Mededeling

Collapse
No announcement yet.

Browser Hijack 1/2

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Browser Hijack 1/2

    Hallo,

    Sinds enige tijd heb ik een nogal irritante browser hijack. Mijn systeem is voorzien van Windows 10. En de highjack vind plaats op Microsoft Edge. Spontane opstart van Edge en maar sites blijven openen.

    Hopelijk kunnen jullie mij helpen om hier van af te komen.

    Logs:
    Malwarebytes
    www.malwarebytes.com

    -Logboekdetails-
    Scandatum: 01-06-17
    Scantijd: 18:42
    Logbestand: Malware.txt
    Beheerder: Ja

    -Software-informatie-
    Versie: 3.1.2.1733
    Versie componenten: 1.0.122
    Update pakketversie: 1.0.2066
    Licentie: Proef

    -Systeeminformatie-
    Besturingssysteem: Windows 10
    Processor: x86
    Bestandssysteem: NTFS
    Gebruiker: FERRY-PC\Ferry

    -Scansamenvatting-
    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 234092
    Dreigingen herkend: 2
    Dreigingen in quarantaine: 0
    (Geen kwaadaardige items gedetecteerd)
    Verstreken tijd: 27 min, 21 sec

    -Scanopties-
    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    -Scandetails-
    Proces: 0
    (Geen kwaadaardige items gedetecteerd)

    Module: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutel: 1
    PUP.Optional.OtherSearch, HKLM\SOFTWARE\OTHERSEARCH, Geen actie door gebruiker, [570], [305744],1.0.2066

    Registerwaarde: 1
    PUP.Optional.OtherSearch, HKLM\SOFTWARE\OTHERSEARCH|AFFID, Geen actie door gebruiker, [570], [305744],1.0.2066

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Gegevensstroom: 0
    (Geen kwaadaardige items gedetecteerd)

    Map: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestand: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke sector: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    # AdwCleaner v6.047 - Logbestand aangemaakt 31/05/2017 op 21:55:59
    # Bijgewerkt op 19/05/2017 door Malwarebytes
    # Database : 2017-05-31.2 [Server]
    # Besturingssysteem : Windows 10 Pro (X86)
    # Gebruikersnaam : Ferry - FERRY-PC
    # Gestart vanuit : C:\Users\Ferry\Desktop\adwcleaner_6.047.exe
    # Mode: Verwijderen
    # Ondersteuning : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service verwijderd: 78080d72ebecfb1ef52e642e894a2a85


    ***** [ Mappen ] *****

    [-] Map verwijderd: C:\ProgramData\d61181ac
    [-] Map verwijderd: C:\Users\Ferry\AppData\Local\DriverToolkit
    [-] Map verwijderd: C:\Program Files\DriverToolkit
    [-] Map verwijderd: C:\WINDOWS\system32\SSL
    [-] Map verwijderd: C:\WINDOWS\system32\sstmp


    ***** [ Bestanden ] *****

    [-] Bestand verwijderd: C:\END


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Snelkoppelingen ] *****



    ***** [ Geplande Taken ] *****



    ***** [ Register ] *****

    [-] Sleutel verwijderd: HKU\S-1-5-21-3829025451-3821063052-892049231-1000\Software\DriverToolkit
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\DriverToolkit
    [-] Sleutel verwijderd: HKLM\SOFTWARE\OtherSearch
    [-] Sleutel verwijderd: HKLM\SOFTWARE\HDWallpaper
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}


    ***** [ Browsers ] *****



    *************************

    :: "Tracing" sleutels verwijderd
    :: Winsock instellingen gereset

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1844 bytes] - [31/05/2017 21:55:59]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2090 bytes] - [31/05/2017 21:54:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1990 bytes] ##########

