Mededeling

Collapse
No announcement yet.

Geen internetverbinding (beperkte toegang) ... problemen firewall

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Geen internetverbinding (beperkte toegang) ... problemen firewall

    Beste,

    Sinds kort heeft een kennis van mij internetproblemen. Er is WIFI - verbinding, maar met beperkte toegang.
    Na wat zoeken merkte ik dat Windows Firewall uitgeschakeld was. Het was immers niet mogelijk om deze opnieuw in te schakelen.

    Via fora las ik over hetzelfde probleem en dat het op te lossen was met Combofix. Ik liet dit draaien en Windows Firewall werd opnieuw actief. Helaas... de beperkte internetverbinding blijft.

    Ik maakte daarnet de nodige logjes. Is het mogelijk om toch eens te kijken of er iets verdacht aanwezig is?

    Bedankt!

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 17/04/2017
    Scantijd: 12:49:47
    Logbestand: mbam.txt
    Beheerder: Ja

    Versie: 2.00.1.1004
    Malwaredatabase: v2017.04.09.04
    Rootkitdatabase: v2017.04.02.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Chameleon: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: johan

    Scantype: Aangepaste Scan
    Resultaat: Voltooid
    Objecten Gescand: 551785
    Verstreken Tijd: 13 u, 49 m, 59 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Shuriken: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registersleutels: 7
    PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantaine, [e36685678d1b3bfbb56ce5ddfb0747b9],
    PUP.Optional.SysTweak, HKLM\SOFTWARE\WOW6432NODE\Systweak, In Quarantaine, [1d2cb9332b7d55e1310942e9ff01ca36],
    PUP.Optional.LizardLink, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jainjonnknhmbbkibcbmhihbopigapdm, In Quarantaine, [5ced5d8f9f097fb7717f9203b84a9d63],
    PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, In Quarantaine, [76d316d62583b97de50103a7c63ca35d],
    PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, In Quarantaine, [7fcae903b8f0290d5d89773346bcc23e],
    PUP.Optional.MindSpark, HKU\S-1-5-21-1605064705-3519875545-3396432865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, In Quarantaine, [2c1dca227038e94d747befa8bc46dc24],
    PUP.Optional.MindSpark, HKU\S-1-5-21-1605064705-3519875545-3396432865-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, In Quarantaine, [c98044a88820c76f43ac484f11f19a66],

    Registerwaardes: 4
    PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|LyricsSay-1-bg.exe, 8000, In Quarantaine, [cb7ed319e7c1e84ec05622b19a6827d9]
    PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VideoDownloadConverter Search Scope Monitor, "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h, In Quarantaine, [8ebb97559018a393271c1570cb379769]
    PUP.Optional.SpeedTestAnalysis, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected], In Quarantaine, [7bce8e5eb9efaa8c357a2d74e61c817f]
    PUP.Optional.SpeedTestAnalysis, HKU\S-1-5-21-1605064705-3519875545-3396432865-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected], In Quarantaine, [8ebb9854753339fd921bfea392700ff1]

    Registerdata: 0
    (No malicious items detected)

    Mappen: 18
    PUP.Optional.SysTweak, C:\Users\johan\AppData\Roaming\Systweak, In Quarantaine, [f455eefe95135fd7c5db30ff2cd4be42],
    PUP.Optional.Delta.ShrtCln, C:\Users\johan\AppData\LocalLow\Delta\delta, In Quarantaine, [d2770ede6b3d3df9aa7d807bf9089b65],
    PUP.Optional.DSearchLink, C:\ProgramData\DSearchLink, In Quarantaine, [00496a82198fb58143be9b67a45edd23],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\History, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup, In Quarantaine, [2d1ce4082682a98d34cbf7105ca6f808],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected], In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\m z, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\skin, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],

    Bestanden: 113
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E5DC8, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E5F3F.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E5FEA.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E60F4.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E621C.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E6325.cab, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E643E.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E6547.cab, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E6670.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E675A.cab, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E6863.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E68E0.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000E693D.bmp, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\files.ini, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\History\search3, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\ldb.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lobm.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\btmarrow.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\cancel.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\config.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\continue.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\dispatch.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\divider.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\gcancel.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\index.htm, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\infobar.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\jquery.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\la.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lbcs.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lbms.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lca.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lcfc.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lcm.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lcs.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lcso.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lctn.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\ldbg.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lddg.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lff.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lffb.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lg.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lgs.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lgw.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lha.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lhp.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lia.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\liwon.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lkazulah.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmd.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmfc.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmh.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmma.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmosh.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmwf.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lmws.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\loryte.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lpss.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lqc.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lrb.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lrg.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lrr.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lsc.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lscr.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lsi.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lssd.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\ltrs.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\ltvf.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lvs.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lwb.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lwf.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\lzwinky.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\ok.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\overlay.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\pid.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\qstring.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\shield.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\spacer.swf, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\toolbar.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\yelgrey.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\yellowbg.png, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\zEnable.css, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\zEnable.htm, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\ie9mesg\COMMON\zEnable.js, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings\prevcfg2.htm, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupPrope rties210425027.html, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\Radio.html , In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MindSpark, C:\Users\johan\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\VideosBtn. html, In Quarantaine, [7ccd806c8e1a191dbabe1aedd82a18e8],
    PUP.Optional.MyPCBackup, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, In Quarantaine, [2d1ce4082682a98d34cbf7105ca6f808],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome.manifest, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\install.rdf, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\b ackground.html, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\b g.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\b utton.xml, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\c onfig.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\c ontent.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\f ramework.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\f ramework.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\f ramework.xul, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con128.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con16.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con18.ico, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con18.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con24.ico, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con24.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con32.ico, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con32.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\i con48.png, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\j query-1.9.1.min.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\o ptions.xul, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\s ettings.json, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\m z\background.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\content\m z\content.js, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],
    PUP.Optional.SpeedAnalysis, C:\Users\johan\AppData\Roaming\Mozilla\Extensions\[email protected]\chrome\skin\fram ework.css, In Quarantaine, [e267549802a63bfb69a2f715a35ffb05],

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)


    # AdwCleaner v6.045 - Logbestand aangemaakt 17/04/2017 op 15:35:17
    # Bijgewerkt op 28/03/2017 door Malwarebytes
    # Database : 2017-03-28.2 [Lokaal]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (X64)
    # Gebruikersnaam : johan - JOHAN-PC
    # Gestart vanuit : C:\Users\johan\Desktop\adwcleaner_6.045.exe
    # Mode: Verwijderen
    # Ondersteuning : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Mappen ] *****

    [-] Map verwijderd: C:\Users\johan\AppData\Local\VideoDownloadConverter_4z
    [-] Map verwijderd: C:\Users\johan\AppData\Local\iac
    [#] Map verwijderd tijdens herstart: C:\Users\johan\AppData\Local\IAC
    [#] Map verwijderd tijdens herstart: C:\Users\johan\AppData\Local\VideoDownloadConverter_4z
    [-] Map verwijderd: C:\Users\johan\AppData\LocalLow\iac
    [-] Map verwijderd: C:\Users\johan\AppData\LocalLow\avg web tuneup
    [#] Map verwijderd tijdens herstart: C:\Users\johan\AppData\LocalLow\IAC
    [-] Map verwijderd: C:\Users\johan\AppData\Roaming\PerformerSoft
    [-] Map verwijderd: C:\ProgramData\AVG Security Toolbar
    [-] Map verwijderd: C:\ProgramData\Babylon
    [-] Map verwijderd: C:\ProgramData\Partner
    [#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\AVG Security Toolbar
    [#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\Babylon
    [#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\Partner
    [-] Map verwijderd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
    [-] Map verwijderd: C:\Program Files (x86)\RegClean Pro
    [-] Map verwijderd: C:\Program Files (x86)\video download converter
    [-] Map verwijderd: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
    [-] Map verwijderd: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup


