Mededeling

Collapse
No announcement yet.

Doorgestuurd wegens oplopend RAM-Gebruik

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Doorgestuurd wegens oplopend RAM-Gebruik

    Beste Moderators,

    Ik moet u eerst vermelden dat ik de afgelopen 2 dagen niet heb in kunnen loggen op u site. Ik kon enkel nog inloggen via een link die uw collega (dorado) mij gestuurd had, als er door een moderator gereageerd is op je topic). Ik heb hem toen gemeld dat het onmogelijk was om in te loggen, dorado stuurde mij daarop een privelink en daar kon ik niet mee inloggen. Ook niet met een ander account, niet in veilige modus, kortom, op geen enkele manier. Tot nu dus. Nu kan ik opeens weer inloggen.

    Nu mijn probleem: Ik kamp al sinds dat ik mijn computer heb aangeschaft met een oplopend RAM-Gebruik en ik heb hierover contact gehad met uw collega dorado, die met mij verschillende stappen heeft doorgelopen, helaas zonder succes. Hij kwam met de optie om hier een topic aan te maken, dus bij deze.

    Ik kan u de gevraagde logs sturen, die van Malwarebytes is van 28-3-2017 en niet van vandaag, de overige zijn actueel. Ik voeg ze toe aan mijn post, zoals u dat verlangd, mocht het nodig zijn om toch het actuele MBAM rapport te zenden, dan zal ik dat doen.

    U vraagt bij Malwarebytes om een aangespaste scan, deze duurt echter een uur of vier voordat hij klaar is en nu kan ik een topic aanmaken en dan zult u zien als ik eerst een scan laat uitvoeren door Malwarebytes, dat ik dan weer niet kan inloggen straks.

    Ter informatie: Ik heb Driverview bekeken en deze geeft bij de volgende drivers unknown aan.

    -diskdump.sys
    -dumpfve.sys
    -storahci.sys

    Deze bestanden heb ik wel teruggezien in mijn map, echter in Driverview worden ze weergegeven met dump_ ervoor en diskdump.sys staat in mijn map als Diskdump.sys, dus met een hoofdletter.

    Ik weet dus niet of er sprake is van een virus, vandaar dat ik uw hulp inroep.
    Ik hoop dat u mij van dienst kan zijn, alvast bedankt en dan stuur ik u hieronder de gevraagde logs.

    1. Mbamlog.

    Malwarebytes
    www.malwarebytes.com

    -Logboekdetails-
    Scandatum: 28-03-17
    Scantijd: 19:54
    Logboekbestand: mabamlog.txt
    Beheerder: Ja

    -Software-informatie-
    Versie: 3.0.6.1469
    Versie componenten: 1.0.75
    Update pakketversie: 1.0.1615
    Licentie: Premium

    -Systeeminformatie-
    Besturingssysteem: Windows 10
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: PCRALPH\PC-R

    -Scansamenvatting-
    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 345487
    Verstreken tijd: 4 u., 39 min, 33 sec

    -Scanopties-
    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    -Scandetails-
    Proces: 0
    (Geen kwaadaardige items gedetecteerd)

    Module: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutel: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarde: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Gegevensstroom: 0
    (Geen kwaadaardige items gedetecteerd)

    Map: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestand: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke sector: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)



    ==>>> 2.De Adwarelog.


    # AdwCleaner v6.045 - Logbestand aangemaakt 31/03/2017 op 10:51:14
    # Bijgewerkt op 28/03/2017 door Malwarebytes
    # Database : 2017-03-30.1 [Server]
    # Besturingssysteem : Windows 10 Pro (X64)
    # Gebruikersnaam : PC-R - PCRALPH
    # Gestart vanuit : C:\Users\PC-R\Desktop\adwcleaner_6.045.exe
    # Mode: Scannen
    # Ondersteuning : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    Geen kwaadaardige services gevonden.


    ***** [ Mappen ] *****

    Geen kwaadaardige mappen gevonden.


    ***** [ Bestanden ] *****

    Geen kwaadaardige bestanden gevonden.


    ***** [ DLL ] *****

    Geen kwaadaardige DLLs gevonden.


    ***** [ WMI ] *****

    Geen kwaadaardige sleutels gevonden.


    ***** [ Snelkoppelingen ] *****

    Geen geïnfecteerde snelkoppeling gevonden.


    ***** [ Geplande Taken ] *****

    Geen kwaadaardige taak gevonden.


    ***** [ Register ] *****

    Geen kwaadaardige register waardes gevonden.


    ***** [ Internetbrowsers ] *****

    Geen kwaadaardige op Firefox gebaseerde browser items gevonden.
    Geen kwaadaardige op Chromium gebaseerde browser items gevonden.

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1131 bytes] - [28/03/2017 07:28:59]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1309 bytes] - [28/03/2017 07:28:08]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1436 bytes] - [29/03/2017 06:30:09]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1357 bytes] - [31/03/2017 10:51:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1430 bytes] ##########



    De ander logs post ik een een ander bericht (te lang).

  • #2
    ===>>> De DDS.txt log.


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.14393.953
    Run by PC-R at 10:54:43 on 2017-03-31
    Microsoft Windows 10 Pro 10.0.14393.0.1252.31.1043.18.8080.2777 [GMT 2:00]
    .
    AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
    SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    SP: Norton Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    FW: Norton Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
    FW: Norton Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    C:\WINDOWS\System32\svchost.exe -k utcsvc
    C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
    C:\Program Files (x86)\Winstep\WsxService.exe
    C:\WINDOWS\system32\svchost.exe -k appmodel
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
    C:\WINDOWS\system32\taskhostw.exe
    C:\Users\PC-R\Downloads\cleanmem\mini_monitor.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Winstep\Nexus.exe
    C:\Program Files (x86)\XWidget\xwidget.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
    C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\NS.exe
    C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\NS.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
    C:\WINDOWS\system32\ApplicationFrameHost.exe
    C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    C:\Program Files\Windows Defender\msascuil.exe
    C:\Program Files (x86)\PrivaZer\PrivaZer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uLocal Page = %11%\blank.htm
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coieplg.dll
    BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.0.71\coieplg.dll
    uRun: [OneDrive] "C:\Users\PC-R\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    uRun: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe
    uRun: [SendAnywhere] "C:\Program Files (x86)\Send Anywhere\sendanywhere.exe" --tray
    mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    TCP: NameServer = 62.179.104.196 213.46.228.198
    TCP: Interfaces\{2089b984-4a75-4b3c-ad91-865d7b474712} : DHCPNameServer = 62.179.104.196 213.46.228.198
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
    Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = ""
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll
    x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
    x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.0.71\coIEPlg.dll
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
    x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
    x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
    x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
    x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    .