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.131.2
    Run by Ferry at 19:41:29 on 2017-06-01
    Microsoft Windows 10 Pro 10.0.14393.0.1252.31.1043.18.2795.1406 [GMT 2:00]
    .
    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\dwm.exe
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\system32\dashost.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\LPlatSvc.exe
    C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\igfxCUIService.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\WINDOWS\system32\BtwRSupportService.exe
    C:\WINDOWS\system32\DbxSvc.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\PDF Architect 5\creator-ws.exe
    C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\LPlatSvc.exe
    C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxEM.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\igfxHK.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
    C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\Program Files\Windows Defender\MpCmdRun.exe
    C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x86__kzf8qxf38zg5c\SkypeHost.exe
    C:\WINDOWS\system32\AUDIODG.EXE
    C:\WINDOWS\system32\backgroundTaskHost.exe
    C:\Windows\System32\smartscreen.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Windows Defender\MSASCuiL.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Dropbox\Client\Dropbox.exe
    C:\Program Files\Dropbox\Client\Dropbox.exe
    C:\Users\Ferry\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files\Dropbox\Client\Dropbox.exe
    C:\Users\Ferry\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files\anh0swlnxgf\CIOO9.exe
    C:\Users\Ferry\AppData\Roaming\fm3opukxynd\puaa42sy5x1.exe
    C:\WINDOWS\system32\ApplicationFrameHost.exe
    C:\Users\Ferry\AppData\Roaming\n2m4q5rpn0v\lj1cbu1fph2.exe
    C:\Users\Ferry\AppData\Roaming\33bmswoton4\3vaaspwaidr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\conhost.exe
    C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
    C:\WINDOWS\system32\svchost.exe -k apphost
    C:\WINDOWS\System32\svchost.exe -k utcsvc
    C:\WINDOWS\system32\svchost.exe -k iissvcs
    C:\WINDOWS\system32\svchost.exe -k appmodel
    C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
    C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.nl/?gws_rd=ssl#spf=1
    BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_131\bin\ssv.dll
    BHO: PDF Architect 5 Helper: {AEA429F3-D2D4-4BD7-A03E-5357DA017733} - c:\program files\pdf architect 5\creator-ie-helper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_131\bin\jp2ssv.dll
    TB: PDF Architect 5 Toolbar: {84F23192-A475-4038-B5C0-8584777F2DF4} - c:\program files\pdf architect 5\creator-ie-plugin.dll
    uRun: [Spotify Web Helper] "c:\users\ferry\appdata\roaming\spotify\SpotifyWebHelper.exe"
    uRun: [Spotify] "c:\users\ferry\appdata\roaming\spotify\Spotify.exe" -autostart -minimized
    uRun: [OneDrive] "c:\users\ferry\appdata\local\microsoft\onedrive\OneDrive.exe" /background
    uRun: [8EE24K5NBNZO3HE] "c:\program files\anh0swlnxgf\CIOO9.exe"
    uRun: [bevu12jntao] "c:\users\ferry\appdata\roaming\fm3opukxynd\puaa42sy5x1.exe"
    uRun: [0mtodjqiczj] "c:\users\ferry\appdata\roaming\n2m4q5rpn0v\lj1cbu1fph2.exe"
    uRun: [im3zen13k3j] "c:\users\ferry\appdata\roaming\33bmswoton4\3vaaspwaidr.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
    mRun: [WindowsDefender] "c:\program files\windows defender\MSASCuiL.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
    mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~1\office15\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
    TCP: NameServer = 8.8.8.8
    TCP: NameServer = 89.101.251.228 89.101.251.229
    TCP: Interfaces\{17950864-ab99-40c9-b4bc-0a87ce715196} : NameServer = 8.8.8.8
    TCP: Interfaces\{1db48f5d-0bf7-483d-b541-50ca7008a005} : NameServer = 8.8.8.8
    TCP: Interfaces\{3092c383-4821-4602-8425-b9972eb0f733} : NameServer = 8.8.8.8
    TCP: Interfaces\{3092c383-4821-4602-8425-b9972eb0f733} : DHCPNameServer = 8.8.8.8
    TCP: Interfaces\{6b39583d-7e5b-45b8-95ab-d8839ce64e90} : NameServer = 8.8.8.8
    TCP: Interfaces\{6b39583d-7e5b-45b8-95ab-d8839ce64e90} : DHCPNameServer = 8.8.8.8
    TCP: Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1} : NameServer = 8.8.8.8
    TCP: Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1} : DHCPNameServer = 89.101.251.228 89.101.251.229
    TCP: Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1}\A5967676F673931353 : DHCPNameServer = 89.101.251.228 89.101.251.229
    TCP: Interfaces\{9fc70b0f-5430-4ab4-bc95-0dbf04c67c86} : NameServer = 8.8.8.8
    TCP: Interfaces\{9fc70b0f-5430-4ab4-bc95-0dbf04c67c86} : DHCPNameServer = 8.8.8.8
    TCP: Interfaces\{bc315126-0b65-11e7-9e6d-806e6f6e6963} : NameServer = 8.8.8.8
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
    Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - c:\windows\system32\tbauth.dll
    AppInit_DLLs= c:\windows\system32\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\58.0.3029.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\windows.storage.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 dbupdate;Dropbox-update-service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2017-5-20 143144]
    R0 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;c:\windows\system32\drivers\intelpep.sys [2016-7-16 42520]
    R0 iorate;iorate;c:\windows\system32\drivers\iorate.sys [2017-3-18 42336]
    R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-5-31 220088]
    R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2016-9-12 53296]
    R0 volume;Volumestuurprogramma;c:\windows\system32\drivers\volume.sys [2016-7-16 14176]
    R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;c:\windows\system32\drivers\WindowsTrustedRT.sys [2016-7-16 86040]
    R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;c:\windows\system32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 15384]
    R0 Wof;Windows Overlay File System Filter Driver;c:\windows\system32\drivers\wof.sys [2017-3-18 173408]
    R1 ahcache;Application Compatibility Cache;c:\windows\system32\drivers\ahcache.sys [2017-3-18 188928]
    R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-5-31 59904]
    R1 FileCrypt;FileCrypt;c:\windows\system32\drivers\filecrypt.sys [2016-7-16 77312]
    R1 GpuEnergyDrv;GPU Energy Driver;c:\windows\system32\drivers\gpuenergydrv.sys [2016-7-16 7680]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2017-1-31 143776]
    R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2015-3-27 1677016]
    R2 CDPSvc;Service Platform voor verbonden apparaten;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
    R2 CDPUserSvc_35d4f;CDPUserSvc_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R2 clreg;Virtual Registry for Containers;c:\windows\system32\drivers\registry.sys [2016-7-16 58368]
    R2 CoreMessagingRegistrar;CoreMessaging;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 38792]
    R2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2017-5-30 42288]
    R2 DiagTrack;Connected User Experiences and Telemetry;c:\windows\system32\svchost.exe -k utcsvc [2016-7-16 38792]
    R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe [2016-5-4 292832]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2017-2-10 401984]
    R2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe [2016-11-1 694360]
    R2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [2017-5-31 161720]
    R2 MBAMService;Malwarebytes Service;c:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-5-31 3398608]
    R2 MessagingService_35d4f;MessagingService_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\nvidia corporation\display.nvcontainer\NVDisplay.Container.exe [2017-3-17 421944]
    R2 OneSyncSvc_35d4f;Host synchroniseren_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R2 PDF Architect 5 Creator;PDF Architect 5 Creator;c:\program files\pdf architect 5\creator-ws.exe [2017-2-10 778640]
    R2 PDF Architect 5 Manager;PDF Architect 5 Manager;c:\programdata\pdfforge\pdf architect 5 manager\pdf architect 5\Architect Manager.exe [2017-2-28 985904]
    R2 SmsRouter;Microsoft Windows SMS Router-service.;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    R2 storqosflt;Storage QoS Filter Driver;c:\windows\system32\drivers\storqosflt.sys [2016-7-16 62976]
    R2 SynTPEnhService;SynTPEnh Caller Service;c:\program files\synaptics\syntp\SynTPEnhService.exe [2016-1-8 228960]
    R2 tiledatamodelsvc;Tile Data model server;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
    R2 UserManager;User Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    R2 wcifs;Windows Container Isolation;c:\windows\system32\drivers\wcifs.sys [2017-3-18 95072]
    R2 wcnfs;Windows Container Name Virtualization;c:\windows\system32\drivers\wcnfs.sys [2016-7-16 52736]
    R2 WpnService;Systeemservice voor Windows Push Notifications;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    R3 AppXSvc;AppX Deployment Service (AppXSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2015-3-27 177280]
    R3 BthLEEnum;Bluetooth Low Energy-stuurprogramma;c:\windows\system32\drivers\BthLEEnum.sys [2017-5-9 203776]
    R3 ClipSVC;Client License Service (ClipSVC);c:\windows\system32\svchost.exe -k wsappx [2016-7-16 38792]
    R3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2015-12-1 35320]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2012-12-6 96768]
    R3 LicenseManager;Service voor Windows-licentiebeheer ;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
    R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-5-31 97208]
    R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-5-31 39360]
    R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-5-31 74680]
    R3 MbmUsbSerial;MBM USB Generic Serial Driver svc;c:\windows\system32\drivers\MbmUsbSerial.sys [2015-6-30 70128]
    R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
    R3 MkBusFilter;MbmFilter Service;c:\windows\system32\drivers\MbmDeviceFilter.sys [2015-6-30 38072]
    R3 NcbService;Network Connection Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;c:\windows\system32\drivers\NdisVirtualBus.sys [2016-7-16 15872]
    R3 NETwNe32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 32 Bit;c:\windows\system32\drivers\NETwen01.sys [2016-7-16 2670592]
    R3 NgcCtnrSvc;Microsoft Passport Container;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
    R3 NgcSvc;Microsoft Passport;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    R3 PimIndexMaintenanceSvc_35d4f;Contact Data_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\drivers\RCUVCAVS.sys [2013-7-2 97280]
    R3 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2013-9-8 79360]
    R3 StateRepository;State Repository Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
    R3 TimeBrokerSvc;Time Broker;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
    R3 UnistoreSvc_35d4f;User Data Storage_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R3 UserDataSvc_35d4f;User Data Access_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    R3 UsoSvc;Update Orchestrator Service for Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    R3 WdNisDrv;Windows Defender Network Inspection System Driver;c:\windows\system32\drivers\WdNisDrv.sys [2016-7-16 100192]
