drivers\fvstore.dat

2017-05-07 16:49 - 2017-05-08 06:49 - 00872384 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2017-05-07 16:49 - 2017-05-07 16:49 - 00001240 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk

2017-05-07 16:49 - 2017-05-07 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

2017-05-07 16:49 - 2017-05-07 16:49 - 00000000 ____D C:\ProgramData\Comodo Downloader

2017-05-07 16:49 - 2017-05-07 16:49 - 00000000 ____D C:\Program Files\COMODO

2017-05-07 16:48 - 2017-05-07 16:48 - 68028344 _____ (COMODO) C:\Users\Koen\Downloads\cispremium_only_installer.exe

2017-05-07 16:48 - 2017-05-07 16:48 - 00000000 ____D C:\ProgramData\Shared Space

2017-05-07 16:48 - 2017-05-07 16:48 - 00000000 ____D C:\ProgramData\Comodo

2017-05-07 09:13 - 2017-05-07 09:21 - 00000000 ____D C:\Users\Koen\Documents\Path of Building

2017-05-07 09:13 - 2017-05-07 09:13 - 00000814 _____ C:\Users\Public\Desktop\Path of Building.lnk

2017-05-07 09:13 - 2017-05-07 09:13 - 00000000 ____D C:\ProgramData\Path of Building

2017-05-07 09:13 - 2017-05-07 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path of Building

2017-05-07 09:12 - 2017-05-07 09:12 - 21001053 _____ (Openarl ) C:\Users\Koen\Downloads\PathOfBuilding-Setup-1.4.8.exe

2017-05-06 16:52 - 2017-05-06 16:53 - 00000000 ____D C:\Program Files (x86)\Mail.Ru

2017-05-06 16:52 - 2017-05-06 16:52 - 00000000 ____D C:\Users\Koen\AppData\LocalLow\Unity

2017-05-06 16:52 - 2017-05-06 16:52 - 00000000 ____D C:\Users\Koen\AppData\Local\Unity

2017-05-06 16:50 - 2017-05-06 16:50 - 00000000 ____D C:\ProgramData\Mail.Ru

2017-05-06 16:49 - 2017-05-06 16:51 - 00003730 _____ C:\WINDOWS\System32\Tasks\youfreenewscombcomsm

2017-05-06 16:10 - 2017-05-06 16:10 - 00010898 _____ C:\Users\Koen\Downloads\CSGO skill enabler_mpgh.net.rar

2017-05-06 16:04 - 2017-05-06 16:04 - 00000000 ____D C:\Users\Koen\Documents\hentaiware

2017-05-02 20:37 - 2017-05-06 00:37 - 00001023 _____ C:\Users\Koen\Desktop\POE shops.txt

2017-05-01 20:54 - 2017-05-01 20:54 - 00000000 ____D C:\Users\Koen\Desktop\Nieuwe map (2)

2017-05-01 20:52 - 2017-05-01 20:52 - 00269343 _____ C:\Users\Koen\Downloads\SubVersion_socialclub_mpgh.net.rar

2017-05-01 20:44 - 2017-05-01 20:44 - 00011190 _____ C:\Users\Koen\Downloads\reis sommen definitief.xlsx

2017-05-01 20:34 - 2017-05-01 20:34 - 00011202 _____ C:\Users\Koen\Downloads\reis sommen (1).xlsx

2017-05-01 20:24 - 2017-05-01 20:24 - 00011202 _____ C:\Users\Koen\Downloads\reis sommen.xlsx

2017-05-01 20:04 - 2017-05-01 20:04 - 00758784 _____ C:\Users\Koen\Downloads\folder zweden.pub

2017-05-01 18:17 - 2017-05-01 18:24 - 00000000 ____D C:\Users\Koen\Desktop\Nieuwe map

2017-05-01 14:34 - 2017-05-01 14:35 - 00000000 ____D C:\Users\Koen\Documents\Visual Studio 2017

2017-05-01 14:34 - 2017-05-01 14:34 - 00000000 ____D C:\Users\Koen\AppData\Local\.IdentityService