    Comment


    • #3
      2e gedeelte DDS.log


      ============= SERVICES / DRIVERS ===============
      .
      R0 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
      R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-21 48992]
      R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symefasi64.sys [2017-3-31 1716896]
      R0 volume;Volumestuurprogramma;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
      R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
      R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
      R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-21 199008]
      R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-21 227328]
      R1 ccSet_NS;NS Settings Manager;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ccsetx64.sys [2017-3-31 174240]
      R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-3-27 77408]
      R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
      R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
      R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ironx64.sys [2017-3-31 291480]
      R1 veracrypt;veracrypt;C:\WINDOWS\System32\drivers\veracrypt.sys [2017-3-22 467368]
      R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2017-2-21 106944]
      R2 CDPSvc;Service Platform voor verbonden apparaten;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      R2 CDPUserSvc_55325;CDPUserSvc_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-3-5 3736776]
      R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
      R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
      R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
      R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-7 31776]
      R2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2016-12-20 4295320]
      R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-3-27 186304]
      R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-3-27 4355024]
      R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe [2017-3-31 326160]
      R2 OneSyncSvc_55325;Host synchroniseren_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-2-21 320512]
      R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
      R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
      R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-21 119648]
      R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
      R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?]
      R2 WiseFs;WiseFs;C:\Windows\WiseFs64.sys [2017-3-3 43440]
      R2 WpnService;Systeemservice voor Windows Push Notifications;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      R3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20170327.001\BHDrvx64.sys [2017-3-27 1831064]
      R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-3-30 156824]
      R3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170330.001\IDSviA64.sys [2017-3-31 1038024]
      R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2014-3-26 342528]
      R3 KeyScrambler;KeyScrambler;C:\WINDOWS\System32\drivers\keyscrambler.sys [2017-3-19 224720]
      R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      R3 LicenseManager;Service voor Windows-licentiebeheer ;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-10-26 351520]
      R3 LVUVC64;@oem9.inf,%PID_0819_DD%(UVC);Logitech Webcam C210(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
      R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-3-27 111544]
      R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-3-27 43968]
      R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-3-27 251840]
      R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-3-27 92088]
      R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
      R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
      R3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NSx64\1609000.047\symnets.sys [2017-3-30 567512]
      R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
      S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symelam.sys [2017-3-31 24616]
      S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
      S3 AcpiDev;Stuurprogramma voor ACPI-apparaten;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
      S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
      S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
      S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
      S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
      S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-11-21 127328]
      S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
      S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
      S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
      S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
      S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
      S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
      S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
      S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-21 118272]
      S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
      S3 cht4vbd;Chelsio virtuele-busstuurprogramma;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
      S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
      S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
      S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 embeddedmode;Ingesloten modus;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
      S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
      S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
      S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
      S3 hpqcaslwmiex;HP CASL Framework Service;C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-6-3 1031704]
      S3 HvHost;HV-hostservice;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
      S3 iai2c;Intel(R) Serial IO I2C-hostcontroller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
      S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
      S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C-stuurprogramma v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
      S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
      S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
      S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
      S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
      S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
      S3 IndirectKmd;Indirecte weergave kernelmodusstuurprogramma;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
      S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
      S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
      S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-21 64352]
      S3 MessagingService_55325;MessagingService_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
      S3 MsSecFlt;Minifilter voor Microsoft Security Events Component;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
      S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
      S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
      S3 netr28x;Ralink 802.11n stuurprogramma voor Extensible draadloze netwerken;C:\WINDOWS\System32\drivers\netr28x.sys [2016-7-16 2504192]
      S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
      S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2017-3-5 257232]
      S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
      S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
      S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      S3 PimIndexMaintenanceSvc_55325;Contact Data_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
      S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 RL_DJIFIE2_MIDI;Digital Jockey - IE2 WDM MIDI Device;C:\WINDOWS\System32\drivers\rldjif2m.sys [2017-3-10 30720]
      S3 RL_DJIFIE2_USB;usb-audio.de driver for Reloop Digital Jockey - IE2;C:\WINDOWS\System32\drivers\rldjif2u.sys [2017-3-10 453120]
      S3 RL_DJIFIE2_WDM;Digital Jockey - IE2 WDM Audio;C:\WINDOWS\System32\drivers\rldjif2a.sys [2017-3-10 43520]
      S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 scmbus;Microsoft-stuurprogramma voor geheugenbus opslagklasse;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
      S3 scmdisk0101;Microsoft-stuurprogramma voor NVDIMM-N-schijven;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
      S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-21 2889896]
      S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
      S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
      S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
      S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-21 81760]
      S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
      S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\WINDOWS\System32\drivers\tapSF0901.sys [2015-7-31 39104]
      S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
      S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
      S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
      S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
      S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
      S3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
      S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