    R3 WdNisSvc;Windows Defender Network Inspection Service;c:\program files\windows defender\NisSrv.exe [2017-5-9 271488]
    R3 wmbclass;Stuurprogramma voor USB-versie van mobiele breedbandadapter;c:\windows\system32\drivers\wmbclass.sys [2017-5-9 254464]
    S2 dmwappushservice;dmwappushsvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S2 DoSvc;Delivery Optimization;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S2 MapsBroker;Downloaded Maps Manager;c:\windows\system32\svchost.exe -k NetworkService [2016-7-16 38792]
    S3 AcpiDev;Stuurprogramma voor ACPI-apparaten;c:\windows\system32\drivers\AcpiDev.sys [2016-7-16 12800]
    S3 ADP80XX;ADP80XX;c:\windows\system32\drivers\adp80xx.sys [2016-7-16 1038176]
    S3 AJRouter;AllJoyn Router Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
    S3 applockerfltr;Smartlocker Filter Driver;c:\windows\system32\drivers\applockerfltr.sys [2016-7-16 12288]
    S3 AppReadiness;App Readiness;c:\windows\system32\svchost.exe -k AppReadiness [2016-7-16 38792]
    S3 AppvStrm;AppvStrm;c:\windows\system32\drivers\AppVStrm.sys [2017-3-18 94560]
    S3 AppvVemgr;AppvVemgr;c:\windows\system32\drivers\AppvVemgr.sys [2016-7-16 118112]
    S3 AppvVfs;AppvVfs;c:\windows\system32\drivers\AppvVfs.sys [2016-7-16 111456]
    S3 bcmfn;bcmfn Service;c:\windows\system32\drivers\bcmfn.sys [2016-7-16 8192]
    S3 bcmfn2;bcmfn2 Service;c:\windows\system32\drivers\bcmfn2.sys [2016-7-16 8192]
    S3 BthHFSrv;Bluetooth Handsfree Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 38792]
    S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2015-3-27 162560]
    S3 buttonconverter;Service voor Portable Device Control-apparaten;c:\windows\system32\drivers\buttonconverter.sys [2016-7-16 27648]
    S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;c:\windows\system32\drivers\capimg.sys [2017-3-18 97792]
    S3 dbupdatem;Dropbox-update-service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2017-5-20 143144]
    S3 DcpSvc;DataCollectionPublishingService;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 DevQueryBroker;DevQuery Background Discovery Broker;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;c:\windows\system32\diagsvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 69632]
    S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 DsSvc;Data Sharing Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 embeddedmode;Ingesloten modus;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 EntAppSvc;Enterprise App Management Service;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
    S3 FrameServer;Windows Camera Frame Server;c:\windows\system32\svchost.exe -k Camera [2016-7-16 38792]
    S3 genericusbfn;Algemene USB-functieklasse;c:\windows\system32\drivers\genericusbfn.sys [2016-7-16 17920]
    S3 GPIO;Stuurprogramma voor Intel SoC GPIO-controller;c:\windows\system32\drivers\iaiogpio.sys [2016-7-16 22016]
    S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;c:\windows\system32\drivers\hidinterrupt.sys [2016-7-16 38240]
    S3 iagpio;Intel Serial IO GPIO Controller Driver;c:\windows\system32\drivers\iagpio.sys [2016-7-16 25600]
    S3 iai2c;Intel(R) Serial IO I2C-hostcontroller;c:\windows\system32\drivers\iai2c.sys [2016-7-16 66560]
    S3 iaioi2c;I2C-controllerservice voor Intel(R) Atom(TM)-processor;c:\windows\system32\drivers\iaioi2c.sys [2016-7-16 61936]
    S3 iaStorAV;Intel(R) SATA RAID-controller Windows;c:\windows\system32\drivers\iaStorAV.sys [2016-7-16 524640]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2017-3-17 169752]
    S3 icssvc;Windows Mobile Hotspot Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 38792]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2017-3-17 103936]
    S3 IndirectKmd;Indirecte weergave kernelmodusstuurprogramma;c:\windows\system32\drivers\IndirectKmd.sys [2016-7-16 30208]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2015-12-1 44016]
    S3 lfsvc;Geolocation Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 LSI_SAS2i;LSI_SAS2i;c:\windows\system32\drivers\lsi_sas2i.sys [2016-7-16 89952]
    S3 LSI_SAS3i;LSI_SAS3i;c:\windows\system32\drivers\lsi_sas3i.sys [2016-7-16 85856]
    S3 megasas2i;megasas2i;c:\windows\system32\drivers\MegaSas2i.sys [2017-3-18 56672]
    S3 MsSecFlt;Minifilter voor Microsoft Security Events Component;c:\windows\system32\drivers\mssecflt.sys [2016-7-16 159584]
    S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;c:\windows\system32\drivers\NetAdapterCx.sys [2016-7-16 62976]
    S3 NetSetupSvc;Network Setup Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 PDF Architect 5 CrashHandler;PDF Architect 5 CrashHandler;c:\program files\pdf architect 5\crash-handler-ws.exe [2017-2-10 979848]
    S3 PDF Architect 5;PDF Architect 5;c:\program files\pdf architect 5\ws.exe [2017-2-10 2468240]
    S3 percsas2i;percsas2i;c:\windows\system32\drivers\percsas2i.sys [2016-7-16 51552]
    S3 percsas3i;percsas3i;c:\windows\system32\drivers\percsas3i.sys [2016-7-16 54624]
    S3 PhoneSvc;Phone Service;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
    S3 RetailDemo;Retaildemoservice;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 Sense;Windows Defender Advanced Threat Protection Service;c:\program files\windows defender advanced threat protection\MsSense.exe [2017-3-18 1887272]
    S3 SensorDataService;Sensor Data Service;c:\windows\system32\SensorDataService.exe [2017-3-18 894976]
    S3 SensorService;Sensor Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 SerCx2;Serial UART Support Library;c:\windows\system32\drivers\SerCx2.sys [2016-7-16 117600]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2017-3-17 35504]
    S3 smphost;Microsoft Storage Spaces SMP;c:\windows\system32\svchost.exe -k smphost [2016-7-16 38792]
    S3 stornvme;Microsoft Standard NVM Express Driver;c:\windows\system32\drivers\stornvme.sys [2016-7-16 66912]
    S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;c:\windows\system32\drivers\storufs.sys [2016-7-16 26976]
    S3 TieringEngineService;Storage Tiers Management;c:\windows\system32\TieringEngineService.exe [2016-7-16 253440]
    S3 UcmCx0101;USB Connector Manager KMDF Class Extension;c:\windows\system32\drivers\UcmCx.sys [2016-7-16 68608]
    S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;c:\windows\system32\drivers\UcmTcpciCx.sys [2016-7-16 76800]
    S3 UcmUcsi;UCSI-client van USB-connectorbeheer;c:\windows\system32\drivers\UcmUcsi.sys [2016-7-16 35840]
    S3 UdeCx;USB Device Emulation Support Library;c:\windows\system32\drivers\Udecx.sys [2016-7-16 33280]
    S3 UEFI;Microsoft UEFI-stuurprogramma;c:\windows\system32\drivers\uefi.sys [2016-7-16 23392]
    S3 Ufx01000;USB Function Class Extension;c:\windows\system32\drivers\ufx01000.sys [2016-7-16 205152]
    S3 UfxChipidea;Chipidea USB-controller;c:\windows\system32\drivers\UfxChipidea.sys [2016-7-16 75616]
    S3 ufxsynopsys;Synopsys USB-controller;c:\windows\system32\drivers\ufxsynopsys.sys [2016-7-16 107360]
    S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;c:\windows\system32\drivers\urschipidea.sys [2016-7-16 22880]
    S3 UrsCx01000;USB Role-Switch Support Library;c:\windows\system32\drivers\urscx01000.sys [2016-7-16 42336]
    S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;c:\windows\system32\drivers\urssynopsys.sys [2016-7-16 21856]
    S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;c:\windows\system32\drivers\vhf.sys [2016-7-16 24064]
    S3 vmgid;Microsoft Hyper-V-stuurprogramma voor de gastinfrastructuur;c:\windows\system32\drivers\vmgid.sys [2016-7-16 8704]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 vmicvmsession;Hyper-V PowerShell Direct Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 38792]
    S3 w3logsvc;W3C-logboekregistratieservice;c:\windows\system32\svchost.exe -k apphost [2016-7-16 38792]
    S3 WalletService;WalletService;c:\windows\system32\svchost.exe -k appmodel [2016-7-16 38792]
    S3 wdiwifi;WDI Driver Framework;c:\windows\system32\drivers\WdiWiFi.sys [2017-3-18 518656]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;c:\windows\system32\svchost.exe -k WepHostSvcGroup [2016-7-16 38792]
    S3 wisvc;Windows Insider Service;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 workfolderssvc;Work Folders;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
    S3 WpnUserService_35d4f;Windows Push Notification-gebruikersservice_35d4f;c:\windows\system32\svchost.exe -k UnistackSvcGroup [2016-7-16 38792]
    S3 XblAuthManager;Xbox Live-verificatiebeheer;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 XblGameSave;Games opslaan op Xbox Live;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\drivers\xboxgip.sys [2017-3-18 216576]
    S3 XboxNetApiSvc;XboxNetApiSvc;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S3 xinputhid;XINPUT HID Filter Driver;c:\windows\system32\drivers\xinputhid.sys [2017-3-18 34304]
    S4 AppVClient;Microsoft App-V Client;c:\windows\system32\AppVClient.exe [2017-3-18 615264]
    S4 shpamsvc;Shared PC Account Manager;c:\windows\system32\svchost.exe -k netsvcs [2016-7-16 38792]
    S4 tzautoupdate;Updater van automatische tijdzone;c:\windows\system32\svchost.exe -k LocalService [2016-7-16 38792]
    S4 UevAgentDriver;UevAgentDriver;c:\windows\system32\drivers\UevAgentDriver.sys [2016-7-16 36192]
    S4 UevAgentService;User Experience Virtualization Service;c:\windows\system32\AgentService.exe [2016-7-16 858624]
    .
    =============== File Associations ===============
    .
    ShellExec: PDF Architect 5.exe: edit="c:\program files\pdf architect 5\architect.exe" --file "%1"
    ShellExec: PDF Architect 5.exe: open="c:\program files\pdf architect 5\architect.exe" --file "%1"
    .
    =============== Created Last 30 ================
    .
    2017-06-01 17:11:55 39168 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0aa4287-52a8-43a7-947f-ae7b9cbe847c}\MpKsl7e909f48.sys
    2017-06-01 17:11:06 -------- d-----w- c:\users\ferry\appdata\local\UNP
    2017-05-31 20:45:34 10555024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0aa4287-52a8-43a7-947f-ae7b9cbe847c}\mpengine.dll
    2017-05-31 19:55:59 -------- d---a-w- c:\program files\UNP
    2017-05-31 19:55:59 -------- d-----w- c:\windows\system32\UNP
    2017-05-31 19:55:27 10555024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2017-05-31 19:53:32 -------- d-----w- C:\AdwCleaner
    2017-05-31 15:57:48 -------- d-----w- c:\users\ferry\appdata\roaming\SUPERAntiSpyware.com
    2017-05-31 15:57:19 -------- d---a-w- c:\program files\SUPERAntiSpyware
    2017-05-31 15:57:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2017-05-31 15:55:14 915640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{83f515db-bc2c-4505-9c87-9af6eddb13c0}\gapaengine.dll
    2017-05-31 15:43:07 161720 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
    2017-05-31 15:42:57 97208 ----a-w- c:\windows\system32\drivers\farflt.sys
    2017-05-31 15:42:56 74680 ----a-w- c:\windows\system32\drivers\mwac.sys
    2017-05-31 15:42:50 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