    ***** [ Bestanden ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Snelkoppelingen ] *****



    ***** [ Geplande Taken ] *****



    ***** [ Register ] *****

    [-] Sleutel verwijderd: HKLM\SOFTWARE\522d6deb33aed48
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2d9083ce-8758-4704-ba57-3c891d7452bd}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4f291eb7-9ae8-4a12-a507-f13cd29831e3}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}
    [#] Sleutel verwijderd tijdens herstart: {93a3111f-4f74-4ed8-895e-d9708497629e}
    [#] Sleutel verwijderd tijdens herstart: {BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
    [-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\videodownloadconverter_4zservice
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Prod.cap
    [#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\Prod.cap
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
    [-] Sleutel verwijderd: HKU\.DEFAULT\Software\AVG Secure Search
    [-] Sleutel verwijderd: HKU\.DEFAULT\Software\Auslogics
    [-] Sleutel verwijderd: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\IGearSettings
    [-] Sleutel verwijderd: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\delta
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Lizardlink
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\SweetIM
    [#] Sleutel verwijderd tijdens herstart: HKU\S-1-5-18\Software\AVG Secure Search
    [#] Sleutel verwijderd tijdens herstart: HKU\S-1-5-18\Software\Auslogics
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\IGearSettings
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\delta
    [-] Sleutel verwijderd: HKLM\SOFTWARE\AVG Secure Search
    [-] Sleutel verwijderd: HKLM\SOFTWARE\delta
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Lizardlink
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\SweetIM
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\IGearSettings
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\delta
    [-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
    [-] Sleutel verwijderd: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Microsoft\Internet Explorer\SearchScopes\9B749E3A876B47DE85CA31AF867EF310
    [-] Sleutel verwijderd: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\9B749E3A876B47DE85CA31AF867EF310
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\9B749E3A876B47DE85CA31AF867EF310
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
    [-] Sleutel verwijderd: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE


    ***** [ Browsers ] *****

    [-] [C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: isearch.avg.com
    [-] [C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: search.mywebsearch.com
    [-] [C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: searchgol.com


    *************************

    :: "Tracing" sleutels verwijderd
    :: Winsock instellingen gereset

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [9181 bytes] - [17/04/2017 15:35:17]
    C:\AdwCleaner\AdwCleaner[S0].txt - [8700 bytes] - [17/04/2017 15:34:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9327 bytes] ##########

  • #2
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.18616
    Run by johan at 15:39:25 on 2017-04-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4007.2558 [GMT 2:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\PHotkey\PHotkey.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
    C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\PHotkey\ATouch64.exe
    C:\Program Files (x86)\PHotkey\PVDesktop.exe
    C:\Program Files (x86)\PHotkey\PVDAgent.exe
    C:\Program Files (x86)\PHotkey\POSD.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\PHotkey\HCSynApi.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.be/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Browsing Protection by F-Secure: {45BBE08D-81C5-4A67-AF20-B2A077C67747} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 195.130.130.5 195.130.131.5
    TCP: Interfaces\{D4ECBD93-2721-4AC3-95B0-64293A4227C1} : DHCPNameServer = 195.130.130.5 195.130.131.5
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    x64-BHO: Browsing Protection by F-Secure: {45BBE08D-81C5-4A67-AF20-B2A077C67747} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2015-8-18 73928]
    R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-11 119512]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-11-10 28992]
    R2 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-11-10 198784]
    R2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-4-14 70952]
    R2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-4-14 312616]
    R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
    R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2011-11-10 156672]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-10 13592]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-9-28 25824]
    R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2011-11-10 14344]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-11-17 386344]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-10 2655768]
    R3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
    R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-5-19 53248]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-7-20 282624]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-11-17 31216]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-7-20 59904]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-10 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-9-9 25496]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-3 76912]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-13 87552]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-13 207872]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-20 105096]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-20 125064]
    S2 FSORSPClient;F-Secure ORSP Client;"C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe" --> C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe [?]
    S3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-10-23 46592]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-3-17 114688]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-9-9 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-16 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-19 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2017-04-17 13:33:32 -------- d-----w- C:\AdwCleaner
    2017-04-17 13:10:30 -------- d-----w- C:\$RECYCLE.BIN
    2017-04-17 12:08:25 98816 ----a-w- C:\Windows\sed.exe
    2017-04-17 12:08:25 256000 ----a-w- C:\Windows\PEV.exe
    2017-04-17 12:08:25 208896 ----a-w- C:\Windows\MBR.exe
    2017-04-17 11:16:04 -------- d-----w- C:\ProgramData\Western Digital
    2017-04-15 05:51:05 12774864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA0AEA07-9D91-464D-A2C5-8E26DD14D2AE}\mpengine.dll
    2017-04-09 14:00:10 -------- d-----w- C:\Windows\pss
    2017-04-05 17:59:58 -------- d-----w- C:\Users\johan\AppData\Local\{F74FF76B-26E9-4D40-B5F4-F5E594888F7D}
    2017-04-02 05:46:26 18441472 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2017-03-20 08:43:41 -------- d-----w- C:\Users\johan\AppData\Local\FSDART
    2017-03-19 22:48:06 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
    2017-03-19 22:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
    2017-03-19 22:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
    2017-03-19 22:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
    2017-03-19 22:41:38 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
    2017-03-19 22:41:38 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
    2017-03-19 22:41:38 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
    2017-03-19 22:41:38 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
    2017-03-19 19:27:02 -------- d-----w- C:\Users\johan\AppData\Local\ElevatedDiagnostics
    2017-03-19 08:58:44 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2017-03-19 08:58:42 142336 ----a-w- C:\Windows\System32\poqexec.exe
    .
    ==================== Find3M ====================
    .
    2017-04-16 20:59:48 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2017-04-09 19:54:33 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2017-04-09 19:54:33 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2017-03-04 08:20:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2017-03-04 08:20:25 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2017-03-04 08:02:55 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2017-03-04 08:01:53 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2017-03-04 08:01:44 417792 ----a-w- C:\Windows\System32\html.iec
    2017-03-04 08:01:17 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2017-03-04 08:01:04 576512 ----a-w- C:\Windows\System32\vbscript.dll
    2017-03-04 07:45:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2017-03-04 07:45:29 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2017-03-04 07:45:10 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2017-03-04 07:36:13 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2017-03-04 07:31:29 6045696 ----a-w- C:\Windows\System32\jscript9.dll
    2017-03-04 07:23:20 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2017-03-04 06:52:51 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2017-03-04 06:52:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
    2017-03-04 06:25:31 3241984 ----a-w- C:\Windows\System32\wininet.dll
    2017-03-02 18:16:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2017-03-02 18:02:16 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2017-03-02 18:01:48 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2017-03-02 18:01:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2017-03-02 18:01:15 341504 ----a-w- C:\Windows\SysWow64\html.iec
    2017-03-02 18:00:12 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2017-03-02 17:50:05 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2017-03-02 17:49:46 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2017-03-02 17:36:33 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2017-03-02 17:22:27 4604416 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2017-03-02 17:17:43 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2017-03-02 17:17:33 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2017-03-02 16:53:59 2767360 ----a-w- C:\Windows\SysWow64\wininet.dll
    2017-02-22 23:42:18 84712 ----a-w- C:\Windows\System32\CompatTelRunner.exe
    2017-02-22 23:37:25 1285632 ----a-w- C:\Windows\System32\aeinv.dll
    2017-02-18 14:05:27 646656 ----a-w- C:\Windows\System32\generaltel.dll
    2017-02-18 14:05:27 1609216 ----a-w- C:\Windows\System32\appraiser.dll
    2017-02-11 15:58:19 462848 ----a-w- C:\Windows\System32\drivers\srv.sys
    2017-02-11 15:58:11 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2017-02-11 15:58:06 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2017-02-10 16:32:31 803328 ----a-w- C:\Windows\System32\usp10.dll
    2017-02-10 16:32:19 405504 ----a-w- C:\Windows\System32\gdi32.dll
    2017-02-10 16:17:38 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2017-02-10 16:17:36 628736 ----a-w- C:\Windows\SysWow64\usp10.dll
    2017-02-10 14:33:08 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2017-02-09 16:36:44 631176 ----a-w- C:\Windows\System32\winresume.efi
    2017-02-09 16:35:44 706792 ----a-w- C:\Windows\System32\winload.efi
    2017-02-09 16:35:43 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2017-02-09 16:35:43 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2017-02-09 16:35:43 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2017-02-09 16:33:37 1732864 ----a-w- C:\Windows\System32\ntdll.dll
    2017-02-09 16:31:59 316928 ----a-w- C:\Windows\System32\msv1_0.dll
    2017-02-09 16:19:22 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2017-02-09 16:19:22 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2017-02-09 16:16:53 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2017-02-09 16:03:10 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2017-02-09 16:03:05 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
    2017-02-09 16:03:05 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2017-02-09 16:02:22 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2017-02-09 16:00:44 3220480 ----a-w- C:\Windows\System32\win32k.sys
    2017-02-09 15:59:23 338432 ----a-w- C:\Windows\System32\conhost.exe
    2017-02-09 15:58:29 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2017-02-09 15:55:48 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2017-02-09 15:55:13 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2017-02-09 15:55:12 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2017-02-09 15:54:29 30720 ----a-w- C:\Windows\System32\lsass.exe
    2017-02-09 15:54:25 112640 ----a-w- C:\Windows\System32\smss.exe
    2017-02-09 15:53:33 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2017-02-09 15:51:50 32768 ----a-w- C:\Windows\SysWow64\WcsPlugInService.dll
    2017-02-09 15:50:03 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2017-02-09 15:50:02 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2017-02-09 15:50:01 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2017-02-09 15:50:00 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2017-02-09 15:49:15 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
    2017-02-09 15:49:08 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2017-02-09 15:49:08 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-09 15:49:08 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-09 15:49:08 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2017-02-09 14:06:01 1648128 ----a-w- C:\Windows\System32\DWrite.dll
    2017-02-09 14:06:01 1180160 ----a-w- C:\Windows\System32\FntCache.dll
    2017-02-06 16:14:01 733696 ----a-w- C:\Windows\HelpPane.exe
    .
    ============= FINISH: 15:49:42,83 ===============