2017-05-01 14:34 - 2017-05-01 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017

2017-05-01 14:33 - 2017-05-01 15:45 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Visual Studio Setup

2017-05-01 14:33 - 2017-05-01 14:33 - 00000000 ____D C:\Users\Koen\AppData\Roaming\vstelemetry

2017-05-01 14:33 - 2017-05-01 14:33 - 00000000 ____D C:\Users\Koen\AppData\Local\ServiceHub

2017-05-01 14:32 - 2017-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio

2017-05-01 14:22 - 2016-11-15 10:48 - 00023040 _____ ( ) C:\Users\Koen\Desktop\Interop.ShockwaveFlashObjects.dll

2017-05-01 14:19 - 2016-11-15 10:48 - 00018432 _____ C:\Users\Koen\Desktop\AxInterop.ShockwaveFlashObjects.dll

2017-05-01 11:27 - 2017-03-02 11:27 - 00000032 ____R C:\ProgramData\hash.dat

2017-04-30 18:45 - 2017-04-30 18:45 - 00000000 ___RD C:\Sandbox

2017-04-30 18:43 - 2017-04-30 18:43 - 00000000 ____D C:\Users\Koen\AppData\Local\Dropbox

2017-04-30 18:43 - 2017-04-30 18:43 - 00000000 ____D C:\ProgramData\Dropbox

2017-04-30 18:42 - 2017-05-01 08:20 - 00001680 _____ C:\WINDOWS\Sandboxie.ini

2017-04-30 18:42 - 2017-04-30 18:55 - 00000081 _____ C:\Users\Koen\AppData\Roaming\pidloc.txt

2017-04-30 18:42 - 2017-04-30 18:55 - 00000004 _____ C:\Users\Koen\AppData\Roaming\pid.txt

2017-04-30 17:38 - 2017-04-30 17:38 - 00109999 _____ C:\Users\Koen\Downloads\AutoFlaskManager-master.zip

2017-04-29 22:51 - 2017-04-29 22:51 - 00000000 ____D C:\Users\Koen\AppData\Roaming\RotMG.Production

2017-04-26 19:31 - 2017-04-20 02:18 - 00134776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2017-04-26 19:30 - 2017-04-26 19:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2017-04-26 19:30 - 2017-04-20 03:59 - 00513144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2017-04-26 19:30 - 2017-04-20 03:59 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 40201152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 35354232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 35280320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 11111392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 10635008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 09316648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 08876456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 03789248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 03246200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438189.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 01589880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438189.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 01278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 01054144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00990328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00960632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00911296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00821184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00776048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00651200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

2017-04-26 19:29 - 2017-04-20 03:59 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2017-04-23 19:22 - 2017-04-23 19:22 - 00000000 ____D C:\Program Files (x86)\ExtremeInjector

2017-04-23 19:21 - 2017-05-01 20:57 - 01278976 _____ (Extreme Injector) C:\Users\Koen\Downloads\Extreme Injector v3.6.exe

2017-04-23 19:21 - 2017-04-24 18:31 - 01278976 _____ (Extreme Injector) C:\Users\Koen\Downloads\Extreme Injector v3.6 [1].exe

2017-04-23 19:21 - 2017-04-23 19:22 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer

2017-04-23 19:21 - 2017-04-23 19:21 - 00000000 ____D C:\ProgramData\McAfee

2017-04-23 19:21 - 2017-04-23 19:21 - 00000000 ____D C:\Program Files (x86)\McAfee

2017-04-23 19:20 - 2017-04-23 19:20 - 00113499 _____ C:\Users\Koen\Downloads\90mill._mpgh.net.rar

2017-04-23 18:31 - 2017-04-23 18:33 - 00000000 ____D C:\Users\Koen\AppData\Local\FreeReign

2017-04-23 18:31 - 2017-04-23 18:31 - 00000000 ____D C:\Users\Koen\Documents\FreeReign

2017-04-23 18:31 - 2017-04-23 18:31 - 00000000 ____D C:\Users\Koen\AppData\Local\CrashRpt