    2017-05-31 15:42:46 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2017-05-31 15:42:39 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
    2017-05-31 15:42:28 -------- d-----w- c:\programdata\Malwarebytes
    2017-05-31 15:42:28 -------- d-----w- c:\program files\Malwarebytes
    2017-05-31 15:11:58 -------- d-----w- c:\program files\UJKDFNJY2M
    2017-05-31 15:11:57 -------- d-----w- c:\program files\P65IN4CPT1
    2017-05-31 15:11:56 -------- d-----w- c:\users\ferry\appdata\roaming\33bmswoton4
    2017-05-31 15:11:53 -------- d-----w- c:\users\ferry\appdata\roaming\Chugophwabory
    2017-05-31 15:11:53 -------- d-----w- c:\program files\Nogisphaniing Log
    2017-05-31 15:11:52 -------- d-----w- c:\users\ferry\appdata\local\Nekale
    2017-05-31 15:11:52 -------- d-----w- c:\program files\Vojesereaveing
    2017-05-31 15:11:45 -------- d-----w- c:\users\ferry\appdata\roaming\n2m4q5rpn0v
    2017-05-31 15:11:36 -------- d-----w- c:\program files\MVMX3L7M1O
    2017-05-31 15:11:35 -------- d-----w- c:\users\ferry\appdata\roaming\fm3opukxynd
    2017-05-30 17:46:41 -------- d-----w- c:\program files\YIOG7FY9I0
    2017-05-30 17:46:40 -------- d-----w- c:\program files\AF422116UY
    2017-05-30 17:46:39 -------- d-----w- c:\users\ferry\appdata\roaming\pq03vc4342c
    2017-05-30 17:46:29 -------- d-----w- c:\users\ferry\appdata\roaming\fu1kl0a5fu4
    2017-05-30 17:27:58 -------- d-----w- c:\program files\Z6W1MKB42K
    2017-05-30 17:27:57 -------- d-----w- c:\program files\5HUU9A5K92
    2017-05-30 17:27:54 -------- d-----w- c:\users\ferry\appdata\roaming\Profiles
    2017-05-30 17:27:54 -------- d-----w- c:\users\ferry\appdata\roaming\j5le3fofm30
    2017-05-30 17:27:44 -------- d-----w- c:\users\ferry\appdata\roaming\tga1ar51tip
    2017-05-30 17:27:39 -------- d-----w- c:\users\ferry\appdata\roaming\fsusoz2mw2i
    2017-05-30 17:27:39 -------- d-----w- c:\program files\0SUOUNDA2Y
    2017-05-30 17:27:36 -------- d-----w- c:\program files\anh0swlnxgf
    2017-05-30 17:27:32 -------- d-----w- c:\users\ferry\appdata\roaming\ayxqc2hc1be
    2017-05-30 17:26:37 -------- d-----w- c:\program files\ixY5WSQZn7
    2017-05-30 17:24:04 -------- d-----w- c:\program files\78080d72ebecfb1ef52e642e894a2a85
    2017-05-30 17:18:42 -------- d-----w- c:\users\ferry\.fontconfig
    2017-05-30 17:18:30 -------- d-----w- c:\users\ferry\appdata\roaming\NVIDIA
    2017-05-30 17:18:28 -------- d-----w- c:\users\ferry\appdata\local\Movavi
    2017-05-30 17:18:28 -------- d-----w- c:\users\ferry\appdata\local\converter
    2017-05-30 17:17:49 -------- d-----w- c:\programdata\Movavi
    2017-05-30 17:17:28 -------- d-----w- c:\programdata\Movavi Video Converter 17
    2017-05-30 10:22:14 42288 ----a-w- c:\windows\system32\DbxSvc.exe
    2017-05-20 18:03:48 -------- d-----r- c:\users\ferry\Dropbox
    2017-05-20 18:01:57 -------- d-----w- c:\users\ferry\appdata\roaming\Dropbox
    2017-05-20 18:01:16 -------- d-----w- c:\program files\Dropbox
    2017-05-20 18:00:53 -------- d-----w- c:\users\ferry\appdata\local\Dropbox
    2017-05-20 18:00:53 -------- d-----w- c:\programdata\Dropbox
    2017-05-20 12:35:05 -------- d-----w- c:\program files\NSIS
    2017-05-09 20:19:59 783360 ----a-w- c:\windows\system32\TSWorkspace.dll
    .
    ==================== Find3M ====================
    .
    2017-05-31 15:55:00 456360 ------w- c:\windows\system32\MpSigStub.exe
    2017-04-29 00:59:38 177656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2017-04-29 00:59:37 835576 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2017-04-28 01:33:50 448864 ----a-w- c:\windows\system32\ContentDeliveryManager.Utilities.dll
    2017-04-28 01:32:09 685440 ----a-w- c:\windows\system32\Windows.Internal.Shell.Broker.dll
    2017-04-28 01:32:08 402272 ----a-w- c:\windows\system32\AppVCatalog.dll
    2017-04-28 01:32:04 551264 ----a-w- c:\windows\system32\AppVOrchestration.dll
    2017-04-28 01:32:03 498016 ----a-w- c:\windows\system32\AppVEntVirtualization.dll
    2017-04-28 01:28:15 965472 ----a-w- c:\windows\system32\ReAgent.dll
    2017-04-28 01:01:53 784064 ----a-w- c:\windows\system32\winresume.exe
    2017-04-28 01:00:14 1725136 ----a-w- c:\windows\system32\KernelBase.dll
    2017-04-28 01:00:07 5996896 ----a-w- c:\windows\system32\ntoskrnl.exe
    2017-04-28 00:59:55 601712 ----a-w- c:\windows\system32\oleaut32.dll
    2017-04-28 00:58:41 1956704 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2017-04-28 00:56:56 2048488 ----a-w- c:\windows\system32\CoreUIComponents.dll
    2017-04-28 00:55:11 583128 ----a-w- c:\windows\system32\CoreMessaging.dll
    2017-04-28 00:51:41 277856 ----a-w- c:\windows\system32\WinSetupUI.dll
    2017-04-28 00:49:54 53080 ----a-w- c:\windows\system32\drivers\fsdepends.sys
    2017-04-28 00:48:25 263472 ----a-w- c:\windows\system32\Windows.Storage.ApplicationData.dll
    2017-04-28 00:46:29 1896288 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2017-04-28 00:46:17 342880 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2017-04-28 00:46:09 1504056 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2017-04-28 00:46:06 1431232 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
    2017-04-28 00:46:03 5722320 ----a-w- c:\windows\system32\windows.storage.dll
    2017-04-28 00:45:54 781144 ----a-w- c:\windows\system32\WWAHost.exe
    2017-04-28 00:45:44 493920 ----a-w- c:\windows\system32\SettingSyncHost.exe
    2017-04-28 00:45:44 116576 ----a-w- c:\windows\system32\CloudExperienceHostCommon.dll
    2017-04-28 00:45:33 861024 ----a-w- c:\windows\system32\LicenseManager.dll
    2017-04-28 00:45:29 975744 ----a-w- c:\windows\system32\twinapi.appcore.dll
    2017-04-28 00:45:29 25440 ----a-w- c:\windows\system32\browser_broker.exe
    2017-04-28 00:45:00 545120 ----a-w- c:\windows\system32\drivers\vhdmp.sys
    2017-04-28 00:43:59 1980768 ----a-w- c:\windows\system32\msxml6.dll
    2017-04-28 00:43:55 458592 ----a-w- c:\windows\system32\drivers\spaceport.sys
    2017-04-28 00:43:48 1557224 ----a-w- c:\windows\system32\crypt32.dll
    2017-04-28 00:43:27 355168 ----a-w- c:\windows\system32\drivers\rdbss.sys
    2017-04-28 00:43:10 846560 ----a-w- c:\windows\system32\WinTypes.dll
    2017-04-28 00:43:09 2168288 ----a-w- c:\windows\system32\combase.dll
    2017-04-28 00:42:58 601952 ----a-w- c:\windows\system32\NetSetupEngine.dll
    2017-04-28 00:41:08 361104 ----a-w- c:\windows\system32\tsmf.dll
    2017-04-28 00:41:07 80224 ----a-w- c:\windows\system32\rdpudd.dll
    2017-04-28 00:40:30 6665952 ----a-w- c:\windows\system32\Windows.Media.Protection.PlayReady.dll
    2017-04-28 00:40:19 4023008 ----a-w- c:\windows\system32\mfcore.dll
    2017-04-28 00:40:17 1277856 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
    2017-04-28 00:40:15 1851696 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
    2017-04-28 00:40:15 1360456 ----a-w- c:\windows\system32\mfnetsrc.dll
    2017-04-28 00:40:13 981888 ----a-w- c:\windows\system32\mfnetcore.dll
    2017-04-28 00:40:10 352760 ----a-w- c:\windows\system32\MMDevAPI.dll
    2017-04-28 00:40:09 1202936 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
    2017-04-28 00:39:48 962760 ----a-w- c:\windows\system32\ole32.dll
    2017-04-28 00:39:22 4312248 ----a-w- c:\windows\explorer.exe
    2017-04-28 00:38:56 1384704 ----a-w- c:\windows\system32\sppobjs.dll
    2017-04-28 00:35:23 1411616 ----a-w- c:\windows\system32\gdi32full.dll
    2017-04-28 00:33:18 380184 ----a-w- c:\windows\system32\services.exe
    2017-04-28 00:29:28 5685760 ----a-w- c:\windows\system32\Windows.Data.Pdf.dll
    2017-04-28 00:26:56 281088 ----a-w- c:\windows\system32\RDXTaskFactory.dll
    2017-04-28 00:23:19 95232 ----a-w- c:\windows\system32\UserDataTimeUtil.dll
    2017-04-28 00:23:10 1631232 ----a-w- c:\windows\system32\Windows.UI.Xaml.Resources.dll
    2017-04-28 00:22:46 26112 ----a-w- c:\windows\system32\odbcconf.dll
    2017-04-28 00:22:16 165376 ----a-w- c:\windows\system32\ReInfo.dll
    2017-04-28 00:22:08 69120 ----a-w- c:\windows\system32\drivers\raspppoe.sys
    2017-04-28 00:21:41 27648 ----a-w- c:\windows\system32\BthTelemetry.dll
    2017-04-28 00:21:26 73728 ----a-w- c:\windows\system32\tdc.ocx
    2017-04-28 00:21:14 224256 ----a-w- c:\windows\system32\ExSMime.dll
    2017-04-28 00:20:50 44032 ----a-w- c:\windows\system32\virtdisk.dll
    2017-04-28 00:20:47 141824 ----a-w- c:\windows\system32\Windows.Devices.Radios.dll
    2017-04-28 00:20:27 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2017-04-28 00:20:23 30720 ----a-w- c:\windows\system32\drivers\vwifimp.sys
    2017-04-28 00:20:00 203776 ----a-w- c:\windows\system32\drivers\BthLEEnum.sys
    2017-04-28 00:19:33 119296 ----a-w- c:\windows\system32\Family.Client.dll
    2017-04-28 00:19:26 584192 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2017-04-28 00:19:24 98304 ----a-w- c:\windows\system32\appidsvc.dll
    2017-04-28 00:19:15 156672 ----a-w- c:\windows\system32\UserDeviceRegistration.dll
    2017-04-28 00:19:07 94208 ----a-w- c:\windows\system32\drivers\bridge.sys
    2017-04-28 00:19:05 138240 ----a-w- c:\windows\system32\DisplayManager.dll
    2017-04-28 00:18:43 450560 ----a-w- c:\windows\system32\rastls.dll
    2017-04-28 00:18:37 255488 ----a-w- c:\windows\system32\unimdm.tsp
    2017-04-28 00:18:35 285184 ----a-w- c:\windows\system32\Windows.UI.BlockedShutdown.dll
    2017-04-28 00:18:31 254464 ----a-w- c:\windows\system32\drivers\wmbclass.sys
    2017-04-28 00:17:57 136192 ----a-w- c:\windows\system32\WinRtTracing.dll
    2017-04-28 00:17:50 94208 ----a-w- c:\windows\system32\Windows.StateRepositoryClient.dll
    2017-04-28 00:17:39 330752 ----a-w- c:\windows\system32\aadcloudap.dll
    2017-04-28 00:17:36 95232 ----a-w- c:\windows\system32\BluetoothApis.dll
    2017-04-28 00:17:02 186880 ----a-w- c:\windows\system32\Family.SyncEngine.dll
    2017-04-28 00:17:01 142336 ----a-w- c:\windows\system32\Windows.Devices.WiFi.dll
    2017-04-28 00:15:44 334848 ----a-w- c:\windows\system32\rastlsext.dll
    2017-04-28 00:15:41 216576 ----a-w- c:\windows\system32\DeveloperOptionsSettingsHandlers.dll
    2017-04-28 00:15:38 237568 ----a-w- c:\windows\system32\SyncSettings.dll
    2017-04-28 00:15:35 206336 ----a-w- c:\windows\system32\bthprops.cpl
    2017-04-28 00:15:29 404992 ----a-w- c:\windows\system32\dsreg.dll
    2017-04-28 00:15:14 822784 ----a-w- c:\windows\system32\Chakradiag.dll
    2017-04-28 00:15:12 102400 ----a-w- c:\windows\system32\ConsentUX.dll
    2017-04-28 00:15:11 557568 ----a-w- c:\windows\system32\StoreAgent.dll
    2017-04-28 00:15:09 774144 ----a-w- c:\windows\system32\SystemSettings.Handlers.dll
    2017-04-28 00:14:11 670208 ----a-w- c:\windows\system32\Windows.Devices.PointOfService.dll
    2017-04-28 00:14:06 223232 ----a-w- c:\windows\system32\InstallAgentUserBroker.exe
    2017-04-28 00:14:01 483840 ----a-w- c:\windows\system32\Windows.Devices.AllJoyn.dll
    2017-04-28 00:14:00 445952 ----a-w- c:\windows\system32\Windows.Networking.UX.EapRequestHandler.dll
    2017-04-28 00:14:00 306688 ----a-w- c:\windows\system32\ieproxy.dll
    2017-04-28 00:12:58 284672 ----a-w- c:\windows\system32\apprepsync.dll
    2017-04-28 00:12:52 273920 ----a-w- c:\windows\system32\PrintDialogs3D.dll
    .
    ============= FINISH: 19:41:54,61 ===============