    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2017-04-17 15:58:24
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB
    Running: 9wt5pljx.exe; Driver: C:\Users\johan\AppData\Local\Temp\pwdoypow.sys


    ---- User code sections - GMER 2.2 ----

    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7508b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7508b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 75109149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 75064885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 75108a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 75108c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 75108938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 75108d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7507fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 75086907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 75109201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 75108d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 751088fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7507fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7508b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 751090c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 75108891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7508b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7508b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 75109149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 75064885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 75108a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 75108c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 75108938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 75108d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7507fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 75086907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 75109201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 75108d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 751088fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7507fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7508b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 751090c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 75108891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7508b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7508b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 75109149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 75064885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 75108a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 75108c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 75108938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 75108d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7507fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 75086907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 75109201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 75108d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 751088fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7507fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7508b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 751090c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 75108891 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7508b233 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7508b35e C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 75109149 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 75064885 C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 75108a42 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 75108c18 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 75108938 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 75108d02 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7507fcc0 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes JMP 75086907 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 75109201 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 75108d62 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 751088fc C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7507fd59 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7508b2f4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 751090c4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 75108891 C:\Windows\syswow64\kernel32.dll

    ---- Registry - GMER 2.2 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{28CACDA7-4976-4DD1-88F7-C37BA1459A13}\[email protected] isatap.{93A4460B-9637-44BC-9240-02C45D809484}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{462FCD5F-E031-4FFD-BDC6-BAAF59E07A3F}?\Device\{28CACDA7-4976-4DD1-88F7-C37BA1459A13}?\Device\{2475D5B5-59BE-47A6-A248-BFE6BD41ADE0}?\Device\{53CB0292-2946-4673-BFC0-3805F44FC245}?\Device\{0E66F97A-E7E2-4E56-B7CB-4833AF1785F9}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{462FCD5F-E031-4FFD-BDC6-BAAF59E07A3F}"?"{28CACDA7-4976-4DD1-88F7-C37BA1459A13}"?"{2475D5B5-59BE-47A6-A248-BFE6BD41ADE0}"?"{53CB0292-2946-4673-BFC0-3805F44FC245}"?"{0E66F97A-E7E2-4E56-B7CB-4833AF1785F9}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{462FCD5F-E031-4FFD-BDC6-BAAF59E07A3F}?\Device\TCPIP6TUNNEL_{28CACDA7-4976-4DD1-88F7-C37BA1459A13}?\Device\TCPIP6TUNNEL_{2475D5B5-59BE-47A6-A248-BFE6BD41ADE0}?\Device\TCPIP6TUNNEL_{53CB0292-2946-4673-BFC0-3805F44FC245}?\Device\TCPIP6TUNNEL_{0E66F97A-E7E2-4E56-B7CB-4833AF1785F9}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{28CACDA7-4976-4DD1-88F7-C37BA1459A13}@InterfaceName isatap.{93A4460B-9637-44BC-9240-02C45D809484}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{28CACDA7-4976-4DD1-88F7-C37BA1459A13}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{462FCD5F-E031-4FFD-BDC6-BAAF59E07A3F}@InterfaceName isatap.{0904F159-C454-480C-BBB4-4250F4D5B881}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{462FCD5F-E031-4FFD-BDC6-BAAF59E07A3F}@ReusableType 0

    ---- Disk sectors - GMER 2.2 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.2 ----

    Comment


    • #3
      Update:

      Het firewall - en internetprobleem kreeg ik toch opeens opgelost door heel wat commando's uit te voeren in opdrachtprompt.
      Ik krijg opnieuw mijn IP via DHCP, wat voorheen een probleem was.

      Mag dus afgesloten worden!

      Comment


      • #4
        Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
        Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

        Farbar Recovery Scan Tool uitvoeren
        • Dubbelklik op FRST.exe om de tool te starten.
        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
        • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
        • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
        • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
        • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Juisterr,

          Het probleem is ondertussen opgelost. Toch nog eens de Farbar Recovery Scan Tool laten lopen omdat er wat dingen in de logs zitten?

          Comment


          • #6
            Niet onverstandig gezien de uitslagen in de vorige logjes.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 17-04-2017 01
              Gestart door johan (Beheerder) op JOHAN-PC (18-04-2017 18:21:52)
              Gestart vanaf C:\Users\johan\Downloads
              Geladen Profielen: johan (Beschikbare Profielen: UpdatusUser & johan & Gast)
              Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
              Internet Explorer Versie 11 (Standaardbrowser: Chrome)
              Boot Modus: Normal
              Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

              ==================== Processen (gefilterd) =================

              (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

              (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
              (Microsoft Corporation) C:\Windows\System32\wlanext.exe
              (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
              (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
              () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
              () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
              (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
              (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
              (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
              (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
              (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
              (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
              (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
              (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
              () C:\Program Files (x86)\PHotkey\PHotkey.exe
              () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
              () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
              (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
              (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
              (Intel Corporation) C:\Windows\System32\hkcmd.exe
              (Intel Corporation) C:\Windows\System32\igfxpers.exe
              (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
              (Microsoft Corporation) C:\Windows\System32\rundll32.exe
              (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
              () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
              (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
              (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
              (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
              (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
              (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
              (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
              (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
              (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
              (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
              (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
              (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
              () C:\Program Files (x86)\PHotkey\PVDesktop.exe
              () C:\Program Files (x86)\PHotkey\PVDAgent.exe
              () C:\Program Files (x86)\PHotkey\POsd.exe
              (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
              (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
              (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
              (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
              (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
              (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

              ==================== Register (gefilterd) ====================

              (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

              HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
              HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
              HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
              HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
              HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
              HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
              HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
              HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
              HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
              Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
              ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand

              ==================== Internet (gefilterd) ====================

              (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

              Tcpip\Parameters: [DhcpNameServer] 195.130.131.5 195.130.130.5
              Tcpip\..\Interfaces\{B2DF4614-EADB-4BBD-A393-280439F6C9BE}: [DhcpNameServer] 195.130.131.5 195.130.130.5