      S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
      S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
      S3 UnistoreSvc_55325;User Data Storage_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
      S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
      S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
      S3 UserDataSvc_55325;User Data Access_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
      S3 vmgid;Microsoft Hyper-V-stuurprogramma voor de gastinfrastructuur;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
      S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
      S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
      S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
      S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
      S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
      S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
      S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.sys [2017-3-8 14544]
      S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
      S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      S3 WpnUserService_55325;Windows Push Notification-gebruikersservice_55325;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
      S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-21 43520]
      S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-2-22 822624]
      S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
      S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
      .
      =============== Created Last 30 ================
      .
      2098-07-04 18:58:00 -------- d-----r- C:\Users\PC-R\Documents
      2090-08-02 19:12:07 -------- d-----r- C:\Users\PC-R\Music
      2064-07-10 15:48:05 -------- d-----r- C:\Users\PC-R\Videos
      2040-02-12 10:15:08 -------- d-----r- C:\Users\PC-R\Pictures
      2017-03-31 05:07:11 567512 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symnets.sys
      2017-03-31 05:07:11 24616 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symelam.sys
      2017-03-31 05:07:11 1716896 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\symefasi64.sys
      2017-03-31 05:07:10 770200 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\srtsp64.sys
      2017-03-31 05:07:10 49312 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\srtspx64.sys
      2017-03-31 05:07:10 291480 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ironx64.sys
      2017-03-31 05:07:10 174240 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C\ccsetx64.sys
      2017-03-31 05:06:46 -------- d-----w- C:\WINDOWS\System32\drivers\NSx64\1609010.00C
      2017-03-30 12:34:36 567512 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\symnets.sys
      2017-03-30 12:34:36 24616 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\symelam.sys
      2017-03-30 12:34:36 1716896 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\symefasi64.sys
      2017-03-30 12:34:35 760992 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\srtsp64.sys
      2017-03-30 12:34:35 49312 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\srtspx64.sys
      2017-03-30 12:34:35 291480 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\ironx64.sys
      2017-03-30 12:34:35 174240 ----a-w- C:\WINDOWS\System32\drivers\NSx64\1609000.047\ccsetx64.sys
      2017-03-30 12:34:12 -------- d-----w- C:\WINDOWS\System32\drivers\NSx64\1609000.047
      2017-03-30 09:01:41 -------- d-----w- C:\Program Files\Common Files\AV
      2017-03-30 08:29:16 -------- d-----w- C:\NPE
      2017-03-30 08:26:21 -------- d-----w- C:\Users\PC-R\AppData\Local\NPE
      2017-03-30 08:09:52 102608 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
      2017-03-30 08:09:52 100592 ----a-w- C:\WINDOWS\SMSS-PFRO5bb7.tmp
      2017-03-30 08:09:52 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
      2017-03-30 08:08:05 -------- d-----w- C:\WINDOWS\System32\drivers\NSx64
      2017-03-30 08:08:00 -------- d---a-w- C:\Program Files (x86)\Norton Security
      2017-03-30 03:17:57 12774864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{088E6D3A-E3CF-461E-ACA4-627E9884586B}\mpengine.dll
      2017-03-30 03:11:59 12774864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
      2017-03-28 05:24:42 -------- d-----w- C:\AdwCleaner
      2017-03-27 17:35:32 186304 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
      2017-03-27 17:35:28 92088 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
      2017-03-27 17:35:28 111544 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
      2017-03-27 17:35:24 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
      2017-03-27 17:34:10 251840 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
      2017-03-27 17:33:49 77408 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
      2017-03-27 17:33:41 -------- d-----w- C:\Program Files\Malwarebytes
      2017-03-27 10:38:52 -------- d-----w- C:\ProgramData\Avira
      2017-03-27 10:27:17 251840 ----a-w- C:\WINDOWS\System32\drivers\0A5D4E90.sys
      2017-03-27 09:48:22 -------- d-----w- C:\ProgramData\Malwarebytes
      2017-03-27 09:45:14 -------- d-----w- C:\Users\PC-R\AppData\Local\Macromedia
      2017-03-24 13:35:43 -------- d-----w- C:\Users\PC-R\AppData\Roaming\freac
      2017-03-24 13:34:57 -------- d-----w- C:\Program Files (x86)\freac
      2017-03-24 06:14:26 -------- d-----w- C:\Users\PC-R\AppData\Roaming\IceDragon
      2017-03-24 06:14:14 -------- d-----w- C:\Users\PC-R\AppData\Local\Comodo
      2017-03-24 06:13:56 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Comodo
      2017-03-24 06:13:39 -------- d-----w- C:\Program Files (x86)\Comodo
      2017-03-24 06:13:02 348160 ----a-w- C:\WINDOWS\SysWow64\msvcr71.dll
      2017-03-24 06:13:02 1060864 ----a-w- C:\WINDOWS\SysWow64\mfc71.dll
      2017-03-23 14:31:24 -------- d-----w- C:\Users\PC-R\AppData\Roaming\PrimoPDF
      2017-03-23 14:30:16 95008 ----a-w- C:\WINDOWS\System32\Primomonnt.dll
      2017-03-23 14:30:12 -------- d-----w- C:\Program Files (x86)\Nitro PDF
      2017-03-23 13:43:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
      2017-03-23 13:40:00 -------- d---a-w- C:\Program Files (x86)\Norton Security Scan
      2017-03-23 13:40:00 -------- d-----w- C:\WINDOWS\System32\drivers\NSSx64\0406010.050
      2017-03-23 13:40:00 -------- d-----w- C:\WINDOWS\System32\drivers\NSSx64
      2017-03-23 13:40:00 -------- d-----w- C:\ProgramData\Norton
      2017-03-23 13:39:53 -------- d-----w- C:\ProgramData\NortonInstaller
      2017-03-23 13:39:53 -------- d-----w- C:\Program Files (x86)\NortonInstaller
      2017-03-22 08:35:32 -------- d-----w- C:\WINDOWS\pss
      2017-03-22 07:44:17 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D72950E6-5048-4407-99B9-C6F37601DBEE}\gapaengine.dll
      2017-03-22 07:40:16 -------- d-----w- C:\Users\PC-R\AppData\Roaming\QFX Software
      2017-03-22 07:40:16 -------- d-----w- C:\ProgramData\QFX Software
      2017-03-21 23:30:34 -------- d-----w- C:\Program Files (x86)\KeyScrambler
      2017-03-21 22:28:10 467368 ----a-w- C:\WINDOWS\System32\drivers\veracrypt.sys
      2017-03-21 22:26:56 -------- d-----w- C:\Program Files\VeraCrypt
      2017-03-21 22:15:09 -------- d-----w- C:\Users\PC-R\AppData\Local\Diagnostics
      2017-03-21 11:22:11 -------- d-----w- C:\WINDOWS\SysWow64\wbem\Performance
      2017-03-21 11:14:41 -------- d-----w- C:\RegBackup
      2017-03-21 10:39:32 -------- d-----w- C:\Program Files (x86)\Tweaking.com
      2017-03-19 09:48:37 224720 ----a-w- C:\WINDOWS\System32\drivers\keyscrambler.sys
      2017-03-17 13:30:33 -------- d---a-w- C:\Program Files (x86)\Send Anywhere
      2017-03-16 10:49:17 -------- d-----w- C:\Program Files (x86)\Pioneer
      2017-03-15 06:35:59 700416 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.Search.dll
      2017-03-15 06:32:24 8886976 ----a-w- C:\WINDOWS\SysWow64\OneDriveSetup.exe
      2017-03-13 03:35:24 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Moonchild Productions
      2017-03-13 03:35:24 -------- d-----w- C:\Users\PC-R\AppData\Local\Moonchild Productions
      2017-03-13 03:35:03 -------- d---a-w- C:\Program Files\Pale Moon
      2017-03-12 07:12:38 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Steinberg
      2017-03-12 07:12:26 -------- d-----w- C:\Program Files\Steinberg
      2017-03-12 06:58:18 -------- d-----w- C:\Program Files\VSTPlugins
      2017-03-10 14:01:35 -------- d-----w- C:\WINDOWS\usb-audio.deRLDJIF2
      2017-03-10 14:00:56 453120 ----a-w- C:\WINDOWS\System32\drivers\rldjif2u.sys
      2017-03-10 14:00:56 43520 ----a-w- C:\WINDOWS\System32\drivers\rldjif2a.sys
      2017-03-10 14:00:56 30720 ----a-w- C:\WINDOWS\System32\drivers\rldjif2m.sys
      2017-03-09 12:14:58 -------- d-----w- C:\Users\PC-R\Reason Songs
      2017-03-09 11:34:41 338432 ----a-w- C:\WINDOWS\SysWow64\REX Shared Library.dll
      2017-03-09 11:34:40 406528 ----a-w- C:\WINDOWS\SysWow64\ReWire.dll
      2017-03-09 11:32:04 -------- d-----w- C:\ProgramData\Propellerhead Software
      2017-03-09 11:32:03 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Propellerhead Software
      2017-03-09 11:28:21 -------- d-----w- C:\Program Files (x86)\Propellerhead
      2017-03-09 11:08:44 -------- d-----w- C:\Users\PC-R\AppData\Roaming\tixati