    zie deel 2/2 voor DDS attach log en GMER logfile
    grtz,
    Bintang

  • #2
    Browser Hijack 2/2

    DDS Attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 10 Pro
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18-3-2017 0:11:24
    System Uptime: 1-6-2017 19:39:21 (0 hours ago)
    .
    Motherboard: LENOVO | | 2429AK0
    Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | CPU Socket - U3E1 | 2601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 167 GiB total, 111,721 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\LEN0078\5&2890D699&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\LEN0078\5&2890D699&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP9: 17-5-2017 5:31:18 - Windows Update
    RP10: 23-5-2017 18:08:11 - Windows Update
    RP11: 31-5-2017 17:55:27 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 16.04
    Adobe Acrobat Reader DC - Nederlands
    Adobe Refresh Manager
    Ansel
    µTorrent
    Broadcom InConcert Maestro
    Definition Update for Microsoft Office 2013 (KB3115404) 32-Bit Edition
    Dropbox
    Dropbox Update Helper
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft InfoPath 2013 (KB2825670) 32-Bit Edition
    Hotfix for Microsoft Office 2013 (KB2817344) 32-Bit Edition
    Hotfix for Microsoft Office 2013 (KB2878289) 32-Bit Edition
    Hotfix for Microsoft Office 2013 (KB2878296) 32-Bit Edition
    Hotfix for Microsoft Office 2013 (KB2883063) 32-Bit Edition
    Intel PROSet Wireless
    Intel(R) Network Connections 22.0.18.0
    Intel(R) Processor Graphics
    IrfanView 4.44 (32-bit)
    Java 8 Update 131
    Java Auto Updater
    Lenovo Bluetooth with Enhanced Data Rate Software
    Lenovo Power Management Driver
    Malwarebytes versie 3.1.2.1733
    Manager
    Microsoft .NET Framework 4.5.2
    Microsoft Access MUI (Dutch) 2013
    Microsoft DCF MUI (Dutch) 2013
    Microsoft Excel MUI (Dutch) 2013
    Microsoft Groove MUI (Dutch) 2013
    Microsoft InfoPath MUI (Dutch) 2013
    Microsoft Lync MUI (Dutch) 2013
    Microsoft Office Korrekturhilfen 2013 - Deutsch
    Microsoft Office OSM MUI (Dutch) 2013
    Microsoft Office OSM UX MUI (Dutch) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (Dutch) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Nederlands
    Microsoft Office Shared MUI (Dutch) 2013
    Microsoft OneDrive
    Microsoft OneNote MUI (Dutch) 2013
    Microsoft Outlook MUI (Dutch) 2013
    Microsoft PowerPoint MUI (Dutch) 2013
    Microsoft Publisher MUI (Dutch) 2013
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD
    Microsoft Windows Debugging Symbols
    Microsoft Word MUI (Dutch) 2013
    NVIDIA-configuratiescherm 369.09
    NVIDIA 3D Vision Driver 376.74
    NVIDIA Display Container
    NVIDIA Display Container LS
    NVIDIA Graphics Driver 376.74
    NVIDIA HD Audio Driver 1.3.34.21
    NVIDIA Install Application
    NVIDIA nView 148.47
    NVIDIA Optimus Update 2.11.4.125
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Core
    Outils de vérification linguistique 2013 de Microsoft Office*- Français
    PDF Architect 5
    PDF Architect 5 Create Module
    PDF Architect 5 Edit Module
    PDF Architect 5 View Module
    PDFCreator
    Realtek High Definition Audio Driver
    Security Update for Microsoft Office 2013 (KB3039746) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3039794) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3115153) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3172458) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB3191885) 32-Bit Edition
    Security Update for Microsoft Word 2013 (KB3178729) 32-Bit Edition
    Spotify
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD
    Update for Microsoft Access 2013 (KB3118349) 32-Bit Edition
    Update for Microsoft Excel 2013 (KB3191877) 32-Bit Edition
    Update for Microsoft InfoPath 2013 (KB3114818) 32-Bit Edition
    Update for Microsoft InfoPath 2013 (KB3114946) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3023049) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3023068) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039701) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039750) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039756) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039778) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3039795) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3054785) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3054819) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3055007) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3085565) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3085587) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3101487) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3101503) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3114488) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3114499) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3114825) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3114835) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3115156) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3127916) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3127972) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3162039) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3172448) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3172520) 32-Bit Edition
    Update for Microsoft Office 2013 (KB3172523) 32-Bit Edition
    Update for Microsoft OneDrive for Business (KB3178645) 32-Bit Edition
    Update for Microsoft OneNote 2013 (KB3141494) 32-Bit Edition
    Update for Microsoft Outlook 2013 (KB3191889) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB3191871) 32-Bit Edition
    Update for Microsoft Publisher 2013 (KB3114329) 32-Bit Edition
    Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
    Update for Microsoft Word 2013 (KB3039719) 32-Bit Edition
    Update for Skype for Business 2015 (KB3191873) 32-Bit Edition
    Update for Skype for Business 2015 (KB3191876) 32-Bit Edition
    VLC media player
    Vulkan Run Time Libraries 1.0.26.0
    Windows 10 Update and Privacy Settings
    Windows 10 Upgrade Assistant
    Windows Driver Package - Lenovo Monitor (12/14/2009 4.34.0.0)
    .
    ==== End Of File ===========================

    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2017-06-01 20:39:44
    Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\0000002e INTEL_SSDSC2BF180A4L rev.LADi 167,68GB
    Running: xpvijnl6.exe; Driver: C:\Users\Ferry\AppData\Local\Temp\fglcypog.sys


    ---- System - GMER 2.2 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x906DA640]

    ---- Kernel code sections - GMER 2.2 ----

    .text ntoskrnl.exe!ExfUnblockPushLock + 1549 8173764D 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 602 8173BDD2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- Devices - GMER 2.2 ----

    Device \Driver\BTHUSB \Device\00000041 bthport.sys
    Device \Driver\BTHUSB \Device\00000041 bthport.sys

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 iorate.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 volume.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 iorate.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 volume.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 iorate.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 volume.sys

    Device \Driver\BTHUSB \Device\0000003e bthport.sys
    Device \Driver\BTHUSB \Device\0000003e bthport.sys

    ---- Registry - GMER 2.2 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0x04 0xC2 0xC1 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0x6C 0x1C 0xBF 0x15 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0x04 0xC2 0xC1 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0x6C 0x1C 0xBF 0x15 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\[email protected] 17
    Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0593HMES503968_15_07D9_79*LEN 40B10_01_07D8_6F^[email protected] 0x4D 0x00 0xF6 0x49 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{FF8BBA20-9F4D-4860-A97E-7BB617F64E61}\[email protected] Reusable ISATAP Interface {FF8BBA20-9F4D-4860-A97E-7BB617F64E61}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 1400445
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\[email protected] -7709712
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\P[email protected] 17
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\[email protected] 505889891
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 5226
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 4711
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal [email protected] 5962be4d-3076-4a4a-9c2c-5ed6813
    Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\[email protected] Global\MMF_BITSa4995f19-87ea-4e5d-94af-fddbf58d966e
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387fe5305
    Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{c18d5b06-6015-4010-afa2-727c28b46a3b}@LastProbeTime 1496345661
    Reg HKLM\SYSTEM\CurrentControlSet\Services\IBMPMSVC\Parameters\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{FF8BBA20-9F4D-4860-A97E-7BB617F64E61}@InterfaceName Reusable ISATAP Interface {FF8BBA20-9F4D-4860-A97E-7BB617F64E61}
    Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{FF8BBA20-9F4D-4860-A97E-7BB617F64E61}@ReusableType 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 2177
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 266
    Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\[email protected] 16
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\[email protected] 2419
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1}@LeaseObtainedTime 1496338461
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1}@T1 1496340261
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1}@T2 1496341611
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7af84d91-a6e0-4b8a-9d1a-4ae8dc9541e1}@LeaseTerminatesTime 1496342061
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 22
    Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0xD8 0x7E 0x1F 0x50 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0xD8 0xE6 0xE3 0xB1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0xD8 0x16 0x5B 0xEE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] List 11992 11998 12010 12020 12030 12050 12094 12104 12142 12148 12164
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter 12170
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help 12171
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter 11992
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help 11993
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\[email protected] 101
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based [email protected] 30595837
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based [email protected] -135860300
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\TiRunning
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\[email protected] 0x12 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\[email protected] 0xDF 0xC8 0xC6 0xED ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\[email protected] 0x84 0x1A 0x0F 0x4E ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\[email protected] 0x9B 0x41 0x0F 0x4E ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\[email protected] tTime 0x61 0xB8 0x27 0x4C ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\[email protected] Consumer 0x42 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\[email protected] arios 2
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\[email protected] tempts 6
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\[email protected] ed 220
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\[email protected] me 0xE2 0x9F 0x8C 0x5A ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\[email protected] 0xDC 0xAB 0xAC 0xA2 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\[email protected] 0x52 0xF9 0xBA 0xD4 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\[email protected] wnloadTime 0xDC 0xAB 0xAC 0xA2 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\WINDOWS.DIAGNO [email protected] 30:66A2A386::2EF69D7E8F
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\WINDOWS.DIAGNO [email protected] 0x52 0xF9 0xBA 0xD4 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1252841513
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30595837
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1252997774
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30595837
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3829025451-3821063052-892049231-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1270036464
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3829025451-3821063052-892049231-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30595837
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3829025451-3821063052-892049231-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1270191565
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3829025451-3821063052-892049231-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30595837
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 17
    Reg HKLM\SOFTWARE\Microsoft\Windows\[email protected]_00000001 4631EDB5-DAFD-0001-C8ED-3146FDDAD201
    Reg HKLM\SOFTWARE\Microsoft\Windows\Tablet [email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\Tablet [email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature [email protected] 1.245.302.0
    Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature [email protected] 1.245.302.0
    Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature [email protected] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0AA4287-52A8-43A7-947F-AE7B9CBE847C}
    Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature [email protected] 38
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Counter 12170
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Help 12171
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\[email protected]:catalog:LastCatalogCrawlId 57
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] 59
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] 659
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\58
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 56
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\[email protected] 57
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 56
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 58
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] -1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 4
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\[email protected] 108
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\[email protected]{CB1938C5-099E-11E7-BDF5-806E6F6E6963} 2189225176