2017-04-23 18:29 - 2017-04-23 18:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1306870573-2952818353-1308505402-1001

2017-04-23 16:08 - 2017-04-23 16:14 - 00000000 ____D C:\Users\Koen\AppData\LocalLow\eforb

2017-04-23 14:51 - 2017-04-23 14:51 - 00000032 _____ C:\Users\Koen\Desktop\GIP.txt

2017-04-22 23:31 - 2017-04-22 23:31 - 00051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll

2017-04-22 23:30 - 2017-04-22 23:30 - 00942792 _____ (COMODO) C:\WINDOWS\system32\guard64.dll

2017-04-22 23:30 - 2017-04-22 23:30 - 00733456 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll

2017-04-22 23:28 - 2017-04-22 23:28 - 00457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll

2017-04-22 23:28 - 2017-04-22 23:28 - 00230592 _____ (COMODO) C:\WINDOWS\system32\cmdshim64.dll

2017-04-22 23:26 - 2017-04-22 23:26 - 00363200 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll

2017-04-22 23:26 - 2017-04-22 23:26 - 00194752 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdshim32.dll

2017-04-22 13:22 - 2017-04-22 13:22 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-04-19 17:24 - 2017-04-19 17:24 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-04-19 17:24 - 2017-04-19 17:24 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-04-19 17:24 - 2017-04-19 17:24 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2017-04-19 17:24 - 2017-04-19 17:24 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-04-19 17:24 - 2017-04-19 17:24 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2017-04-19 17:24 - 2017-04-19 17:24 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-04-19 17:24 - 2017-04-19 17:24 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-04-19 17:24 - 2017-04-19 17:24 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-04-19 17:24 - 2017-04-19 17:24 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-04-19 17:24 - 2017-04-19 17:24 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

2017-04-19 17:23 - 2017-05-01 15:45 - 00000000 ____D C:\Program Files (x86)\MSBuild

2017-04-19 17:23 - 2017-04-19 17:23 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2017-04-19 17:23 - 2017-04-19 17:23 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer

2017-04-19 17:23 - 2017-04-19 17:23 - 00000000 ____D C:\Program Files\Reference Assemblies

2017-04-19 17:23 - 2017-04-19 17:23 - 00000000 ____D C:\Program Files\MSBuild

2017-04-19 17:23 - 2017-04-19 17:23 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2017-04-19 17:23 - 2017-04-19 16:26 - 00000000 ____D C:\WINDOWS\ServiceProfiles

2017-04-19 17:22 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2017-04-19 17:22 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2017-04-19 17:22 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2017-04-19 17:22 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2017-04-19 17:22 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2017-04-19 17:22 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2017-04-19 16:36 - 2017-05-07 17:00 - 01948376 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-04-19 16:34 - 2017-04-19 16:34 - 00000000 ____D C:\Users\Koen\AppData\Local\DBG

2017-04-19 16:34 - 2017-04-19 16:34 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2017-04-19 16:33 - 2017-04-19 16:33 - 00000000 ____D C:\ProgramData\USOShared

2017-04-19 16:32 - 2017-04-19 16:32 - 00000020 ___SH C:\Users\Koen\ntuser.ini

2017-04-19 16:31 - 2017-05-08 17:21 - 00004198 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{778F46AC-9430-4345-98EF-8B340604986D}

2017-04-19 16:31 - 2017-05-07 16:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-04-19 16:31 - 2017-05-07 16:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO

2017-04-19 16:31 - 2017-04-29 18:57 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-19 16:31 - 2017-04-29 18:57 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-19 16:31 - 2017-04-19 16:34 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-04-19 16:31 - 2017-04-19 16:33 - 00004496 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2017-04-19 16:31 - 2017-04-19 16:31 - 00022980 _____ C:\WINDOWS\system32\emptyregdb.dat

2017-04-19 16:31 - 2017-04-19 16:31 - 00011433 _____ C:\WINDOWS\diagwrn.xml

2017-04-19 16:31 - 2017-04-19 16:31 - 00011433 _____ C:\WINDOWS\diagerr.xml

2017-04-19 16:31 - 2017-04-19 16:31 - 00003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification

2017-04-19 16:31 - 2017-04-19 16:31 - 00002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-04-19 16:31 - 2017-04-19 16:31 - 00002258 _____ C:\WINDOWS\System32\Tasks\{018DD0F4-C996-498B-8407-854B16571F24}

2017-04-19 16:31 - 2016-11-11 09:54 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

2017-04-19 16:29 - 2017-04-19 16:29 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2017-04-19 16:29 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2017-04-19 16:28 - 2017-04-19 16:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2017-04-19 16:27 - 2017-05-08 17:21 - 00000000 ____D C:\ProgramData\NVIDIA

2017-04-19 16:27 - 2017-05-08 06:25 - 00000000 ____D C:\Users\Koen

2017-04-19 16:27 - 2017-04-26 19:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-04-19 16:27 - 2017-04-20 02:45 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat

2017-04-19 16:27 - 2017-04-20 02:44 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 02479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 00548472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll

2017-04-19 16:27 - 2017-04-20 02:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2017-04-19 16:27 - 2017-04-20 00:29 - 07915387 _____ C:\WINDOWS\system32\nvcoproc.bin

2017-04-19 16:27 - 2017-04-19 16:30 - 00000000 ____D C:\Users\defaultuser0

2017-04-19 16:27 - 2017-04-19 16:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-04-19 16:27 - 2017-04-19 16:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Sjablonen

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Netwerkprinteromgeving

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Mijn documenten

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Menu Start

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Documents\Mijn video's

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Documents\Mijn muziek

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\Documents\Mijn afbeeldingen

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\Koen\AppData\Local\Geschiedenis

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Sjablonen

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Netwerkprinteromgeving

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Mijn documenten

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Menu Start

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Mijn video's

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Mijn muziek

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Mijn afbeeldingen

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Geschiedenis

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 ____D C:\WINDOWS\system32\DAX2

2017-04-19 16:27 - 2017-04-19 16:27 - 00000000 ____D C:\Program Files\Realtek

2017-04-19 16:26 - 2017-05-07 22:36 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-04-19 16:26 - 2017-04-19 16:39 - 00382456 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-04-18 16:38 - 2017-04-19 16:32 - 00000000 ___DC C:\WINDOWS\Panther

2017-04-17 22:27 - 2017-04-17 22:27 - 00000149 _____ C:\Users\Koen\Desktop\hacker Gmod.txt

2017-04-17 14:59 - 2017-04-17 15:01 - 690662708 _____ C:\Users\Koen\Downloads\CSS_Content_Addon_(Dec2013) (1).rar

2017-04-17 14:44 - 2017-04-17 14:46 - 690662708 _____ C:\Users\Koen\Downloads\CSS_Content_Addon_(Dec2013).rar

2017-04-17 13:38 - 2017-04-17 13:38 - 05807456 _____ C:\Users\Koen\Downloads\Flyff_eu_en_Downloader.exe

2017-04-17 13:38 - 2017-04-17 13:38 - 00000000 ____D C:\ProgramData\WEBZEN

2017-04-17 13:38 - 2017-04-17 13:38 - 00000000 ____D C:\download

2017-04-17 00:36 - 2017-04-20 03:59 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys

2017-04-16 23:40 - 2017-04-17 18:57 - 00000070 _____ C:\Users\Koen\Desktop\anime.txt

2017-04-16 09:22 - 2017-04-19 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2017-04-16 09:22 - 2017-04-16 09:22 - 00000000 ___RD C:\Program Files (x86)\Skype

2017-04-15 09:19 - 2017-04-15 09:19 - 00001256 _____ C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- en privacyinstellingen.lnk

2017-04-15 09:19 - 2017-04-15 09:19 - 00000000 ____D C:\Users\Koen\AppData\Local\UNP

2017-04-15 07:20 - 2017-04-19 16:29 - 00000000 ____D C:\WINDOWS\system32\UNP

2017-04-15 07:20 - 2017-04-15 07:21 - 00000000 ____D C:\Program Files\UNP

2017-04-12 17:59 - 2017-03-28 07:37 - 00031232 ____N (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll

2017-04-12 17:59 - 2017-03-28 07:28 - 00261632 ____N (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2017-04-10 19:08 - 2017-04-10 19:08 - 02629499 _____ C:\Users\Koen\Downloads\YCbCrBot_CoD8_v2_Public_mpgh.net (2).zip

2017-04-10 19:06 - 2017-04-10 19:06 - 02629499 _____ C:\Users\Koen\Downloads\YCbCrBot_CoD8_v2_Public_mpgh.net.zip

2017-04-10 19:06 - 2017-04-10 19:06 - 02629499 _____ C:\Users\Koen\Downloads\YCbCrBot_CoD8_v2_Public_mpgh.net (1).zip

2017-04-10 17:29 - 2017-05-07 22:37 - 00001444 _____ C:\Users\Koen\Desktop\Config.ini

2017-04-10 17:28 - 2017-04-10 17:28 - 00348603 _____ C:\Users\Koen\Downloads\Poe MultiScript v08.27.2014_mpgh.net.rar

2017-04-10 17:28 - 2017-04-10 17:28 - 00347690 _____ C:\Users\Koen\Downloads\Poe MultiScript 07.27.2014_mpgh.net.rar

2017-04-10 17:15 - 2017-04-10 17:15 - 00008427 _____ C:\Users\Koen\Downloads\PatchIWNet_mpgh.net.rar

2017-04-10 08:57 - 2017-04-20 03:59 - 28590712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2017-04-10 08:57 - 2017-04-20 03:59 - 04085712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2017-04-10 08:57 - 2017-04-20 03:59 - 03602112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2017-04-10 08:57 - 2017-04-20 03:59 - 00043956 _____ C:\WINDOWS\system32\nvinfo.pb

2017-04-10 08:57 - 2017-04-02 18:12 - 01600560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll

2017-04-10 08:57 - 2017-04-02 18:12 - 00218040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

2017-04-10 08:57 - 2017-04-02 18:12 - 00046008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll

2017-04-10 08:57 - 2017-04-01 05:27 - 01988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438165.dll

2017-04-10 08:57 - 2017-04-01 05:27 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438165.dll

2017-04-10 08:57 - 2017-04-01 05:27 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json

2017-04-10 08:57 - 2017-04-01 05:27 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json

 

==================== Een Maand Gewijzigd bestanden en mappen ========

 

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

 

2017-05-08 17:22 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps

2017-05-08 17:22 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-05-08 17:19 - 2016-10-08 14:47 - 00000000 ____D C:\Program Files (x86)\Steam

2017-05-07 22:45 - 2017-03-27 16:53 - 00001439 _____ C:\Users\Koen\Desktop\macro.ahk

2017-05-07 22:37 - 2017-03-27 16:53 - 00000000 ____D C:\Users\Koen\Documents\AutoHotKey

2017-05-07 17:00 - 2017-03-20 05:54 - 00867180 _____ C:\WINDOWS\system32\perfh013.dat

2017-05-07 17:00 - 2017-03-20 05:54 - 00174196 _____ C:\WINDOWS\system32\perfc013.dat

2017-05-07 16:53 - 2017-03-18 13:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI

2017-05-07 16:53 - 2017-02-19 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-05-07 16:53 - 2017-02-19 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-05-07 16:53 - 2016-10-11 14:44 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios

2017-05-07 16:49 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF

2017-05-07 14:26 - 2016-10-29 16:57 - 00000000 ____D C:\Users\Koen\Downloads\Configs

2017-05-06 16:50 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2017-05-06 16:50 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2017-05-03 13:37 - 2016-10-08 11:55 - 00000000 ____D C:\Users\Koen\AppData\Local\Packages

2017-05-01 15:45 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2017-05-01 12:27 - 2017-02-19 22:30 - 00000000 ____D C:\Users\Koen\AppData\LocalLow\Mozilla

2017-05-01 11:57 - 2016-10-08 11:59 - 00000000 ____D C:\ProgramData\Package Cache