      2017-03-09 10:42:31 -------- d-----w- C:\ProgramData\Caphyon
      2017-03-09 10:04:31 -------- d-----w- C:\Users\PC-R\AppData\Local\IsolatedStorage
      2017-03-09 10:00:46 -------- d-----w- C:\Program Files\tixati
      2017-03-09 00:17:08 12935296 ----a-w- C:\WINDOWS\System32\igdumd64.dll
      2017-03-09 00:17:06 975184 ----a-w- C:\WINDOWS\SysWow64\igfxcmrt32.dll
      2017-03-09 00:17:06 558728 ----a-w- C:\WINDOWS\System32\iglhsip64.dll
      2017-03-09 00:17:06 553424 ----a-w- C:\WINDOWS\SysWow64\iglhsip32.dll
      2017-03-09 00:17:06 51184 ----a-w- C:\WINDOWS\System32\igfxexps.dll
      2017-03-09 00:17:06 242800 ----a-w- C:\WINDOWS\System32\iglhcp64.dll
      2017-03-09 00:17:06 206000 ----a-w- C:\WINDOWS\SysWow64\iglhcp32.dll
      2017-03-09 00:17:06 1086408 ----a-w- C:\WINDOWS\System32\igfxcmrt64.dll
      2017-03-07 16:40:04 -------- d-----w- C:\Users\PC-R\AppData\Local\HP_Development_Company,_L
      2017-03-07 06:20:42 -------- d-----w- C:\Users\PC-R\AppData\Local\Hewlett-Packard
      2017-03-07 05:30:12 -------- d-----w- C:\Program Files (x86)\HP
      2017-03-07 05:29:48 -------- d-----w- C:\Users\PC-R\AppData\Roaming\hpqLog
      2017-03-06 09:35:32 -------- d-----w- C:\ESD
      2017-03-06 09:32:37 -------- d-----w- C:\$WINDOWS.~BT
      2017-03-06 09:32:32 -------- d--h--w- C:\$Windows.~WS
      2017-03-06 09:17:29 -------- d-----w- C:\ProgramData\Canneverbe Limited
      2017-03-06 09:16:45 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Canneverbe Limited
      2017-03-06 08:30:28 34784 ----a-w- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
      2017-03-05 16:58:32 516896 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
      2017-03-05 16:56:18 98128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.d ll
      2017-03-05 16:56:18 73552 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dl l
      2017-03-05 16:56:18 65344 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll
      2017-03-05 16:56:18 59208 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
      2017-03-05 16:56:18 53088 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v 9.0.dll
      2017-03-05 16:56:18 28488 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
      2017-03-05 16:56:18 279320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
      2017-03-05 16:55:14 94048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10 .0.dll
      2017-03-05 16:55:14 58184 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
      2017-03-05 16:55:14 51568 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter. v10.0.dll
      2017-03-05 16:55:14 51568 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter. v10.0.dll
      2017-03-05 16:55:14 28488 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
      2017-03-05 16:52:34 20672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll
      2017-03-05 16:50:36 30456 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
      2017-03-05 16:37:14 257232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      2017-03-05 12:13:28 -------- d-----w- C:\Users\PC-R\AppData\Roaming\AIMP
      2017-03-05 12:13:20 -------- d-----w- C:\Program Files (x86)\AIMP
      2017-03-05 11:02:15 -------- d-----w- C:\Users\PC-R\AppData\Local\SoulseekQt
      2017-03-05 10:57:33 -------- d---a-w- C:\Program Files (x86)\SoulseekQt
      2017-03-05 09:35:37 -------- d-----w- C:\Users\PC-R\AppData\Local\gtk-2.0
      2017-03-05 09:31:21 -------- d-----w- C:\Users\PC-R\AppData\Local\fontconfig
      2017-03-05 09:31:17 -------- d-----w- C:\Users\PC-R\AppData\Local\gegl-0.2
      2017-03-05 09:25:43 -------- d---a-w- C:\Program Files\GIMP 2
      2017-03-05 08:27:45 -------- d-----w- C:\Program Files\WDK
      2017-03-05 06:17:12 2399952 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
      2017-03-05 06:17:10 80656 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msointl30.nl-nl.dll
      2017-03-05 06:17:10 1002176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.nl-nl.dll
      2017-03-05 06:04:09 4926664 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
      2017-03-04 17:26:11 -------- d-----w- C:\Users\PC-R\AppData\Local\Estmob
      2017-03-04 17:26:05 -------- d-----w- C:\Users\PC-R\AppData\Local\PeerDistRepub
      2017-03-04 14:25:20 -------- d-----w- C:\Users\PC-R\AppData\Local\CEF
      2017-03-04 14:22:01 -------- d-----w- C:\Users\PC-R\AppData\Local\Adobe
      2017-03-04 11:49:23 -------- d-----w- C:\Users\PC-R\AppData\Local\ElevatedDiagnostics
      2017-03-04 11:28:00 -------- d-----w- C:\WINDOWS\System32\DAX3
      2017-03-04 11:28:00 -------- d-----w- C:\ProgramData\Audyssey Labs
      2017-03-04 11:27:59 -------- d-----w- C:\WINDOWS\System32\DAX2
      2017-03-04 11:22:59 118592 ----a-w- C:\WINDOWS\System32\AcpiServiceVnA64.dll
      2017-03-04 11:22:59 -------- d-----w- C:\Program Files (x86)\Realtek
      2017-03-04 11:22:53 -------- d--h--w- C:\Program Files (x86)\Temp
      2017-03-04 11:22:51 2839520 ----a-w- C:\WINDOWS\RtlExUpd.dll
      2017-03-04 11:03:48 -------- d-----w- C:\ProgramData\boost_interprocess
      2017-03-04 11:03:47 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Vara Software
      2017-03-04 11:03:19 -------- d-----w- C:\Users\PC-R\AppData\Local\Telestream
      2017-03-04 11:03:19 -------- d-----w- C:\ProgramData\Telestream
      2017-03-04 11:03:18 -------- d-----w- C:\Users\PC-R\AppData\Roaming\WirecastCache
      2017-03-04 11:03:18 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Wirecast
      2017-03-04 10:59:34 -------- d-----w- C:\Program Files\Telestream
      2017-03-04 05:55:58 -------- d-----w- C:\Program Files\VS Revo Group
      2017-03-04 05:47:32 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
      2017-03-04 05:45:31 -------- d-----w- C:\WINDOWS\System32\MRT
      2017-03-04 04:36:50 1475160 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
      2017-03-03 18:14:32 -------- d---a-w- C:\Program Files (x86)\XWidget
      2017-03-03 18:09:27 43440 ----a-w- C:\WINDOWS\WiseFs64.sys
      2017-03-03 18:08:45 -------- d-----w- C:\Users\PC-R\AppData\Roaming\Wise Folder Hider
      2017-03-03 18:08:35 -------- d-----w- C:\Program Files (x86)\Wise
      2017-03-03 18:06:21 -------- d-----w- C:\Users\PC-R\AppData\Local\AxCrypt
      2017-03-03 18:06:08 -------- d-----w- C:\Program Files\AxCrypt
      2017-03-03 17:57:58 -------- d---a-w- C:\Program Files (x86)\PrivaZer
      2017-03-03 17:57:58 -------- d-----w- C:\Users\PC-R\AppData\Local\PrivaZer
      2017-03-03 17:57:58 -------- d-----w- C:\ProgramData\privazer
      2017-03-03 17:54:02 -------- d---a-w- C:\Program Files\CCleaner
      2017-03-03 17:52:27 -------- d---a-w- C:\Program Files\Speccy
      2017-03-03 17:41:58 798208 ----a-w- C:\WINDOWS\SysWow64\NextControls.ocx
      2017-03-03 17:41:58 608448 ----a-w- C:\WINDOWS\SysWow64\comctl32.ocx
      2017-03-03 17:41:58 1347344 ----a-w- C:\WINDOWS\SysWow64\msvbvm50.dll
      2017-03-03 17:41:58 -------- d---a-w- C:\Program Files (x86)\Winstep
      2017-03-03 17:31:02 -------- d-----w- C:\Users\PC-R\AppData\Local\Stardock
      2017-03-03 17:31:02 -------- d-----w- C:\ProgramData\Stardock
      2017-03-03 17:30:23 -------- d-----w- C:\Program Files (x86)\Stardock
      2017-03-03 17:28:08 -------- d-----w- C:\Users\PC-R\AppData\Local\Programs
      2017-03-03 17:26:51 -------- d-----w- C:\WINDOWS\CryptoGuard
      2017-03-03 17:26:51 -------- d-----w- C:\ProgramData\HitmanPro
      2017-03-03 17:26:32 -------- d-----w- C:\ProgramData\HitmanPro.Alert
      2017-03-03 17:08:35 -------- d-----w- C:\Users\PC-R\AppData\Local\Mozilla
      2017-03-03 17:04:48 -------- d-----w- C:\Users\PC-R\AppData\Local\MicrosoftEdge
      2017-03-03 16:58:16 -------- d-----w- C:\Users\PC-R\AppData\Local\Comms
      2017-03-03 16:55:59 -------- dc-h--w- C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}
      2017-03-03 16:51:27 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
      2017-03-03 16:50:52 -------- dc-h--w- C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}
      2017-03-03 16:50:50 -------- d---a-w- C:\Program Files\Common Files\Native Instruments
      2017-03-03 16:50:50 -------- d-----w- C:\ProgramData\Native Instruments
      2017-03-03 16:50:50 -------- d-----w- C:\Program Files\Native Instruments
      2017-03-03 16:49:38 -------- d-----w- C:\ProgramData\Package Cache
      2017-03-03 16:40:46 -------- d-----w- C:\ProgramData\Microsoft OneDrive
      2017-03-03 16:38:58 -------- d-----w- C:\Users\PC-R\AppData\Local\Publishers
      2017-03-03 16:38:33 -------- d-----w- C:\Users\PC-R\AppData\Local\VirtualStore
      2017-03-03 16:38:29 -------- d-----r- C:\Users\PC-R\Searches
      2017-03-03 16:38:23 -------- d-----w- C:\Users\PC-R\AppData\Local\Packages
      2017-03-03 16:38:17 -------- d-----w- C:\Users\PC-R\AppData\Local\TileDataLayer
      2017-03-03 16:38:06 -------- d-----w- C:\Users\PC-R\AppData\Local\ConnectedDevicesPlatform
      2017-03-03 16:35:28 -------- d-sh--we C:\ProgramData\Sjablonen
      2017-03-03 16:35:28 -------- d-sh--we C:\ProgramData\Menu Start
      2017-03-03 16:35:28 -------- d-sh--we C:\ProgramData\Documenten
      2017-03-03 16:35:28 -------- d-sh--we C:\ProgramData\Bureaublad
      2017-03-03 16:35:27 -------- d-sh--w- C:\Recovery
      2017-03-03 16:34:43 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