              Internet Explorer:
              ==================
              HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
              HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
              HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
              HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
              HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
              HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.be/
              HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
              SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
              SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
              SearchScopes: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
              SearchScopes: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
              BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll => Geen bestand
              BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
              BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-07] (Sun Microsystems, Inc.)
              BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll => Geen bestand
              BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
              BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-07] (Sun Microsystems, Inc.)
              Toolbar: HKU\S-1-5-21-1605064705-3519875545-3396432865-1001 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand
              DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
              Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Geen bestand

              FireFox:
              ========
              FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => niet gevonden
              FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi => niet gevonden
              FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll [2014-05-03] ()
              FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.)
              FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
              FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
              FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-05-03] ()
              FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
              FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
              FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
              FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.)
              FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
              FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
              FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
              FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
              FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
              FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
              FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
              FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
              FF Plugin HKU\S-1-5-21-1605064705-3519875545-3396432865-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\johan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

              Chrome:
              =======
              CHR Profile: C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
              CHR Extension: (Google Presentaties) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
              CHR Extension: (Google Documenten) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
              CHR Extension: (Google Drive) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-03]
              CHR Extension: (YouTube) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
              CHR Extension: (Jjfohome) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbdlpofpkljkoioobicmghhlopbkbhm [2016-10-01]
              CHR Extension: (Google Spreadsheets) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
              CHR Extension: (Offline Documenten) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-17]
              CHR Extension: (Search by F-Secure) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2017-03-17]
              CHR Extension: (Audibeep) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdcebkpmdmmhpbblkljjhfppngnmognp [2016-04-23]
              CHR Extension: (Browsing Protection by F-Secure) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2017-03-17]
              CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
              CHR Extension: (Gmail) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-03]
              CHR Extension: (Chrome Media Router) - C:\Users\johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
              CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
              CHR HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\Telenet Security Pack\apps\SafeSearch\Chrome\main.crx <niet gevonden>
              CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

              ==================== Services (gefilterd) ====================

              (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

              R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
              R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [Bestand niet getekend]
              R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [Bestand niet getekend]
              R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [Bestand niet getekend]
              R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
              R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
              R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [Bestand niet getekend]
              S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
              R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
              R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
              R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
              S3 FSMA; "C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSMA32.EXE" [X]
              S2 FSORSPClient; "C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe" [X]

              ===================== Drivers (gefilterd) ======================

              (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

              U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
              R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
              R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
              S3 catchme; \??\C:\ComboFix\catchme.sys [X]
              S3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [X]
              S1 F-Secure HIPS; \??\C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\HIPS\drivers\fshs.sys [X]
              S3 fsni; \??\C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\fsni64.sys [X]