2017-05-01 11:56 - 2016-11-26 23:42 - 00000000 ____D C:\Users\Koen\AppData\Roaming\vlc

2017-04-30 18:43 - 2016-10-29 16:57 - 00000000 ____D C:\Users\Koen\Downloads\Temp

2017-04-30 18:43 - 2016-10-08 15:29 - 00000000 ____D C:\Users\Koen\AppData\Local\SquirrelTemp

2017-04-30 18:43 - 2016-10-08 15:29 - 00000000 ____D C:\Users\Koen\AppData\Local\Discord

2017-04-30 12:07 - 2016-10-09 11:56 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Skype

2017-04-28 06:52 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-04-28 06:52 - 2016-10-10 06:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2017-04-26 19:31 - 2016-10-08 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2017-04-24 06:41 - 2016-11-21 06:33 - 00000000 ____D C:\Users\Koen\Documents\Gip

2017-04-23 19:25 - 2016-10-08 17:07 - 00000000 ____D C:\Program Files (x86)\Rockstar Games

2017-04-23 19:25 - 2016-10-08 17:05 - 00000000 ____D C:\Program Files\Rockstar Games

2017-04-22 20:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache

2017-04-22 15:47 - 2016-10-29 16:56 - 00000000 ____D C:\ProgramData\Oracle

2017-04-22 13:22 - 2016-10-29 16:58 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2017-04-22 13:22 - 2016-10-29 16:58 - 00000000 ____D C:\Program Files\Java

2017-04-22 13:22 - 2016-10-29 16:56 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2017-04-22 13:22 - 2016-10-29 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-04-22 13:22 - 2016-10-29 16:56 - 00000000 ____D C:\Program Files (x86)\Java

2017-04-20 18:35 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-04-20 18:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat

2017-04-19 17:26 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2017-04-19 17:25 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup

2017-04-19 17:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI

2017-04-19 17:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI

2017-04-19 16:34 - 2016-10-08 11:56 - 00002384 _____ C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-04-19 16:34 - 2016-10-08 11:56 - 00000000 ___RD C:\Users\Koen\OneDrive

2017-04-19 16:34 - 2016-10-08 11:55 - 00000000 ____D C:\Users\Koen\AppData\Local\ConnectedDevicesPlatform

2017-04-19 16:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-04-19 16:33 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate

2017-04-19 16:32 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-04-19 16:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-04-19 16:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2017-04-19 16:32 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration

2017-04-19 16:32 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT

2017-04-19 16:32 - 2016-10-08 14:44 - 00002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-04-19 16:32 - 2016-10-08 14:44 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-04-19 16:32 - 2016-10-08 11:55 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-04-19 16:31 - 2017-03-20 05:56 - 00000000 ____D C:\WINDOWS\HoloShell

2017-04-19 16:31 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM

2017-04-19 16:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated

2017-04-19 16:30 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries

2017-04-19 16:29 - 2017-03-19 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam Customizer

2017-04-19 16:29 - 2017-03-03 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6

2017-04-19 16:29 - 2017-02-08 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

2017-04-19 16:29 - 2017-01-08 12:11 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory

2017-04-19 16:29 - 2016-12-30 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

2017-04-19 16:29 - 2016-12-30 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2017-04-19 16:29 - 2016-12-28 12:07 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2

2017-04-19 16:29 - 2016-11-26 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2017-04-19 16:29 - 2016-11-11 10:19 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon

2017-04-19 16:29 - 2016-11-06 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2017-04-19 16:29 - 2016-10-27 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

2017-04-19 16:29 - 2016-10-22 17:33 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2017-04-19 16:29 - 2016-10-22 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2017-04-19 16:29 - 2016-10-21 16:59 - 00000000 ____D C:\WINDOWS\nl

2017-04-19 16:29 - 2016-10-18 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2017-04-19 16:29 - 2016-10-11 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

2017-04-19 16:29 - 2016-10-10 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-hulpprogramma's

2017-04-19 16:29 - 2016-10-08 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2017-04-19 16:28 - 2017-03-27 16:52 - 00000000 ____D C:\WINDOWS\ShellNew