      2017-03-03 16:33:26 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
      2017-03-03 16:29:25 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
      2017-03-03 16:29:25 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
      2017-03-03 16:19:22 -------- d-----w- C:\WINDOWS\System32\SRSLabs
      2017-03-03 16:19:13 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
      2017-03-03 16:19:13 -------- d-----w- C:\Program Files\Realtek
      2017-03-03 16:11:48 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
      2017-03-03 16:11:03 -------- d-----w- C:\ProgramData\USOShared
      2017-03-03 16:09:36 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
      2017-03-03 16:08:51 -------- d-----w- C:\WINDOWS\System32\SleepStudy
      2017-03-03 16:06:32 -------- d-----w- C:\WINDOWS\InfusedApps
      2017-03-03 16:06:18 -------- dc----w- C:\WINDOWS\Panther
      2017-03-03 16:06:03 -------- d-----w- C:\Windows.old
      2017-03-03 16:05:47 -------- d-----w- C:\WINDOWS\System32\Microsoft
      2017-03-03 16:05:47 -------- d-----w- C:\WINDOWS\ServiceProfiles
      2017-03-03 16:04:34 -------- d-----w- C:\WINDOWS\Setup
      .
      ==================== Find3M ====================
      .
      2017-03-10 05:17:56 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
      2017-03-10 05:17:56 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
      2017-03-09 00:17:08 13182528 ----a-w- C:\WINDOWS\System32\igd10umd64.dll
      2017-03-09 00:17:08 11460448 ----a-w- C:\WINDOWS\SysWow64\igd10umd32.dll
      2017-03-09 00:17:08 11330576 ----a-w- C:\WINDOWS\SysWow64\igdumd32.dll
      2017-03-04 07:57:44 192352 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
      2017-03-04 07:57:43 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
      2017-03-04 07:57:40 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
      2017-03-04 07:44:57 1470816 ----a-w- C:\WINDOWS\SysWow64\AppVEntSubsystems32.dll
      2017-03-04 07:40:53 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
      2017-03-04 07:35:25 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
      2017-03-04 07:35:25 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
      2017-03-04 07:35:22 86368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
      2017-03-04 07:35:22 655200 ----a-w- C:\WINDOWS\System32\generaltel.dll
      2017-03-04 07:35:22 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
      2017-03-04 07:35:22 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
      2017-03-04 07:35:22 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
      2017-03-04 07:35:21 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
      2017-03-04 07:35:21 242528 ----a-w- C:\WINDOWS\System32\aepic.dll
      2017-03-04 07:35:15 590952 ----a-w- C:\WINDOWS\System32\AudioSes.dll
      2017-03-04 07:35:09 38240 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
      2017-03-04 07:35:09 315232 ----a-w- C:\WINDOWS\System32\dcntel.dll
      2017-03-04 07:27:29 2170720 ----a-w- C:\WINDOWS\System32\AppVEntSubsystems64.dll
      2017-03-04 07:27:09 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
      2017-03-04 07:26:53 794416 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
      2017-03-04 07:25:44 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
      2017-03-04 07:24:33 90976 ----a-w- C:\WINDOWS\System32\drivers\IPMIDrv.sys
      2017-03-04 07:24:33 354264 ----a-w- C:\WINDOWS\System32\systemreset.exe
      2017-03-04 07:24:27 108384 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
      2017-03-04 07:24:23 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
      2017-03-04 07:24:20 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
      2017-03-04 07:24:05 2186896 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
      2017-03-04 07:24:04 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
      2017-03-04 07:23:13 2512304 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
      2017-03-04 07:22:41 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
      2017-03-04 07:22:22 1354312 ----a-w- C:\WINDOWS\System32\winload.efi
      2017-03-04 07:22:22 1172984 ----a-w- C:\WINDOWS\System32\winload.exe
      2017-03-04 07:22:21 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
      2017-03-04 07:21:04 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
      2017-03-04 07:20:52 379744 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
      2017-03-04 07:20:50 128352 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
      2017-03-04 07:19:11 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
      2017-03-04 07:19:02 2049480 ----a-w- C:\WINDOWS\System32\wmpmde.dll
      2017-03-04 07:18:48 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
      2017-03-04 07:18:47 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
      2017-03-04 07:18:27 118624 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
      2017-03-04 07:17:22 409952 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
      2017-03-04 07:15:25 63328 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
      2017-03-04 07:15:14 404320 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
      2017-03-04 07:15:08 1000280 ----a-w- C:\WINDOWS\System32\SecConfig.efi
      2017-03-04 07:13:27 635456 ----a-w- C:\WINDOWS\System32\ci.dll
      2017-03-04 07:11:48 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
      2017-03-04 07:11:41 266544 ----a-w- C:\WINDOWS\System32\policymanager.dll
      2017-03-04 07:10:08 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
      2017-03-04 07:10:08 2828384 ----a-w- C:\WINDOWS\System32\d3d11.dll
      2017-03-04 07:10:01 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
      2017-03-04 07:08:59 130912 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
      2017-03-04 07:08:20 342456 ----a-w- C:\WINDOWS\System32\wintrust.dll
      2017-03-04 07:08:18 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
      2017-03-04 07:08:17 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
      2017-03-04 07:08:07 450400 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
      2017-03-04 07:08:02 223584 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
      2017-03-04 07:06:36 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
      2017-03-04 07:04:33 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      2017-03-04 07:04:24 1362512 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
      2017-03-04 07:04:19 8169536 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
      2017-03-04 07:04:03 1063472 ----a-w- C:\WINDOWS\System32\mfds.dll
      2017-03-04 07:01:57 137936 ----a-w- C:\WINDOWS\System32\AuthHost.exe
      2017-03-04 07:01:53 128648 ----a-w- C:\WINDOWS\System32\gpapi.dll
      2017-03-04 07:01:52 201568 ----a-w- C:\WINDOWS\System32\basecsp.dll
      2017-03-04 06:59:01 1570208 ----a-w- C:\WINDOWS\System32\gdi32full.dll
      2017-03-04 06:58:58 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
      2017-03-04 06:58:58 322912 ----a-w- C:\WINDOWS\System32\input.dll
      2017-03-04 06:58:49 1416224 ----a-w- C:\WINDOWS\System32\msctf.dll
      2017-03-04 06:57:36 2536288 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
      2017-03-04 06:57:26 372432 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
      2017-03-04 06:57:17 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
      2017-03-04 06:56:04 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
      2017-03-04 06:56:03 248992 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
      2017-03-04 06:54:12 2277288 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
      2017-03-04 06:54:03 524776 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
      2017-03-04 06:53:38 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
      2017-03-04 06:53:33 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
      2017-03-04 06:53:19 781152 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
      2017-03-04 06:53:19 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
      2017-03-04 06:53:11 493912 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
      2017-03-04 06:53:08 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
      2017-03-04 06:53:07 313568 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
      2017-03-04 06:53:03 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
      2017-03-04 06:52:59 549088 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
      2017-03-04 06:52:02 272720 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
      2017-03-04 06:51:38 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
      2017-03-04 06:51:37 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
      2017-03-04 06:50:44 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
      2017-03-04 06:46:40 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
      2017-03-04 06:46:40 321792 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
      2017-03-04 06:45:15 173408 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
      2017-03-04 06:45:07 112120 ----a-w- C:\WINDOWS\SysWow64\gpapi.dll
      2017-03-04 06:42:57 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
      2017-03-04 06:42:41 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
      .
      ============= FINISH: 10:56:10,66 ===============