              ==================== NetSvcs (gefilterd) ===================

              (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


              ==================== Een Maand Aangemaakt bestanden en mappen ========

              (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

              2017-04-18 18:21 - 2017-04-18 18:22 - 00017436 _____ C:\Users\johan\Downloads\FRST.txt
              2017-04-18 18:21 - 2017-04-18 18:21 - 00000000 ____D C:\FRST
              2017-04-18 18:20 - 2017-04-18 18:21 - 02424832 _____ (Farbar) C:\Users\johan\Downloads\FRST64.exe
              2017-04-17 20:32 - 2017-04-17 20:33 - 00000000 ____D C:\Users\johan\Documents\Oplossing WIFI DHCP
              2017-04-17 18:58 - 2017-04-17 20:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
              2017-04-17 18:57 - 2017-04-17 18:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
              2017-04-17 18:57 - 2017-04-17 18:57 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
              2017-04-17 18:17 - 2017-04-17 18:25 - 00000000 ____D C:\Program Files (x86)\TeamViewer
              2017-04-17 18:17 - 2017-04-17 18:17 - 13189504 _____ (TeamViewer GmbH) C:\Users\johan\Downloads\TeamViewer_Setup_nl.exe
              2017-04-17 18:17 - 2017-04-17 18:17 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
              2017-04-17 18:17 - 2017-04-17 18:17 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
              2017-04-17 18:17 - 2017-04-17 18:17 - 00000000 ____D C:\Users\johan\AppData\Roaming\TeamViewer
              2017-04-17 18:07 - 2017-04-17 18:07 - 00000000 ____D C:\Users\johan\AppData\Local\CEF
              2017-04-17 18:04 - 2017-04-17 18:04 - 06903192 _____ (AVAST Software) C:\Users\johan\Downloads\avast_free_antivirus_setup_online.exe
              2017-04-17 17:52 - 2017-04-17 17:52 - 00000000 ____D C:\Users\johan\Downloads\Wireless_18.11.0_Ds64
              2017-04-17 17:52 - 2017-04-17 17:52 - 00000000 ____D C:\Dell
              2017-04-17 17:52 - 2017-04-17 17:50 - 16395650 _____ C:\Users\johan\Downloads\Wireless_18.11.0_Ds64.zip
              2017-04-17 17:26 - 2017-04-17 17:26 - 00000000 ____D C:\Users\johan\Desktop\comintrep
              2017-04-17 16:00 - 2017-04-17 16:00 - 00025328 _____ C:\Users\johan\Desktop\mbam.txt
              2017-04-17 15:50 - 2017-04-17 15:50 - 00022400 _____ C:\Users\johan\Desktop\dds.txt
              2017-04-17 15:50 - 2017-04-17 15:50 - 00006557 _____ C:\Users\johan\Desktop\attach.txt
              2017-04-17 15:35 - 2017-04-17 15:35 - 00009466 _____ C:\Users\johan\Desktop\AdwCleaner[C0].txt
              2017-04-17 15:34 - 2017-04-17 15:34 - 00008700 _____ C:\Users\johan\Desktop\AdwCleaner[S0].txt
              2017-04-17 15:33 - 2017-04-17 16:02 - 00000000 ____D C:\AdwCleaner
              2017-04-17 15:33 - 2017-04-17 15:33 - 00000000 _____ C:\Users\johan\defogger_reenable
              2017-04-17 15:32 - 2017-04-17 14:19 - 04089296 _____ C:\Users\johan\Desktop\adwcleaner_6.045.exe
              2017-04-17 15:32 - 2017-04-17 14:19 - 00688992 ____R (Swearware) C:\Users\johan\Desktop\dds.com
              2017-04-17 15:32 - 2017-04-17 14:19 - 00380928 _____ C:\Users\johan\Desktop\9wt5pljx.exe
              2017-04-17 15:32 - 2017-04-17 14:18 - 00050477 _____ C:\Users\johan\Desktop\Defogger.exe
              2017-04-17 15:29 - 2017-04-17 15:29 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Virtual Desktop Manager
              2017-04-17 15:27 - 2017-04-17 15:27 - 00001405 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000020 ___SH C:\Users\Gast\ntuser.ini
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Sjablonen
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Netwerkprinteromgeving
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Mijn documenten
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Menu Start
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Documents\Mijn video's
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Documents\Mijn muziek
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\Documents\Mijn afbeeldingen
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Geschiedenis
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Intel
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Power2Go
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
              2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\Users\Gast
              2017-04-17 15:27 - 2015-04-12 07:25 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Garmin
              2017-04-17 15:27 - 2015-04-12 07:25 - 00000000 ____D C:\Users\Gast\AppData\Local\Garmin_Ltd._or_its_subsid
              2017-04-17 15:27 - 2013-01-31 09:16 - 00000000 ____D C:\Users\Gast\AppData\Roaming\TuneUp Software
              2017-04-17 15:27 - 2011-11-17 13:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
              2017-04-17 15:27 - 2011-11-07 18:44 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
              2017-04-17 15:27 - 2011-04-12 10:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Media Center Programs
              2017-04-17 15:16 - 2017-04-17 15:16 - 00030829 _____ C:\ComboFix.txt
              2017-04-17 14:08 - 2017-04-17 15:16 - 00000000 ____D C:\Qoobox
              2017-04-17 14:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
              2017-04-17 14:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
              2017-04-17 14:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
              2017-04-17 14:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
              2017-04-17 14:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
              2017-04-17 14:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
              2017-04-17 14:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
              2017-04-17 14:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
              2017-04-17 14:07 - 2017-04-17 15:14 - 00000000 ____D C:\Windows\erdnt
              2017-04-17 14:06 - 2017-04-17 14:05 - 05659609 ____R (Swearware) C:\Users\johan\Desktop\ComboFix.exe
              2017-04-17 13:51 - 2017-04-17 13:49 - 00346950 _____ C:\Users\johan\Downloads\SharedAccess.reg
              2017-04-17 13:19 - 2017-04-17 13:11 - 00214174 _____ C:\Users\johan\Downloads\WindowsFirewall.diagcab
              2017-04-17 13:16 - 2017-04-17 13:16 - 00000000 ____D C:\ProgramData\Western Digital
              2017-04-15 13:49 - 2017-04-15 13:49 - 01004025 _____ C:\Users\johan\Downloads\NIEUWSBRIEF 15 apr 17.pdf
              2017-04-15 13:48 - 2017-04-15 13:48 - 01201768 _____ (Adobe Systems Incorporated) C:\Users\johan\Downloads\flashplayer25ppau_ga_install.exe
              2017-04-13 08:07 - 2017-04-13 08:07 - 00022253 _____ C:\Users\johan\Downloads\Nummers vanaf 22-04-2017.xlsx
              2017-04-13 08:06 - 2017-04-13 08:06 - 00034830 _____ C:\Users\johan\Downloads\LOTTO MULTI 7.xlsx
              2017-04-11 09:02 - 2017-04-11 09:02 - 07156697 _____ C:\Users\johan\Downloads\20170324-folderlakosta-2017.pdf
              2017-04-09 21:54 - 2017-04-09 21:54 - 00004584 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
              2017-04-09 21:33 - 2017-04-09 21:33 - 00774226 _____ C:\Users\johan\Downloads\AdobeFlashPlayer_25_a_install.dmg
              2017-04-09 16:00 - 2017-04-16 22:56 - 00000000 ____D C:\Windows\pss
              2017-04-08 07:11 - 2017-04-08 07:12 - 01005472 _____ C:\Users\johan\Downloads\NIEUWSBRIEF 07 apr 17.pdf
              2017-04-08 07:09 - 2017-04-08 07:09 - 00908265 _____ C:\Users\johan\Downloads\NIEUWSBRIEF VIAENE Nine.pdf
              2017-04-07 19:22 - 2017-04-07 19:22 - 04529339 _____ C:\Users\johan\Downloads\tas kijken141.mp4
              2017-04-07 19:21 - 2017-04-07 19:21 - 04979678 _____ C:\Users\johan\Downloads\IMG_0173.MP4
              2017-04-07 08:55 - 2017-04-07 08:55 - 01102731 _____ C:\Users\johan\Downloads\INTERVIEW CLUBLID 2017 Johan Delameilleure.pdf
              2017-04-06 15:37 - 2017-04-06 15:37 - 00233623 _____ C:\Users\johan\Downloads\Unibet Live Voetbal Kijken en Live Wedden.html
              2017-04-06 15:37 - 2017-04-06 15:37 - 00000000 ____D C:\Users\johan\Downloads\Unibet Live Voetbal Kijken en Live Wedden_files
              2017-04-05 19:59 - 2017-04-05 19:59 - 00000000 ____D C:\Users\johan\AppData\Local\{F74FF76B-26E9-4D40-B5F4-F5E594888F7D}
              2017-04-02 18:09 - 2017-04-02 18:09 - 01015055 _____ C:\Users\johan\Downloads\NIEUWSBRIEF 31 maa 17.pdf
              2017-03-29 14:09 - 2017-03-29 14:15 - 02349133 _____ C:\Users\johan\Desktop\fsdiag2.7z
              2017-03-29 13:48 - 2017-03-29 13:48 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_ (5).exe
              2017-03-29 13:38 - 2017-03-29 13:38 - 00172040 _____ C:\Users\johan\Desktop\fsdiag.7z
              2017-03-29 13:22 - 2017-03-29 13:22 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_ (4).exe
              2017-03-29 13:22 - 2017-03-29 13:22 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_ (3).exe
              2017-03-29 13:21 - 2017-03-29 13:21 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_ (2).exe
              2017-03-29 13:20 - 2017-03-29 13:20 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_ (1).exe
              2017-03-26 09:02 - 2017-03-26 09:02 - 01014182 _____ C:\Users\johan\Downloads\NIEUWSBRIEF 25 maa 17 (1).pdf
              2017-03-25 20:21 - 2017-03-25 20:21 - 01014182 _____ C:\Users\johan\Downloads\NIEUWSBRIEF 25 maa 17.pdf
              2017-03-21 08:13 - 2017-03-21 08:13 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\johan\Downloads\flashplayer25axau_ga_install.exe
              2017-03-20 20:10 - 2017-03-20 20:10 - 02422784 _____ C:\Users\johan\Downloads\Op onze vriendschap1 (1).pps
              2017-03-20 16:57 - 2017-03-20 16:57 - 02422784 _____ C:\Users\johan\Downloads\Op onze vriendschap1.pps
              2017-03-20 11:01 - 2017-04-17 12:50 - 00002116 _____ C:\Users\Public\Desktop\Telenet Security Pack.lnk
              2017-03-20 10:57 - 2017-03-20 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telenet Security Pack
              2017-03-20 10:43 - 2017-03-20 11:11 - 00000000 ____D C:\Users\johan\AppData\Local\FSDART
              2017-03-20 10:40 - 2017-03-20 10:40 - 00882656 _____ (F-Secure Corporation) C:\Users\johan\Downloads\TelenetSecurityPack_ABVE-GGDF-JUK8-JXZR-50CY_.exe
              2017-03-20 10:17 - 2017-03-20 10:17 - 00000062 _____ C:\Users\johan\Desktop\Rouwcentrum Decombele Torhout.url
              2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
              2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
              2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
              2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
              2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
              2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
              2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
              2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
              2017-03-19 22:19 - 2017-03-19 22:19 - 00000055 _____ C:\Users\johan\Desktop\ECW PHOTO.url
              2017-03-19 21:27 - 2017-04-17 13:20 - 00000000 ____D C:\Users\johan\AppData\Local\ElevatedDiagnostics
              2017-03-19 21:22 - 2017-03-19 21:22 - 00000017 _____ C:\Users\johan\AppData\Local\resmon.resmoncfg
              2017-03-19 10:58 - 2016-07-22 16:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
              2017-03-19 10:58 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