2017-04-19 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool

2017-04-19 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-04-19 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-04-19 16:28 - 2016-10-29 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon

2017-04-19 16:28 - 2016-10-22 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2017-04-19 16:28 - 2016-10-08 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

2017-04-19 16:28 - 2016-10-08 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2017-04-19 16:28 - 2016-10-08 12:01 - 00000000 ____D C:\Program Files\Intel

2017-04-19 16:28 - 2016-10-08 11:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages

2017-04-19 16:27 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help

2017-04-19 16:27 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2017-04-19 16:27 - 2016-12-16 09:56 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2017-04-19 16:27 - 2016-11-20 00:40 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com

2017-04-19 16:27 - 2016-10-08 15:29 - 00000000 ____D C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc

2017-04-17 15:53 - 2016-11-27 17:18 - 00000000 ____D C:\Users\Koen\AppData\Roaming\TS3Client

2017-04-17 00:36 - 2016-10-09 09:13 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-04-16 09:22 - 2016-10-09 18:34 - 00002638 _____ C:\Users\Public\Desktop\Skype.lnk

2017-04-16 09:22 - 2016-10-09 18:34 - 00000000 ____D C:\ProgramData\Skype

2017-04-16 08:56 - 2017-02-19 22:30 - 00000000 ____D C:\Users\Koen\AppData\Local\Mozilla

2017-04-16 08:17 - 2016-10-08 15:29 - 00000000 ____D C:\Users\Koen\AppData\Roaming\discord

2017-04-15 20:39 - 2016-10-14 18:11 - 00268952 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr

2017-04-15 20:39 - 2016-10-14 17:21 - 00268952 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe

2017-04-12 18:02 - 2016-10-08 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-04-12 18:01 - 2016-10-08 16:28 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-04-09 14:10 - 2016-10-08 14:43 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

==================== Bestanden in de root van sommige mappen =======

 

2017-04-30 18:42 - 2017-04-30 18:55 - 0000004 _____ () C:\Users\Koen\AppData\Roaming\pid.txt

2017-04-30 18:42 - 2017-04-30 18:55 - 0000081 _____ () C:\Users\Koen\AppData\Roaming\pidloc.txt

2017-04-19 16:27 - 2017-04-19 16:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2017-05-01 11:27 - 2017-03-02 11:27 - 0000032 ____R () C:\ProgramData\hash.dat

2016-11-11 10:37 - 2016-11-11 10:37 - 0000016 _____ () C:\ProgramData\mntemp

 

Bestanden om te verplaatsen of verwijderen:

====================

C:\ProgramData\hash.dat

 

 

Sommige bestanden in TEMP:

====================

2017-04-30 18:44 - 2017-04-30 18:44 - 1200816 _____ (Canonelebo                                                  ) C:\Users\Koen\AppData\Local\Temp\ICReinstall_Extreme Injector v3.6.exe

2017-04-22 13:21 - 2017-04-22 13:21 - 0739904 _____ (Oracle Corporation) C:\Users\Koen\AppData\Local\Temp\jre-8u131-windows-au.exe

2017-04-10 08:59 - 2017-04-01 03:36 - 0868152 _____ (NVIDIA Corporation) C:\Users\Koen\AppData\Local\Temp\nvSCPAPI64.dll

2017-04-26 19:29 - 2017-04-01 03:36 - 0369208 _____ (NVIDIA Corporation) C:\Users\Koen\AppData\Local\Temp\nvStInst.exe

 

==================== Bamital & volsnap ======================

 

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

 

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend

C:\WINDOWS\system32\wininit.exe => Bestand is getekend

C:\WINDOWS\explorer.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend

C:\WINDOWS\system32\svchost.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend

C:\WINDOWS\system32\services.exe => Bestand is getekend

C:\WINDOWS\system32\User32.dll => Bestand is getekend

C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend

C:\WINDOWS\system32\userinit.exe => Bestand is getekend

C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend

C:\WINDOWS\system32\rpcss.dll => Bestand is getekend

C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend

C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend

C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

 