      Comment


      • #4
        De Gmerlog.


        GMER 2.2.19882 - http://www.gmer.net
        Rootkit scan 2017-03-31 11:05:46
        Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 Hitachi_HDS721050CLA660 rev.JP2OA41A 465,76GB
        Running: 0z2yz6yd.exe; Driver: C:\Users\PC-R\AppData\Local\Temp\pwtdapoc.sys


        ---- Threads - GMER 2.2 ----

        Thread C:\WINDOWS\system32\csrss.exe [668:716] fffff5339faf6c20
        Thread C:\WINDOWS\system32\winlogon.exe [752:1656] 00007ff8a35f8d54
        Thread C:\WINDOWS\system32\winlogon.exe [752:3440] 00007ff8ac272830
        Thread C:\WINDOWS\system32\svchost.exe [908:368] 00007ff8ac62f950
        Thread C:\WINDOWS\system32\svchost.exe [908:364] 00007ff8ac62ed20
        Thread C:\WINDOWS\system32\svchost.exe [908:8] 00007ff8ac448ae0
        Thread C:\WINDOWS\system32\dwm.exe [432:1040] 00007ff8ac101270
        Thread C:\WINDOWS\system32\dwm.exe [432:1068] 00007ff8abe166c0
        Thread C:\WINDOWS\system32\dwm.exe [432:1088] 00007ff8ac174a50
        Thread C:\WINDOWS\system32\dwm.exe [432:1188] 00007ff8abe16700
        Thread C:\WINDOWS\system32\dwm.exe [432:1228] 00007ff8abe105a0
        Thread C:\WINDOWS\system32\dwm.exe [432:1232] 00007ff8abe0ec20
        Thread C:\WINDOWS\system32\dwm.exe [432:1236] 00007ff8abe0ecc0
        Thread C:\WINDOWS\system32\dwm.exe [432:1264] 00007ff8aa73ea60
        Thread C:\WINDOWS\system32\dwm.exe [432:3528] 00007ff8a8ae859c
        Thread C:\WINDOWS\system32\svchost.exe [484:1276] 00007ff8aa68ef50
        Thread C:\WINDOWS\system32\svchost.exe [484:1436] 00007ff8a8473270
        Thread C:\WINDOWS\system32\svchost.exe [484:2160] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\svchost.exe [484:2164] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\svchost.exe [484:2372] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\svchost.exe [484:2576] 00007ff8a07939b0
        Thread C:\WINDOWS\system32\svchost.exe [484:3132] 00007ff89bf11a50
        Thread C:\WINDOWS\system32\svchost.exe [484:3388] 00007ff8ad72faa0
        Thread C:\WINDOWS\system32\svchost.exe [484:3848] 00007ff8a3581040
        Thread C:\WINDOWS\system32\svchost.exe [484:3856] 00007ff8a37648e0
        Thread C:\WINDOWS\system32\svchost.exe [484:3860] 00007ff8a37648e0
        Thread C:\WINDOWS\system32\svchost.exe [484:2292] 00007ff8a4117ac0
        Thread C:\WINDOWS\system32\svchost.exe [484:3480] 00007ff8a4117ac0
        Thread C:\WINDOWS\system32\svchost.exe [484:8572] 00007ff8a2926f30
        Thread C:\WINDOWS\system32\svchost.exe [484:2508] 00007ff8a27d6160
        Thread C:\WINDOWS\system32\svchost.exe [484:1056] 00007ff8a27d6160
        Thread C:\WINDOWS\system32\svchost.exe [484:344] 00007ff8a45550a0
        Thread C:\WINDOWS\System32\svchost.exe [600:5972] 00007ff8a39aac90
        Thread C:\WINDOWS\System32\svchost.exe [600:5956] 00007ff8a39a3590
        Thread C:\WINDOWS\System32\svchost.exe [868:2876] 00007ff8a04a2af0
        Thread C:\WINDOWS\System32\svchost.exe [868:2880] 00007ff8a04a2a40
        Thread C:\WINDOWS\System32\svchost.exe [868:3624] 00007ff8a049fdf0
        Thread C:\WINDOWS\System32\svchost.exe [868:6100] 00007ff8a0495c80
        Thread C:\WINDOWS\System32\svchost.exe [868:3232] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [868:8316] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [868:8512] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\svchost.exe [1104:2096] 00007ff8acf56750
        Thread C:\WINDOWS\system32\svchost.exe [1104:2500] 00007ff8acf56750
        Thread C:\WINDOWS\system32\svchost.exe [1104:2544] 00007ff8acf56750
        Thread C:\WINDOWS\system32\svchost.exe [1104:2592] 00007ff8a0bbc5a0
        Thread C:\WINDOWS\system32\svchost.exe [1104:2728] 00007ff8a2a36cf0
        Thread C:\WINDOWS\system32\svchost.exe [1104:2868] 00007ff8a053af40
        Thread C:\WINDOWS\system32\svchost.exe [1104:2908] 00007ff8a053ca00
        Thread C:\WINDOWS\system32\svchost.exe [1104:3020] 00007ff8a0bbeab0
        Thread C:\WINDOWS\system32\svchost.exe [1104:3048] 00007ff8a0bbd2d0
        Thread C:\WINDOWS\system32\svchost.exe [1104:3052] 00007ff8a0bbe100
        Thread C:\WINDOWS\system32\svchost.exe [1104:3236] 00007ff8a0921240
        Thread C:\WINDOWS\system32\svchost.exe [1104:3240] 00007ff89bbba3b0
        Thread C:\WINDOWS\system32\svchost.exe [1104:3492] 00007ff89ae825e0
        Thread C:\WINDOWS\system32\svchost.exe [1104:4200] 00007ff8964f3bc0
        Thread C:\WINDOWS\system32\svchost.exe [1104:1552] 00007ff8964f2080
        Thread C:\WINDOWS\system32\svchost.exe [1104:1708] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\svchost.exe [1104:3688] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [1396:1480] 00007ff8a83af050
        Thread C:\WINDOWS\System32\svchost.exe [1396:1660] 00007ff8a68ac030
        Thread C:\WINDOWS\System32\svchost.exe [1396:1716] 00007ff8a68a7000
        Thread C:\WINDOWS\System32\svchost.exe [1396:1720] 00007ff8a68a8370
        Thread C:\WINDOWS\System32\svchost.exe [1396:1724] 00007ff8a68aad30
        Thread C:\WINDOWS\System32\svchost.exe [1396:2376] 00007ff8a18187e0
        Thread C:\WINDOWS\System32\svchost.exe [1396:2516] 00007ff8a82f30f0
        Thread C:\WINDOWS\System32\svchost.exe [1396:3740] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [1396:3756] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [1396:7092] 00007ff8a68ac830
        Thread C:\WINDOWS\System32\svchost.exe [1396:7356] 00007ff8a68a7d50
        Thread C:\WINDOWS\system32\svchost.exe [1844:1712] 00007ff8a42e5bc0
        Thread C:\WINDOWS\system32\svchost.exe [1844:1796] 00007ff8a42f7d70
        Thread C:\WINDOWS\system32\svchost.exe [1844:2496] 00007ff8a131b180
        Thread C:\WINDOWS\system32\svchost.exe [1844:2504] 00007ff8a131f5f0
        Thread C:\WINDOWS\system32\svchost.exe [1844:6776] 00007ff8882159f0
        Thread C:\WINDOWS\system32\svchost.exe [1844:6804] 00007ff88823b2b0
        Thread C:\WINDOWS\system32\svchost.exe [1844:6296] 00007ff88823b2b0
        Thread C:\WINDOWS\System32\svchost.exe [1968:2008] 00007ff8a38d3210
        Thread C:\WINDOWS\System32\svchost.exe [1968:2016] 00007ff8a3863ba0