              ==================== Een Maand Gewijzigd bestanden en mappen ========

              (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

              2017-04-18 18:20 - 2012-04-17 13:12 - 00000000 ____D C:\Users\johan\Documents\Youcam
              2017-04-18 18:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
              2017-04-17 20:34 - 2009-07-14 06:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
              2017-04-17 20:34 - 2009-07-14 06:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
              2017-04-17 20:29 - 2009-07-14 07:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
              2017-04-17 20:15 - 2012-12-28 17:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
              2017-04-17 20:15 - 2012-12-28 17:14 - 00004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
              2017-04-17 20:15 - 2011-11-07 18:44 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
              2017-04-17 20:14 - 2011-11-07 18:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
              2017-04-17 20:14 - 2011-11-07 18:44 - 00000000 ____D C:\Windows\system32\Macromed
              2017-04-17 18:57 - 2011-11-07 18:44 - 00000000 ____D C:\ProgramData\Adobe
              2017-04-17 18:57 - 2011-11-07 18:44 - 00000000 ____D C:\Program Files (x86)\Adobe
              2017-04-17 18:35 - 2012-04-17 13:12 - 00099232 _____ C:\Users\johan\AppData\Local\GDIPFONTCACHEV1.DAT
              2017-04-17 18:33 - 2015-06-12 11:53 - 00000000 ____D C:\Program Files\Common Files\AV
              2017-04-17 18:33 - 2013-09-26 19:18 - 00000000 ____D C:\ProgramData\AVAST Software
              2017-04-17 18:33 - 2009-07-14 06:45 - 00394584 _____ C:\Windows\system32\FNTCACHE.DAT
              2017-04-17 18:05 - 2014-05-11 12:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
              2017-04-17 17:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
              2017-04-17 17:39 - 2014-06-11 20:34 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001UA.job
              2017-04-17 17:37 - 2011-11-04 04:25 - 00746466 _____ C:\Windows\system32\perfh013.dat
              2017-04-17 17:37 - 2011-11-04 04:25 - 00154128 _____ C:\Windows\system32\perfc013.dat
              2017-04-17 17:37 - 2009-07-14 07:13 - 01672576 _____ C:\Windows\system32\PerfStringBackup.INI
              2017-04-17 15:33 - 2012-04-17 13:10 - 00000000 ____D C:\Users\johan
              2017-04-17 15:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
              2017-04-17 15:10 - 2009-07-14 04:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.bak
              2017-04-17 12:50 - 2014-05-11 12:17 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
              2017-04-17 12:50 - 2013-09-29 11:30 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
              2017-04-17 12:50 - 2013-09-29 11:30 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
              2017-04-17 12:50 - 2012-05-11 12:04 - 00002595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
              2017-04-17 12:50 - 2011-11-10 22:06 - 00002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
              2017-04-17 12:50 - 2011-11-07 19:44 - 00002649 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion FastBoot.lnk
              2017-04-17 12:50 - 2011-11-07 18:00 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
              2017-04-17 12:50 - 2011-11-07 18:00 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
              2017-04-17 12:50 - 2011-11-07 17:59 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
              2017-04-17 12:50 - 2011-11-07 17:57 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
              2017-04-17 12:50 - 2011-11-07 17:46 - 00002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
              2017-04-17 12:50 - 2011-11-04 03:31 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
              2017-04-17 12:50 - 2011-11-04 03:31 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
              2017-04-17 12:50 - 2011-11-03 23:21 - 00001428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Control Center.lnk
              2017-04-17 12:50 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
              2017-04-17 12:50 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
              2017-04-17 12:50 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
              2017-04-17 12:50 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
              2017-04-17 12:50 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
              2017-04-17 12:50 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
              2017-04-17 12:49 - 2013-09-28 09:38 - 00000000 ____D C:\Users\johan\AppData\LocalLow\Delta
              2017-04-17 12:49 - 2012-04-17 13:10 - 00001409 _____ C:\Users\johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
              2017-04-17 12:49 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
              2017-04-17 12:49 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
              2017-04-16 20:39 - 2014-06-11 20:34 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001Core.job
              2017-04-15 13:48 - 2014-06-17 07:38 - 00000000 ____D C:\Users\johan\AppData\Local\Adobe
              2017-04-14 19:28 - 2011-11-10 21:16 - 00000000 ____D C:\Users\UpdatusUser
              2017-04-12 11:28 - 2013-03-13 12:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
              2017-04-12 11:28 - 2013-03-13 12:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
              2017-04-12 09:44 - 2013-03-13 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
              2017-04-12 09:42 - 2013-08-14 13:47 - 00000000 ____D C:\Windows\system32\MRT
              2017-04-12 09:40 - 2011-11-03 22:34 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
              2017-04-12 09:38 - 2012-05-11 11:56 - 01647244 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
              2017-04-12 06:59 - 2012-04-17 13:05 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
              2017-04-12 06:59 - 2012-04-17 13:05 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
              2017-03-22 09:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
              2017-03-20 10:46 - 2014-12-30 18:55 - 00000000 ____D C:\Program Files (x86)\Telenet Security Pack
              2017-03-20 10:46 - 2014-12-30 18:54 - 00000000 ____D C:\ProgramData\F-Secure
              2017-03-20 10:40 - 2016-06-02 16:56 - 00000000 ____D C:\Users\johan\AppData\Local\F-Secure

              ==================== Bestanden in de root van sommige mappen =======

              2014-01-21 20:14 - 2016-02-29 18:32 - 0003584 _____ () C:\Users\johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
              2012-07-11 18:37 - 2012-07-11 18:37 - 0033758 _____ () C:\Users\johan\AppData\Local\dt.dat
              2017-03-19 21:22 - 2017-03-19 21:22 - 0000017 _____ () C:\Users\johan\AppData\Local\resmon.resmoncfg
              2012-04-18 14:29 - 2012-04-18 14:29 - 0017408 _____ () C:\Users\johan\AppData\Local\WebpageIcons.db

              ==================== Bamital & volsnap ======================

              (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

              C:\Windows\system32\winlogon.exe => Bestand is getekend
              C:\Windows\system32\wininit.exe => Bestand is getekend
              C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
              C:\Windows\explorer.exe => Bestand is getekend
              C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
              C:\Windows\system32\svchost.exe => Bestand is getekend
              C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
              C:\Windows\system32\services.exe => Bestand is getekend
              C:\Windows\system32\User32.dll => Bestand is getekend
              C:\Windows\SysWOW64\User32.dll => Bestand is getekend
              C:\Windows\system32\userinit.exe => Bestand is getekend
              C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
              C:\Windows\system32\rpcss.dll => Bestand is getekend
              C:\Windows\system32\dnsapi.dll => Bestand is getekend
              C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
              C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend

              LastRegBack: 2017-04-14 16:44

              ==================== Eind van FRST.txt ============================

              Comment


              • #8
                Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 17-04-2017 01
                Gestart door johan (18-04-2017 18:22:53)
                Gestart vanaf C:\Users\johan\Downloads
                Windows 7 Home Premium Service Pack 1 (X64) (2012-04-17 11:10:14)
                Boot Modus: Normal
                ==========================================================


                ==================== Accounts: =============================

                Administrator (S-1-5-21-1605064705-3519875545-3396432865-500 - Administrator - Disabled)
                Gast (S-1-5-21-1605064705-3519875545-3396432865-501 - Limited - Disabled) => C:\Users\Gast
                HomeGroupUser$ (S-1-5-21-1605064705-3519875545-3396432865-1020 - Limited - Enabled)
                johan (S-1-5-21-1605064705-3519875545-3396432865-1001 - Administrator - Enabled) => C:\Users\johan
                UpdatusUser (S-1-5-21-1605064705-3519875545-3396432865-1000 - Limited - Enabled) => C:\Users\UpdatusUser

                ==================== Security Center ========================

                (Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

                AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

                ==================== Geïnstalleerde programma's ======================

                (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

                Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
                Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
                Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
                Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
                Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
                Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
                Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
                Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
                AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
                Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
                Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
                Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
                Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
                Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
                Computer Security 14.176.101.0 (release) (x32 Version: 14.176.101.0 - F-Secure Corporation) Hidden
                Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.14.50 - Conexant)
                Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
                Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
                Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
                CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
                CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
                CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
                CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
                CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
                CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
                CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
                CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
                CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3419a - CyberLink Corp.)
                CyberLink PowerDirector (Version: 9.0.0.3419a - CyberLink Corp.) Hidden
                CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3510.02 - CyberLink Corp.)
                CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
                CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
                CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
                CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1108 - CyberLink Corp.)
                D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
                Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
                Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
                Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                F-Secure CCF Reputation (x32 Version: 2.1.1342.0 - F-Secure) Hidden
                F-Secure CCF Scanning 1.73.275.1078 (release) (x32 Version: 1.73.275.1078 - F-Secure Corporation) Hidden
                F-Secure Network CCF 1.04.214 (x32 Version: 1.04.214 - F-Secure Corporation) Hidden
                F-Secure SafeSearch 1.11.101.0 (release) (x32 Version: 1.11.101.0 - F-Secure Corporation) Hidden
                Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
                Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
                Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
                Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
                Intel PROSet Wireless (x32 Version: - ) Hidden
                Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
                Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
                Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
                Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
                Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
                Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
                Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
                IT9130 Driver v12.2.3.1 (HKLM-x32\...\IT9130 DriverInstaller_12.2.3.1) (Version: - )
                Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
                Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
                Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Malwarebytes Anti-Malware versie 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
                Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
                Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
                Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
                Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
                Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
                Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
                Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
                Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
                Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
                Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
                Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
                Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
                Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
                Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
                myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
                NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
                NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
                Online Safety 2.176.4626.2945 (x32 Version: 2.176.4626.2945 - F-Secure Corporation) Hidden
                OpenOffice 4.0.1 (HKLM-x32\...\{EA9BAE1A-2D68-4160-81E6-14B712435D66}) (Version: 4.01.9714 - Apache Software Foundation)
                PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version: - Markement GmbH)
                PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0045 - Pegatron Corporation)
                Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
                PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
                Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
                Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
                Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
                Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
                swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
                Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
                TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
                Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== AANDACHT
                Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
                Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
                Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
                Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
                Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
                Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)