LastRegBack: 2017-05-04 19:22

 

==================== Eind van FRST.txt ============================

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please post the additions.txt log. It should be located here C:\Users\Koen\Downloads

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please post the additions.txt log. It should be located here C:\Users\Koen\Downloads

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[spellforce37]

# AdwCleaner v6.046 - Logbestand aangemaakt 09/05/2017 op 16:50:35

# Bijgewerkt op 24/04/2017 door Malwarebytes

# Database : 2017-05-08.1 [Server]

# Besturingssysteem : Windows 10 Home  (X64)

# Gebruikersnaam : Koen - DESKTOP-UFRJSRB

# Gestart vanuit : C:\Users\Koen\Downloads\adwcleaner_6.046.exe

# Mode: Verwijderen

# Ondersteuning : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

 

 

***** [ Mappen ] *****

 

[-] Map verwijderd: C:\ProgramData\Mail.Ru

[#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\Mail.Ru

[-] Map verwijderd: C:\Program Files (x86)\Mail.Ru

[-] Map verwijderd: C:\Program Files (x86)\PC Speed Maximizer

[-] Map verwijderd: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}

[-] Map verwijderd: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\extensions\[email protected]

[-] Map verwijderd: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\extensions\[email protected]

 

 

***** [ Bestanden ] *****

 

[-] Bestand verwijderd: C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk

[-] Bestand verwijderd: C:\Users\Koen\Favorites\Mail.Ru.url

[-] Bestand verwijderd: C:\Users\Koen\Favorites\Mail.Ru Агент - используй для общения!.url

[-] Bestand verwijderd: C:\END

[-] Bestand verwijderd: C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\cja99cea.default\searchplugins\mailru.xml

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Snelkoppelingen ] *****

 

[!] Snelkoppeling niet verwijderd: C:\Users\Koen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk

 

 

***** [ Geplande Taken ] *****

 

 

 

***** [ Register ] *****

 

[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO

[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1

[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO

[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1

[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}

[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}

[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\PRODUCTSETUP

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Mail.Ru

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\csastats

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Xpom

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\AppDataLow\Software\Mail.Ru

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\PRODUCTSETUP

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\Mail.Ru

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\csastats

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\Xpom

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\AppDataLow\Software\Mail.Ru

[-] Sleutel verwijderd: HKLM\SOFTWARE\Mail.Ru

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\PRODUCTSETUP

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Mail.Ru

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\csastats

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Xpom

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru

[#] Data hersteld tijdens herstart: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 

[#] Data hersteld tijdens herstart: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 

[#] Data hersteld tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 

[-] Sleutel verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}

[#] Data hersteld tijdens herstart: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Sleutel verwijderd tijdens herstart: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}

[#] Data hersteld tijdens herstart: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}

[#] Data hersteld tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[-] Waarde verwijderd: HKU\S-1-5-21-1306870573-2952818353-1308505402-1001\Software\Microsoft\Windows\CurrentVersion\Run [mailruhomesearch]

[#] Waarde verwijderd tijdens herstart: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [mailruhomesearch]

[#] Waarde verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [mailruhomesearch]

[-] Sleutel verwijderd: HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe

 

 

***** [ Browsers ] *****

 

[-] Firefox voorkeuren opgeschoond: "browser.search.defaultenginename" -  "Поиск@Mail.Ru"

[-] Firefox voorkeuren opgeschoond: "browser.search.selectedEngine" -  "Поиск@Mail.Ru"

[-] Firefox voorkeuren opgeschoond: "browser.startup.homepage" -  "hxxp://mail.ru/cnt/10445?gp=811040"

 

 

*************************

 

:: "Tracing" sleutels verwijderd

[spellforce37]

i got still the website that open automatic without reason.

even i used the cleaner u gave me

[zep516]

Hello,

Post the additions.txt log located here-> C:\Users\Koen\Downloads

Next
Reset your Chrome browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

[spellforce37]

i did it we will see if its stilling popping website

[zep516]

Hello,

Post me the the other log file too . The log file is called additions.txt and it should be in your downloads folder

[zep516]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.