        Thread C:\WINDOWS\system32\svchost.exe [2060:2152] 00007ff8a26ffa00
        Thread C:\WINDOWS\system32\svchost.exe [2060:2192] 00007ff8a21a10a0
        Thread C:\WINDOWS\System32\spoolsv.exe [2168:2212] 00007ff8af723db0
        Thread C:\WINDOWS\System32\spoolsv.exe [2168:4900] 00007ff8a42e5bc0
        Thread C:\WINDOWS\System32\spoolsv.exe [2168:920] 00007ff8a7a72740
        Thread C:\WINDOWS\System32\spoolsv.exe [2168:4244] 00007ff8a8a21180
        Thread C:\WINDOWS\System32\spoolsv.exe [2168:4184] 00007ff8a74e8e40
        Thread C:\WINDOWS\System32\svchost.exe [2216:3112] 00007ff8a23fdbe0
        Thread C:\WINDOWS\System32\svchost.exe [2216:2788] 00007ff8a23fdbe0
        Thread C:\WINDOWS\system32\dashost.exe [2260:2528] 00007ff8a82f30f0
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:2988] 00007ff89fe07c70
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:2996] 00007ff89fe0a880
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:2256] 00007ff89fe07c70
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:2308] 00007ff89fe07c70
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:2584] 00007ff89d27502c
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:1492] 00007ff89fe07c70
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:7444] 00007ff89fe07c70
        Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2636:7540] 00007ff89fe07c70
        Thread C:\WINDOWS\system32\svchost.exe [3424:872] 00007ff8aec4ca70
        Thread C:\WINDOWS\system32\svchost.exe [3424:692] 00007ff8aec4ca70
        Thread C:\WINDOWS\system32\svchost.exe [3424:2800] 00007ff8aec4ca70
        Thread C:\WINDOWS\system32\svchost.exe [3424:3244] 00007ff8aec4ca70
        Thread C:\Windows\System32\RuntimeBroker.exe [4092:6464] 00007ff89317fe70
        Thread C:\Windows\System32\RuntimeBroker.exe [4092:8244] 00007ff89317fe70
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:5020] 00007ff8ae8d59c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:5024] 00007ff8a595cb90
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:5032] 00007ff8a78e48e0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:5044] 00007ff8ae8d59c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:5048] 00007ff8a595cb90
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:4216] 00007ff8a45fe010
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:1600] 00007ff8a58352c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:4212] 00007ff8a58352c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:4208] 00007ff8a58352c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:4196] 00007ff8a58352c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:1416] 00007ff8ae8d59c0
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:148] 00007ff8a595cb90
        Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4860:1688] 00007ff8a45fe010
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:3468] 00007ff8afe15f10
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:4836] 00007ff8ae8d59c0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:808] 00007ff8a78e48e0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:820] 00007ff8a595cb90
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:988] 00007ff8ae8d70d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:596] 00007ff8a45fe010
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:672] 00007ff8afe15f10
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1852] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1272] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1896] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:276] 00007ff88f64ee40
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:280] 00007ff88f68d0d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1412] 00007ff88f64b4e0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1836] 00007ff8ac8711a0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2112] 00007ff88f68d0d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2104] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2252] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2268] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2872] 00007ff88f694c30
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:2896] 00007ff88f68d0d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:5128] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:5132] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:8616] 00007ff8adf3cc60
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:4704] 00007ff8a78e2a60
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:1128] 00007ff88f68d0d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:6772] 00007ff8b192b310
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:8584] 00007ff88f68d0d0
        Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [5084:7624] 00007ff8a5881090
        Thread C:\WINDOWS\system32\svchost.exe [5892:3200] 00007ff8af723db0
        Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6468:6496] 00007ff8af723db0
        Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6468:3520] 00007ff89317fe70
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8944] 00007ff8afe15f10
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8948] 00007ff8ae8d59c0
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8952] 00007ff8a595cb90
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8960] 00007ff8ae8d70d0
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8984] 00007ff8ac252880
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:8988] 00007ff8ae8d59c0
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:9004] 00007ff8afe15f10
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:9008] 00007ff8afe15f10
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:9024] 00007ff8ac8711a0
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:9044] 00007ff8a45fe010
        Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8872:9116] 00007ff8a5881090
        Thread C:\WINDOWS\system32\DllHost.exe [9144:8928] 00007ff8afe15f10
        Thread C:\Program Files\Windows Defender\msascuil.exe [164:8188] 00007ff8ac272830