                ==================== Aangepaste CLSID (gefilterd): ==========================

                (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


                ==================== Geplande Taken (gefilterd) =============

                (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

                Task: {3A77455F-887A-4CE0-A760-F42AD88F68E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-17] (Adobe Systems Incorporated)
                Task: {3F5D0763-9A5F-4C9E-975F-3AE735085914} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-04-09] (Adobe Systems Incorporated)
                Task: {574A2071-6DCE-43C8-9693-430110F10F9B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2011-11-08] (CyberLink Corp.)
                Task: {6B2B6A2F-73EB-4BF6-8716-ED265E35596B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
                Task: {7F4B0AB0-24D2-4E94-B7A1-0F90891FD949} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
                Task: {89DFC557-FDC8-4FE2-91EA-394DB257396D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001Core => C:\Users\johan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-11] (Facebook Inc.)
                Task: {F9DE6F2F-6730-4A2E-A4D8-2574B53BD932} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
                Task: {FC23B47B-F05D-4F2D-BA0A-79AF48CBD3CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001UA => C:\Users\johan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-11] (Facebook Inc.)

                (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

                Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001Core.job => C:\Users\johan\AppData\Local\Facebook\Update\FacebookUpdate.exe
                Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1605064705-3519875545-3396432865-1001UA.job => C:\Users\johan\AppData\Local\Facebook\Update\FacebookUpdate.exe

                ==================== Snelkoppelingen =============================

                (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

                ==================== Geladen Modules (gefilterd) ==============

                2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
                2011-11-10 22:15 - 2009-12-19 01:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
                2011-11-10 22:15 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
                2011-11-10 22:15 - 2011-10-14 21:06 - 00818688 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
                2011-11-10 22:15 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
                2011-11-10 22:15 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
                2011-11-10 01:32 - 2011-09-26 00:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
                2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
                2011-11-17 13:17 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
                2011-11-10 22:15 - 2010-12-28 00:14 - 00776200 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
                2011-11-10 22:15 - 2011-04-13 00:32 - 00483336 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
                2011-11-10 22:15 - 2011-10-24 23:59 - 03420160 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
                2011-11-10 22:15 - 2009-12-19 01:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
                2011-11-10 22:15 - 2009-12-19 01:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
                2010-08-04 01:39 - 2010-08-04 01:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
                2010-08-04 01:39 - 2010-08-04 01:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
                2016-05-11 17:40 - 2016-05-11 17:40 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInte rop.ni.dll
                2011-11-10 20:17 - 2011-05-20 20:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

                ==================== Alternate Data Streams (gefilterd) =========

                (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


                ==================== Veilige Modus (gefilterd) ===================

                (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


                ==================== Bestandskoppeling (gefilterd) ===============

                (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


                ==================== Internet Explorer vertrouwde/beperkte toegang ===============

                (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


                ==================== Hosts inhoud: ===============================

                (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

                2009-07-14 04:34 - 2017-04-17 17:28 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts


                ==================== Andere gebieden ============================

                (Momenteel is er geen automatische fix voor dit onderdeel.)

                HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\johan\AppData\Roaming\Virtual Desktop Manager\PVDesktopWallpaper_2.jpg
                DNS Servers: 195.130.131.5 - 195.130.130.5
                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
                Windows Firewall is ingeschakeld.

                ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


                ==================== Firewall regels (gefilterd) ===============

                (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

                FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
                FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
                FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
                FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
                FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
                FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
                FirewallRules: [TCP Query User{76EAC5AA-55AB-4F0F-8248-FD46F5A38480}C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
                FirewallRules: [UDP Query User{3F3B91D2-F414-4547-80E2-C75101CA9AA6}C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
                FirewallRules: [TCP Query User{56868582-6FD2-4C6F-A15C-27CE48BD593B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
                FirewallRules: [UDP Query User{59F16E90-369F-4E1B-AB9F-3D2FA3F34A1F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
                FirewallRules: [{7A1FBDE9-D9D9-4FF0-A197-DEDBA49DB98D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
                FirewallRules: [{8718352F-0B22-4E04-ABE2-7CFE07307975}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
                FirewallRules: [{2EE9C8FE-1E51-483C-BAE1-93DEA804DEC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                FirewallRules: [{AC3A75AF-A7F9-443A-ADB0-4ADDE9F0B22B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                FirewallRules: [TCP Query User{4C0B6432-CBE9-4DD3-AF82-896CBF8FA4E8}C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
                FirewallRules: [UDP Query User{22E1EE45-3CAB-4A02-9F21-33F30CF9D49D}C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
                FirewallRules: [TCP Query User{B38B3F05-C49A-4BFC-9459-1087A3A165DF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
                FirewallRules: [UDP Query User{7AC2245D-88E3-41C0-83AF-7BA7DB020335}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

                ==================== Herstelpunten =========================


                ==================== Defecte Apparaatbeheer Apparaten =============

                Name: F-Secure HIPS Driver
                Description: F-Secure HIPS Driver
                Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
                Manufacturer:
                Service: F-Secure HIPS
                Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
                Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
                Devices stay in this state if they have been prepared for removal.
                After you remove the device, this error disappears.Remove the device, and this error should be resolved.


                ==================== Eventlog fouten: =========================

                Applicatiefouten:
                ==================
                Error: (04/18/2017 06:30:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
                Description: Alleen informatie.
                (Patch task for {90140011-0066-0413-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-status 403: de client heeft onvoldoende toegangsrechten voor het aangevraagde serverobject.

                Error: (04/18/2017 06:19:46 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
                Description: Problem starting Memeo Background Service :Externe configuratie is mislukt met uitzondering System.Reflection.TargetInvocationException: Het doel van een aanroep heeft een uitzondering veroorzaakt. ---> System.Security.Principal.IdentityNotMappedException: Kan een aantal of alle id-verwijzingen niet omzetten.
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
                bij System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
                --- Einde van intern uitzonderingsstackpad ---
                bij System.RuntimeMethodHandle._InvokeConstructor(Object args, SignatureStruct& signature, IntPtr declaringType)
                bij System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
                bij System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object args, CultureInfo culture, Object activationAttributes)
                bij System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity). bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
                bij RemoteServerService.MemeoBackgroundService.OnStart(String args)

                Error: (04/17/2017 08:29:22 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
                Description: Problem starting Memeo Background Service :Externe configuratie is mislukt met uitzondering System.Reflection.TargetInvocationException: Het doel van een aanroep heeft een uitzondering veroorzaakt. ---> System.Security.Principal.IdentityNotMappedException: Kan een aantal of alle id-verwijzingen niet omzetten.
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
                bij System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
                --- Einde van intern uitzonderingsstackpad ---
                bij System.RuntimeMethodHandle._InvokeConstructor(Object args, SignatureStruct& signature, IntPtr declaringType)
                bij System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
                bij System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object args, CultureInfo culture, Object activationAttributes)
                bij System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity). bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
                bij RemoteServerService.MemeoBackgroundService.OnStart(String args)

                Error: (04/17/2017 08:25:20 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
                Description: Problem starting Memeo Background Service :Externe configuratie is mislukt met uitzondering System.Reflection.TargetInvocationException: Het doel van een aanroep heeft een uitzondering veroorzaakt. ---> System.Security.Principal.IdentityNotMappedException: Kan een aantal of alle id-verwijzingen niet omzetten.
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
                bij System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
                --- Einde van intern uitzonderingsstackpad ---
                bij System.RuntimeMethodHandle._InvokeConstructor(Object args, SignatureStruct& signature, IntPtr declaringType)
                bij System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
                bij System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object args, CultureInfo culture, Object activationAttributes)
                bij System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity). bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
                bij RemoteServerService.MemeoBackgroundService.OnStart(String args)

                Error: (04/17/2017 08:14:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
                Description: Alleen informatie.
                (Patch task for {90140011-0066-0413-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-status 403: de client heeft onvoldoende toegangsrechten voor het aangevraagde serverobject.