    ---- EOF - GMER 2.2 ----

    Comment


    • #3
      Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
      Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

      Farbar Recovery Scan Tool uitvoeren
      • Dubbelklik op FRST.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
      • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
      • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
      • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Hallo Juisterr,

        Bij deze....
        Extra scanresultaten van Farbar Recovery Scan Tool (x86) Versie: 02-06-2017
        Gestart door Ferry (02-06-2017 23:19:39)
        Gestart vanaf C:\Users\Ferry\Desktop
        Microsoft Windows 10 Pro Versie 1607 (X86) (2017-03-17 23:11:24)
        Boot Modus: Normal
        ==========================================================


        ==================== Accounts: =============================

        Administrator (S-1-5-21-3829025451-3821063052-892049231-500 - Administrator - Disabled)
        DefaultAccount (S-1-5-21-3829025451-3821063052-892049231-503 - Limited - Disabled)
        Ferry (S-1-5-21-3829025451-3821063052-892049231-1000 - Administrator - Enabled) => C:\Users\Ferry
        Guest (S-1-5-21-3829025451-3821063052-892049231-501 - Limited - Disabled)
        HomeGroupUser$ (S-1-5-21-3829025451-3821063052-892049231-1002 - Limited - Enabled)

        ==================== Security Center ========================

        (Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

        AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

        ==================== Geïnstalleerde programma's ======================

        (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

        µTorrent (HKU\S-1-5-21-3829025451-3821063052-892049231-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
        7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
        Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
        Ansel (Version: 376.74 - NVIDIA Corporation) Hidden
        Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2300 - Broadcom Corporation)
        Dropbox (HKLM\...\Dropbox) (Version: 27.4.22 - Dropbox, Inc.)
        Dropbox Update Helper (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
        Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
        Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
        Intel(R) Network Connections 22.0.18.0 (HKLM\...\PROSetDX) (Version: 22.0.18.0 - Intel)
        Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4491 - Intel Corporation)
        IrfanView 4.44 (32-bit) (HKLM\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
        Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
        Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2300 - Broadcom Corporation)
        Lenovo Power Management Driver (Version: 1.67.12.19 - Lenovo) Hidden
        Malwarebytes versie 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
        Manager (Version: 5.0.22.32425 - 2017 pdfforge GmbH. All rights reserved) Hidden
        Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
        Microsoft OneDrive (HKU\S-1-5-21-3829025451-3821063052-892049231-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
        Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
        Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
        Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
        Microsoft Windows Debugging Symbols (HKLM\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft)
        Microsoft Windows Debugging Symbols (HKLM\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
        NVIDIA 3D Vision Driver 376.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.74 - NVIDIA Corporation)
        NVIDIA Graphics Driver 376.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.74 - NVIDIA Corporation)
        NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
        NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
        Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
        PDF Architect 5 (HKLM\...\PDF Architect 5) (Version: 5.0.21.32007 - pdfforge GmbH)
        PDF Architect 5 Create Module (Version: 5.0.22.32126 - pdfforge GmbH) Hidden
        PDF Architect 5 Edit Module (Version: 5.0.22.32126 - pdfforge GmbH) Hidden
        PDF Architect 5 View Module (Version: 5.0.22.32126 - pdfforge GmbH) Hidden
        PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.1 - pdfforge GmbH)
        Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
        Spotify (HKU\S-1-5-21-3829025451-3821063052-892049231-1000\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB)
        Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
        Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
        Update for Skype for Business 2015 (KB3191873) 32-Bit Edition (HKLM\...\{90150000-012B-0413-0000-0000000FF1CE}_Office15.PROPLUS_{4801CC63-1ED0-4582-896B-9CB4F2808152}) (Version: - Microsoft)
        Update for Skype for Business 2015 (KB3191876) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0FE3-809E-4D71-B5F6-3EFDAA93C2E6}) (Version: - Microsoft)
        Update for Skype for Business 2015 (KB3191876) 32-Bit Edition (HKLM\...\{90150000-012B-0413-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0FE3-809E-4D71-B5F6-3EFDAA93C2E6}) (Version: - Microsoft)
        VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
        Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
        Windows 10 Update and Privacy Settings (HKLM\...\{8BE893D4-107C-4867-9B71-A3CF2C917C0E}) (Version: 1.0.13.0 - Microsoft Corporation)
        Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
        Windows Driver Package - Lenovo Monitor (12/14/2009 4.34.0.0) (HKLM\...\9D3EDFA5C69D4A6764B1D5382B8EB729F05A6004) (Version: 12/14/2009 4.34.0.0 - Lenovo)

        ==================== Aangepaste CLSID (gefilterd): ==========================

        (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

        CustomCLSID: HKU\S-1-5-21-3829025451-3821063052-892049231-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

        ==================== Geplande Taken (gefilterd) =============

        (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

        Task: {02BD2505-06CF-4499-AD03-4C79DBD3BC84} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
        Task: {0D9E74CD-4979-4B59-A26F-9F9029CF6C0E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {2A614B54-B3D3-4686-AE27-FE588A6CA03E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {3D14D069-5F83-4730-8E04-A01D1FB14B61} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {42102DA8-B6D1-4D50-BC75-25E53B9D7A6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
        Task: {4A5DF416-7ABF-41BF-A4B8-E0A9A6596ED3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
        Task: {5075F620-735D-4B16-BC76-450A6E6A630D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {51B700C6-BAAF-486B-935D-75AB528C376A} - \6idESTo7HH -> Geen bestand <==== AANDACHT
        Task: {596F2317-45F0-4465-AAAB-0F06D7696FC1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
        Task: {6504E28A-E318-46C2-A64F-B80059967A55} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {65537A13-CD58-4D7C-84BF-C8F4DFEB89A8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
        Task: {6587699A-E59B-4D1E-8282-0CDDCC95F4B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {660A0C2F-A4CD-467B-90D5-1AEC74F44211} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
        Task: {6C7F38AE-50D0-4AB2-BCC2-BE6540E9E168} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {6DB77865-A976-4D48-A796-E946C92D62A5} - System32\Tasks\{87370853-309C-BFF8-F851-A7395A5826AA} => C:\ProgramData\{46A4519D-F10F-E636-4BA8-CB6521A289A4}\013A0126-B691-B68D-3189-0C09EEA4E6A3.exe <==== AANDACHT
        Task: {78570C52-F561-470A-B857-3F200FB199C1} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-01-24] ()
        Task: {7E48755F-0538-4095-BAFC-BB44E95B6F16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
        Task: {7F4BACF0-B000-4E23-BFC7-AF702620B6FA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
        Task: {90E33663-9921-43FD-9504-8A831224A714} - \TXSdeSoncR -> Geen bestand <==== AANDACHT
        Task: {92F759E2-66EE-4C16-B9BD-B250808039A3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {97DA72A1-90CA-4A7F-B423-5D958A22AB7B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-05-20] (Dropbox, Inc.)
        Task: {97E700D1-2BC5-4D96-B89A-203E41B99B43} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
        Task: {9CD4EF38-2FB5-478F-A120-A002481EC2E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {A2ACE674-5AF9-43CE-A194-50033637E333} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-17] (Google Inc.)
        Task: {A7077B34-AA37-4B0D-A1ED-25B28057C8FF} - \{04050B47-7D0D-7D0A-0B11-0D0D7A7A117E} -> Geen bestand <==== AANDACHT
        Task: {AE2DA39D-418F-4A78-B034-1BF2542FE583} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {C1235954-CAD5-4977-9866-9A21255E8C13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
        Task: {C6B6F60A-AB1E-4F9A-88ED-7FB9427245E3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-03-17] ()
        Task: {C9279004-E2B0-4151-8EC2-F97F88449894} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {C941FA16-F148-4DEC-806F-A98EF5AEDF42} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT
        Task: {CE0CCB37-A073-40EA-8117-F88DFC7D8C24} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-05-20] (Dropbox, Inc.)
        Task: {D30E94DD-E622-4642-8D1C-0DD894006828} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
        Task: {D5FBDB5A-BA80-4682-A7FA-DA620217DED8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
        Task: {DBA7350B-C09A-48DE-8304-CC9CD854F45D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
        Task: {DCB95B7B-ECBE-437E-9D52-ADE6B1D9133D} - System32\Tasks\{7981A6A7-11FF-B1AD-A695-F71D648FD464} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\d61181ac\e7360d81.dll" <==== AANDACHT
        Task: {E38355A3-2AC5-421A-9764-28C3FEA71882} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {E3BC9293-247F-4ABC-81E4-0B320224FD71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-17] (Google Inc.)
        Task: {EDFB144C-9C6A-4BC7-8DA4-DE7A344CC4F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
        Task: {FA76B700-AA7E-40F0-A2EA-10B6B30D490B} - \Microsoft\Windows\DeviceSettings\Cnerle -> Geen bestand <==== AANDACHT

        (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

        Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
        Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

        ==================== Snelkoppelingen =============================

        (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

        ShortcutWithArgument: C:\Users\Ferry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
        ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
        ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