        ---- Registry - GMER 2.2 ----

        Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\[email protected] -605795694
        Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272ce61a0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x0F 0x1B 0x12 0xAB ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x45 0xF3 0xDE 0xE4 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x45 0x5B 0xA3 0x46 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x45 0x8B 0x1A 0x83 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\[email protected] 0xE2 0x61 0x1B 0xE1 ...

        ---- EOF - GMER 2.2 ----

        Comment


        • #5
          Goede middag,

          Zit er nog garantie op uw computer?

          Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
          Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

          Farbar Recovery Scan Tool uitvoeren
          • Dubbelklik op FRST.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
          • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
          • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
          • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Beste Juisterr,

            Van deze kant uit ook een goede middag!
            Hierbij de door u gevraagde logs.

            FRST.txtAddition.txt

            Comment


            • #7
              Beste Juisterr,

              Sorry, ik had uw eerste vraag nog niet beantwoord. Ja, er zit nog garantie op maar ik wil voorkomen dat ik met het product terug naar de winkel moet, ik doe de laatste tijd niet anders meer. Maar goed, er zit nog garantie op, het product was overigens niet nieuw maar tweedehands. Ik moet een PC hebben en ik wil voorkomen dat hij weer voor enkele weken weg is, dan heb ik niks hier thuis.

              Met vriendelijke groet.

              Comment


              • #8
                Beste Juisterr,

                Goed nieuws, op de een of andere manier blijft het geheugengebruik nu stabiel, dwz onder de 30% met comodo als enige programma wat draait en deze middag ook nog eens met een beeldbewerkingsprogramma in de weer te zijn geweest. Tot voorheen was het zo dat het geheugengebruik dan alsnog opliep, dat was ook het probleem. Nu heb ik de PC al enige uren aanstaan en tot mijn verbazing blijft hij netjes onder de 30%, het is nu zelfs 27% en dat is nu wat ik ook wilde met enkel een browser aan en zo tussendoor met verschillende programma's te werken.

                Ik heb een programma verwijderd, iets wat met VSThosting te maken had en ik heb de netwerkinstellingen door Windows laten resetten, doormiddel van problemen zoeken in Windows en hierbij heeft hij de netwerkinstellingen weer teruggezet naar de ''normale waarden''. Ik had plotseling geen goedwerkend netwerk meer, had wel gewoon verbinding gezien het tekentje, toen heb ik voor die oplossing gekozen en ik denk dat het hem daarin heeft gezeten want hij doet het nu opeens goed.

                Ik denk dan ook dat de hulp niet meer nodig is en dat u zich kunt richten op andere mensen die problemen hebben en ik ben echt blij dat ik dat kan zeggen. Ik kijk het even aan en mocht het gewoon zo blijven, dan zal ik dit topic als opgelost aanvinken, mocht ik te vroeg juichen, dan hoort u mij ook, maar ik denk dat het op de een of andere manier opgelost is.

                Dan rest mij nog te zeggen dat ik u en uw collega dan alsnog hartelijk wil bedanken, uiteindelijk stonden jullie er toch maar weer en daar gaat het om. Ik hoop u nu even niet meer nodig te hebben, hahaha.


                Met vriendelijke groet,

                PC USER RM

                Comment


                • #9
                  Start de Farbar Recovery Scan Tool nogmaals.
                  • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
                  • Dubbelklik op FRST.exe om de tool te starten.
                  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                  • Druk op de Fix knop
                  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                  • Voeg dit logbestand als bijlage toe aan het volgende bericht..
                  Bijgevoegde Bestanden

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Dit is een spammer, ik zal actie ondernemen. Bedankt voor je melding.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Hij is verbannen nadat hij jouw dat PM gestuurd had, hij kan nu niks meer sturen.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Ik heb je vorige bericht met die spam even verwijderd.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Beste Juisterr,

                          Hartelijk dank voor het ondernemen van actie, gezien het vorige bericht is verwijderd, stuur ik u dan alsnog de log, die u mij vroeg, die hiermee ook verwijderd is. Fixlog.txt

                          Comment


                          • #14
                            Dank u.

                            Windows 10 opstarten in Veilige Modus

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X