                Error: (04/17/2017 08:03:45 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
                Description: Problem starting Memeo Background Service :Externe configuratie is mislukt met uitzondering System.Reflection.TargetInvocationException: Het doel van een aanroep heeft een uitzondering veroorzaakt. ---> System.Security.Principal.IdentityNotMappedException: Kan een aantal of alle id-verwijzingen niet omzetten.
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
                bij System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
                --- Einde van intern uitzonderingsstackpad ---
                bij System.RuntimeMethodHandle._InvokeConstructor(Object args, SignatureStruct& signature, IntPtr declaringType)
                bij System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
                bij System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object args, CultureInfo culture, Object activationAttributes)
                bij System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity). bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
                bij RemoteServerService.MemeoBackgroundService.OnStart(String args)

                Error: (04/17/2017 08:03:34 PM) (Source: VSS) (EventID: 8193) (User: )
                Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Toegang geweigerd.
                .


                Bewerking:
                Schrijver initialiseren

                Context:
                Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
                Naam van schrijver: System Writer
                Instantie-id van schrijver: {bdc9cd05-09a1-4f28-bd73-ba0713f67676}

                Error: (04/17/2017 06:48:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
                Description: Alleen informatie.
                (Patch task for {90140011-0066-0413-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-status 403: de client heeft onvoldoende toegangsrechten voor het aangevraagde serverobject.

                Error: (04/17/2017 06:34:11 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
                Description: Problem starting Memeo Background Service :Externe configuratie is mislukt met uitzondering System.Reflection.TargetInvocationException: Het doel van een aanroep heeft een uitzondering veroorzaakt. ---> System.Security.Principal.IdentityNotMappedException: Kan een aantal of alle id-verwijzingen niet omzetten.
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
                bij System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
                bij System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
                --- Einde van intern uitzonderingsstackpad ---
                bij System.RuntimeMethodHandle._InvokeConstructor(Object args, SignatureStruct& signature, IntPtr declaringType)
                bij System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
                bij System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object args, CultureInfo culture, Object activationAttributes)
                bij System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity). bij System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
                bij System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
                bij RemoteServerService.MemeoBackgroundService.OnStart(String args)

                Error: (04/17/2017 06:33:57 PM) (Source: VSS) (EventID: 8193) (User: )
                Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Toegang geweigerd.
                .


                Bewerking:
                Schrijver initialiseren

                Context:
                Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
                Naam van schrijver: System Writer
                Instantie-id van schrijver: {5acda2c0-1cc7-4978-9bc1-7a4f76749bd7}


                Systeemfouten:
                =============
                Error: (04/18/2017 06:31:39 PM) (Source: DCOM) (EventID: 10005) (User: )
                Description: DCOM kreeg foutmelding '1053' bij het starten van de sdrsvc-service met de argumenten '' om de server
                {687E55CA-6621-4C41-B9F1-C0EDDC94BB05} te starten

                Error: (04/18/2017 06:31:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
                Description: De Windows Backup-service kan vanwege de volgende fout niet worden gestart:
                De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.

                Error: (04/18/2017 06:31:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
                Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Backup.

                Error: (04/18/2017 06:27:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
                Description: De Intel(R) Management and Security Application User Notification Service-service kan vanwege de volgende fout niet worden gestart:
                De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.

                Error: (04/18/2017 06:27:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
                Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Intel(R) Management and Security Application User Notification Service.

                Error: (04/18/2017 06:27:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
                Description: De Windows Update-service is bij het starten vastgelopen.

                Error: (04/18/2017 06:24:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
                Description: De NVIDIA Update Service Daemon-service is bij het starten vastgelopen.

                Error: (04/18/2017 06:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
                Description: De F-Secure ORSP Client-service kan vanwege de volgende fout niet worden gestart:
                Het systeem kan het opgegeven bestand niet vinden.

                Error: (04/18/2017 06:19:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
                Description: De Diagnostic Policy Service-service is gestopt met de volgende foutcode:
                Toegang geweigerd.
                .

                Error: (04/17/2017 08:31:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
                Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de User Profile Service-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
                De service is al gestart.


                CodeIntegrity:
                ===================================
                Date: 2017-04-17 15:08:30.369
                Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

                Date: 2017-04-17 15:08:30.244
                Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


                ==================== Geheugen info ===========================

                Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
                Percentage geheugen in gebruik: 42%
                Totaal fysiek RAM-geheugen: 4007.05 MB
                Beschikbaar fysiek RAM-geheugen: 2317.05 MB
                Totaal Virtueel geheugen: 8012.29 MB
                Beschikbaar Virtual geheugen: 6330.09 MB

                ==================== Schijven ================================

                Drive c: (Boot) (Fixed) (Total:404.66 GB) (Free:344.94 GB) NTFS
                Drive d: (Recover) (Fixed) (Total:60 GB) (Free:29.99 GB) NTFS

                ==================== MBR & Partitietabel ==================

                ========================================================
                Disk: 0 (Size: 465.8 GB) (Disk ID: 2BD2C32A)
                Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
                Partition 2: (Not Active) - (Size=404.7 GB) - (Type=07 NTFS)
                Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
                Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

                ==================== Eind van Addition.txt ============================

                Comment


                • #9
                  Belangrijk is om maar 1 antivirus te hebben, neem de antivirus van uw keuze en verwijder alle anderen. ( ik zie bv. sporen van AVAST)
                  1 firewall is meer dan genoeg.
                  Combofix is een krachtige tool en niet om mee te spelen, verwijder deze van de computer aub.



                  Start de Farbar Recovery Scan Tool nogmaals.
                  • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
                  • Dubbelklik op FRST.exe om de tool te starten.
                  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                  • Druk op de Fix knop
                  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                  • Voeg dit logbestand als bijlage toe aan het volgende bericht..
                  Bijgevoegde Bestanden

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 17-04-2017 01
                    Gestart door johan (19-04-2017 13:09:46) Run:1
                    Gestart vanaf C:\Users\johan\Desktop
                    Geladen Profielen: UpdatusUser & johan (Beschikbare Profielen: UpdatusUser & johan & Gast)
                    Boot Modus: Normal
                    ==============================================

                    fixlist inhoud:
                    *****************
                    start
                    CreateRestorePoint:

                    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
                    HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
                    Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== AANDACHT

                    Hosts:
                    EmptyTemp:
                    end

                    *****************

                    Herstelpunt is succesvol gemaakt.
                    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => sleutel is succesvol verwijderd.
                    HKU\S-1-5-21-1605064705-3519875545-3396432865-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => sleutel is succesvol verwijderd.
                    Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== AANDACHT => Fout: Geen automatische fix gevonden voor dit item.
                    C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst.
                    Hosts met succes hersteld.

                    =========== EmptyTemp: ==========

                    BITS transfer queue => 8388608 B
                    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9812514 B
                    Java, Flash, Steam htmlcache => 595 B
                    Windows/system/drivers => 60101 B
                    Edge => 0 B
                    Chrome => 334599660 B
                    Firefox => 0 B
                    Opera => 0 B

                    Temp, IE cache, history, cookies, recent:
                    Users => 0 B
                    Default => 33125 B
                    Public => 0 B
                    ProgramData => 0 B
                    systemprofile => 129023 B
                    systemprofile32 => 87739 B
                    LocalService => 0 B
                    NetworkService => 8166 B
                    UpdatusUser => 0 B
                    johan => 19661264 B
                    Gast => 254992 B

                    RecycleBin => 13285194 B
                    EmptyTemp: => 368.4 MB tijdelijke gegevens verwijderd.

                    ================================


                    Het systeem moest herstart worden.

                    ==== Eind van Fixlog 13:10:38 ====

                    Comment


                    • #11
                      Ok beter nu?

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        De internetproblemen waren al eventjes van de baan (zie vorige posts), maar het zal de laptop ongetwijfeld deugd gedaan hebben even een opschoonbeurt te krijgen.

                        Bedankt voor de tijd Juisterr! Topic mag afgesloten worden.

                        Comment


                        • #13
                          Prima.

                          Windows 10 opstarten in Veilige Modus

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X