        ==================== Geladen Modules (gefilterd) ==============

        2017-05-31 17:42 - 2017-05-09 16:38 - 01728456 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
        2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
        2017-05-09 22:20 - 2017-04-28 02:56 - 02048488 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
        2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
        2017-03-18 19:40 - 2017-03-04 08:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
        2017-03-18 19:38 - 2017-03-04 08:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
        2017-03-18 19:38 - 2017-03-04 07:58 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
        2017-03-18 19:38 - 2016-08-06 05:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
        2017-05-09 22:19 - 2017-04-28 01:52 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
        2017-05-09 22:19 - 2017-04-28 01:55 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
        2017-03-17 21:13 - 2016-10-19 04:42 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
        2017-05-31 22:42 - 2017-05-30 12:19 - 00775488 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
        2017-05-31 22:42 - 2017-05-30 12:19 - 01787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
        2017-05-20 20:02 - 2017-05-12 04:25 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
        2017-05-20 20:02 - 2017-05-12 04:25 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
        2017-05-20 20:02 - 2017-05-12 04:25 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
        2017-05-20 20:02 - 2017-05-30 12:21 - 00019776 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00020824 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
        2017-05-20 20:02 - 2017-05-12 04:25 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
        2017-05-20 20:02 - 2017-05-12 04:25 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 01729360 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
        2017-05-31 22:42 - 2017-05-12 04:25 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
        2017-05-31 22:42 - 2017-05-12 04:25 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
        2017-05-31 22:42 - 2017-05-12 04:25 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
        2017-05-20 20:02 - 2017-05-12 04:27 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00060736 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00038712 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
        2017-05-31 22:42 - 2017-05-12 04:25 - 00392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
        2017-05-31 22:42 - 2017-05-12 04:27 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
        2017-05-20 20:02 - 2017-05-30 12:21 - 00392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00246608 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 03928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
        2017-05-20 20:02 - 2017-05-12 04:25 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 01826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 01972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00069968 _____ () C:\Program Files\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
        2017-05-20 20:02 - 2017-05-12 04:27 - 00349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00103232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWinExtras.pyd
        2017-05-20 20:02 - 2017-05-30 12:22 - 00023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
        2017-05-31 22:42 - 2017-05-12 04:20 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
        2017-05-31 22:42 - 2017-05-30 12:21 - 00033112 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
        2017-05-31 22:42 - 2017-03-27 23:21 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
        2017-05-31 22:42 - 2017-05-30 12:21 - 00084288 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
        2017-05-20 20:02 - 2017-05-30 12:21 - 00030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
        2017-05-31 22:42 - 2017-05-12 04:30 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
        2017-05-31 22:42 - 2017-05-12 04:30 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
        2017-05-20 20:02 - 2017-05-30 12:22 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
        2017-05-20 20:02 - 2017-05-30 12:21 - 00023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
        2017-05-31 22:42 - 2017-05-30 12:21 - 00357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
        2017-05-31 17:11 - 2017-05-31 17:11 - 00007680 _____ () C:\Users\Ferry\AppData\Roaming\fm3opukxynd\puaa42sy5x1.exe
        2017-05-31 17:11 - 2017-05-31 17:11 - 00007680 _____ () C:\Users\Ferry\AppData\Roaming\n2m4q5rpn0v\lj1cbu1fph2.exe
        2017-05-31 17:11 - 2017-05-31 17:11 - 00007680 _____ () C:\Users\Ferry\AppData\Roaming\33bmswoton4\3vaaspwaidr.exe

        ==================== Alternate Data Streams (gefilterd) =========

        (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


        ==================== Veilige Modus (gefilterd) ===================

        (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
        HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

        ==================== Bestandskoppeling (gefilterd) ===============

        (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


        ==================== Internet Explorer vertrouwde/beperkte toegang ===============

        (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


        ==================== Hosts Inhoud: ==========================

        (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

        2009-07-14 04:04 - 2017-05-30 19:27 - 00001175 _____ C:\WINDOWS\system32\Drivers\etc\hosts

        127.0.0.1 cpm.paneladmin.pro
        127.0.0.1 publisher.hmdiadmingate.xyz
        127.0.0.1 distribution.hmdiadmingate.xyz
        127.0.0.1 hmdicrewtracksystem.xyz
        127.0.0.1 linkmate.space
        127.0.0.1 space1.adminpressure.space
        127.0.0.1 trackpressure.website
        127.0.0.1 doctorlink.space
        127.0.0.1 plugpackdownload.net
        127.0.0.1 dscdn.pw
        127.0.0.1 beautifllink.xyz

        ==================== Andere gebieden ============================

        (Momenteel is er geen automatische fix voor dit onderdeel.)

        HKU\S-1-5-21-3829025451-3821063052-892049231-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ferry\Downloads\europe-croatia-pula-ruin-medium.jpg
        DNS Servers: 8.8.8.8
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
        Windows Firewall is ingeschakeld.

        ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


        ==================== Firewall regels (gefilterd) ===============

        (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

        FirewallRules: [{3008BBBE-24C9-4DBE-ADCE-A382459FADBB}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{B37BC73E-0E55-4F8D-B275-4E261C59C503}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{820D0DDA-4DA0-4874-9256-8D9DE95AABD6}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{9DED7982-B4FF-4737-B2A7-5E801C263CB5}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{5D29C8F6-FF9E-461C-A50C-3C4F01941149}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{BEF73FA9-BA34-4A52-BF68-E596CA1855A4}] => (Allow) C:\Users\Ferry\AppData\Roaming\uTorrent\uTorrent.exe
        FirewallRules: [{EBB817CE-BCFE-48F2-A74F-D81C38E1830D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
        FirewallRules: [{1EFF428E-8ECD-4E11-B2BA-9F6944AE2647}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\TicTacToe.exe
        FirewallRules: [{0AE112F2-0BF2-4E00-A74F-97DD2D174B44}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\SeaBattle.exe
        FirewallRules: [{9498C832-DF4F-4BB8-98AE-587A9D03A637}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\EasyChat.exe
        FirewallRules: [{FF93B93D-BF35-4AA1-889C-48BBDC5734E5}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Chess.exe
        FirewallRules: [{70E6B51B-FA24-4C12-9B74-343588C80F77}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Checkers.exe
        FirewallRules: [{220392B8-F912-40A8-A8E9-1B9412C37498}] => (Allow) C:\Program Files\Lenovo\Bluetooth Software\EasyBits Games\Backgammon.exe
        FirewallRules: [TCP Query User{E89B1055-14A9-4F5A-8AA8-76FE90A251B7}C:\users\ferry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ferry\appdata\roaming\spotify\spotify.exe
        FirewallRules: [UDP Query User{152A6B73-AC69-4B86-9D19-B52FB30D65F6}C:\users\ferry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ferry\appdata\roaming\spotify\spotify.exe
        FirewallRules: [{68B299F9-2F71-426B-8CCB-27D6F6394274}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
        FirewallRules: [{E5A56F12-BC6A-426D-AF7C-834648968A10}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
        FirewallRules: [{FFF30C8F-B0F0-45BB-BF2E-48B79C85E5C5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
        FirewallRules: [{4C0F855D-BF32-43B3-99AD-08549786937C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
        FirewallRules: [TCP Query User{8392DB49-178D-409C-820B-19A9D223B964}C:\users\ferry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ferry\appdata\roaming\spotify\spotify.exe
        FirewallRules: [UDP Query User{CAE28E1B-97A6-4E24-8D97-3C58468FB14E}C:\users\ferry\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ferry\appdata\roaming\spotify\spotify.exe
        FirewallRules: [{4C162416-A704-4E41-BCC0-465548D59F03}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
        FirewallRules: [{E529AC63-1152-4B16-B555-A57FF8B1EE60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
        FirewallRules: [{E394E149-58E0-431C-B404-7E2107171C43}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
        FirewallRules: [{3947DCCE-FC84-4708-B308-2923FF4CAFB0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
        FirewallRules: [{AD3F6F41-737C-46BB-A8CB-99CB4DFF4010}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
        FirewallRules: [{5531E76D-72B9-4979-9993-EE5799920150}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

        ==================== Herstelpunten =========================

        17-05-2017 05:31:18 Windows Update
        23-05-2017 18:08:11 Windows Update
        31-05-2017 17:55:27 Windows Update

        ==================== Defecte Apparaatbeheer Apparaten =============

        Name:
        Description:
        Class Guid:
        Manufacturer:
        Service:
        Problem: : The drivers for this device are not installed. (Code 28)
        Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

        Name: H5321 gw Mobile Broadband Geolocation Sensor
        Description: H5321 gw Mobile Broadband Geolocation Sensor
        Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
        Manufacturer: Ericsson AB
        Service: WUDFRd
        Problem: : Windows has stopped this device because it has reported problems. (Code 43)
        Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


        ==================== Eventlog fouten: =========================

        Applicatiefouten:
        ==================
        Error: (06/02/2017 11:15:26 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Naam van toepassing met fout: AutoKMS.exe, versie: 2.5.3.0, tijdstempel: 0x54c2b458
        Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.1198, tijdstempel: 0x590284f3
        Uitzonderingscode: 0xe0434352
        Foutmarge: 0x000c2502
        Id van proces met fout: 0x3c0
        Starttijd van toepassing met fout: 0x01d2dbe557f1314f
        Pad naar toepassing met fout: C:\Windows\AutoKMS\AutoKMS.exe
        Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll
        Rapport-id: 7a457d64-f295-4142-ba4f-73baba9bfaef
        Volledige pakketnaam met fout:
        Relatieve toepassings-id van pakket met fout:

        Error: (06/02/2017 11:15:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
        Description: Toepassing: AutoKMS.exe
        Framework-versie: v4.0.30319
        Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
        Uitzonderingsinformatie: System.IO.FileNotFoundException
        bij Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
        bij Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij .+.()
        bij ..(System.String)
        bij ..()
        bij ..()
        bij ..(.)
        bij ..(.)
        bij ..()

        Error: (06/02/2017 05:26:03 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
        Description: Event-ID 0

        Error: (06/02/2017 05:23:14 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Naam van toepassing met fout: AutoKMS.exe, versie: 2.5.3.0, tijdstempel: 0x54c2b458
        Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.1198, tijdstempel: 0x590284f3
        Uitzonderingscode: 0xe0434352
        Foutmarge: 0x000c2502
        Id van proces met fout: 0x152c
        Starttijd van toepassing met fout: 0x01d2dbb425f27cd8
        Pad naar toepassing met fout: C:\Windows\AutoKMS\AutoKMS.exe
        Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll
        Rapport-id: 063c0451-2f56-4db9-a361-d0ed6a8054f9
        Volledige pakketnaam met fout:
        Relatieve toepassings-id van pakket met fout:

        Error: (06/02/2017 05:23:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
        Description: Toepassing: AutoKMS.exe
        Framework-versie: v4.0.30319
        Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
        Uitzonderingsinformatie: System.IO.FileNotFoundException
        bij Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
        bij Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij .+.()
        bij ..(System.String)
        bij ..()
        bij ..()
        bij ..(.)
        bij ..(.)
        bij ..()

        Error: (06/02/2017 06:20:39 AM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Naam van toepassing met fout: AutoKMS.exe, versie: 2.5.3.0, tijdstempel: 0x54c2b458
        Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.1198, tijdstempel: 0x590284f3
        Uitzonderingscode: 0xe0434352
        Foutmarge: 0x000c2502
        Id van proces met fout: 0x2be8
        Starttijd van toepassing met fout: 0x01d2db57967a0219
        Pad naar toepassing met fout: C:\Windows\AutoKMS\AutoKMS.exe
        Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll
        Rapport-id: a024d521-117b-406a-84cc-298d4d2f9433
        Volledige pakketnaam met fout:
        Relatieve toepassings-id van pakket met fout:

        Error: (06/02/2017 06:20:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
        Description: Toepassing: AutoKMS.exe
        Framework-versie: v4.0.30319
        Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
        Uitzonderingsinformatie: System.IO.FileNotFoundException
        bij Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
        bij Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij .+.()
        bij ..(System.String)
        bij ..()
        bij ..()
        bij ..(.)
        bij ..(.)
        bij ..()

        Error: (06/01/2017 09:28:38 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Naam van toepassing met fout: AutoKMS.exe, versie: 2.5.3.0, tijdstempel: 0x54c2b458
        Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.1198, tijdstempel: 0x590284f3
        Uitzonderingscode: 0xe0434352
        Foutmarge: 0x000c2502
        Id van proces met fout: 0x108c
        Starttijd van toepassing met fout: 0x01d2db0d425eb6a0
        Pad naar toepassing met fout: C:\Windows\AutoKMS\AutoKMS.exe
        Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll
        Rapport-id: 638e91bd-166a-4f15-b205-cfa8bb1e821c
        Volledige pakketnaam met fout:
        Relatieve toepassings-id van pakket met fout:

        Error: (06/01/2017 09:28:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
        Description: Toepassing: AutoKMS.exe
        Framework-versie: v4.0.30319
        Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering.
        Uitzonderingsinformatie: System.IO.FileNotFoundException
        bij Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask.()
        bij Microsoft.Win32.TaskScheduler.Task.GetV2Definition(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij Microsoft.Win32.TaskScheduler.Task.CreateTask(Microsoft.Win32.TaskScheduler.TaskService, Microsoft.Win32.TaskScheduler.V2Interop.IRegisteredTask, Boolean)
        bij .+.()
        bij ..(System.String)
        bij ..()
        bij ..()
        bij ..(.)
        bij ..(.)
        bij ..()

        Error: (06/01/2017 07:39:53 PM) (Source: Application Error) (EventID: 1000) (User: )
        Description: Naam van toepassing met fout: AutoKMS.exe, versie: 2.5.3.0, tijdstempel: 0x54c2b458
        Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.1198, tijdstempel: 0x590284f3
        Uitzonderingscode: 0xe0434352
        Foutmarge: 0x000c2502
        Id van proces met fout: 0x754
        Starttijd van toepassing met fout: 0x01d2dafe050ffc6c
        Pad naar toepassing met fout: C:\Windows\AutoKMS\AutoKMS.exe
        Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll
        Rapport-id: 60c299ce-3785-4d5b-b020-730222d029a5
        Volledige pakketnaam met fout:
        Relatieve toepassings-id van pakket met fout:


        Systeemfouten:
        =============
        Error: (06/02/2017 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
        en APPID
        {F72671A9-012C-4725-9D2F-2A4D32D65169}
        aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 05:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 05:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 05:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 05:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
        en APPID
        {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
        aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

        Error: (06/02/2017 05:23:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
        Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
        {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
        en APPID
        {F72671A9-012C-4725-9D2F-2A4D32D65169}
        aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


        CodeIntegrity:
        ===================================
        Date: 2017-06-01 19:11:25.731
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvltwu.inf_x86_624ca97587448b36\ nvinit.dll that did not meet the Custom 3 / Antimalware signing level requirements.

        Date: 2017-06-01 19:11:24.979
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

        Date: 2017-05-14 10:03:42.907
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvltwu.inf_x86_624ca97587448b36\ nvinit.dll that did not meet the Custom 3 / Antimalware signing level requirements.

        Date: 2017-05-14 10:03:42.478
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

        Date: 2017-05-10 17:53:55.899
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Micros oft.StdFormat.dll that did not meet the Microsoft signing level requirements.

        Date: 2017-05-10 17:53:55.870
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

        Date: 2017-05-10 17:53:55.845
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

        Date: 2017-05-10 17:53:55.790
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Micros oft.StdFormat.dll that did not meet the Microsoft signing level requirements.

        Date: 2017-05-10 17:53:55.771
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

        Date: 2017-05-10 17:53:55.754
        Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


        ==================== Geheugen info ===========================

        Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
        Percentage geheugen in gebruik: 58%
        Totaal fysiek RAM-geheugen: 2794.79 MB
        Beschikbaar fysiek RAM-geheugen: 1163.82 MB
        Totaal Virtueel geheugen: 5610.79 MB
        Beschikbaar Virtual geheugen: 3758.69 MB

        ==================== Schijven ================================

        Drive c: () (Fixed) (Total:167.13 GB) (Free:111.57 GB) NTFS

        ==================== MBR & Partitietabel ==================

        ========================================================
        Disk: 0 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: 2AEE579F)
        Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
        Partition 2: (Not Active) - (Size=167.1 GB) - (Type=07 NTFS)
        Partition 3: (Not Active) - (Size=464 MB) - (Type=27)

        ==================== Eind van Addition.txt ============================

        Comment


        • #5
          Start de Farbar Recovery Scan Tool nogmaals.
          • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
          • Dubbelklik op FRST.exe om de tool te starten.
          • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
          • Druk op de Fix knop
          • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
          • Voeg dit logbestand als bijlage toe aan het volgende bericht..
          Bijgevoegde Bestanden

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Hallo Juisterr,

            Bij deze....(alvast bedankt voor je tijd !!)

            Fix resultaat van Farbar Recovery Scan Tool (x86) Versie: 05-06-2017
            Gestart door Ferry (06-06-2017 17:14:06) Run:1
            Gestart vanaf C:\Users\Ferry\Desktop
            Geladen Profielen: Ferry (Beschikbare Profielen: Ferry)
            Boot Modus: Normal

            ==============================================

            fixlist Inhoud:
            *****************
            start
            CreateRestorePoint:
            Task: {51B700C6-BAAF-486B-935D-75AB528C376A} - \6idESTo7HH -> Geen bestand <==== AANDACHT
            Task: {6DB77865-A976-4D48-A796-E946C92D62A5} - System32\Tasks\{87370853-309C-BFF8-F851-A7395A5826AA} => C:\ProgramData\{46A4519D-F10F-E636-4BA8-CB6521A289A4}\013A0126-B691-B68D-3189-0C09EEA4E6A3.exe <==== AANDACHT
            Task: {90E33663-9921-43FD-9504-8A831224A714} - \TXSdeSoncR -> Geen bestand <==== AANDACHT
            Task: {A7077B34-AA37-4B0D-A1ED-25B28057C8FF} - \{04050B47-7D0D-7D0A-0B11-0D0D7A7A117E} -> Geen bestand <==== AANDACHT
            Task: {C941FA16-F148-4DEC-806F-A98EF5AEDF42} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT
            Task: {DCB95B7B-ECBE-437E-9D52-ADE6B1D9133D} - System32\Tasks\{7981A6A7-11FF-B1AD-A695-F71D648FD464} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\d61181ac\e7360d81.dll" <==== AANDACHT
            Task: {FA76B700-AA7E-40F0-A2EA-10B6B30D490B} - \Microsoft\Windows\DeviceSettings\Cnerle -> Geen bestand <==== AANDACHT


            Hosts:
            EmptyTemp:
            end

            *****************

            Herstelpunt is succesvol gemaakt.
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51B700C6-BAAF-486B-935D-75AB528C376A} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B700C6-BAAF-486B-935D-75AB528C376A} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6idESTo7HH => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DB77865-A976-4D48-A796-E946C92D62A5} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DB77865-A976-4D48-A796-E946C92D62A5} => sleutel is succesvol verwijderd
            C:\Windows\System32\Tasks\{87370853-309C-BFF8-F851-A7395A5826AA} => is succesvol verplaatst
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87370853-309C-BFF8-F851-A7395A5826AA} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90E33663-9921-43FD-9504-8A831224A714} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90E33663-9921-43FD-9504-8A831224A714} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TXSdeSoncR => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7077B34-AA37-4B0D-A1ED-25B28057C8FF} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7077B34-AA37-4B0D-A1ED-25B28057C8FF} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04050B47-7D0D-7D0A-0B11-0D0D7A7A117E} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C941FA16-F148-4DEC-806F-A98EF5AEDF42} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C941FA16-F148-4DEC-806F-A98EF5AEDF42} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCB95B7B-ECBE-437E-9D52-ADE6B1D9133D} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCB95B7B-ECBE-437E-9D52-ADE6B1D9133D} => sleutel is succesvol verwijderd
            C:\Windows\System32\Tasks\{7981A6A7-11FF-B1AD-A695-F71D648FD464} => is succesvol verplaatst
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7981A6A7-11FF-B1AD-A695-F71D648FD464} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA76B700-AA7E-40F0-A2EA-10B6B30D490B} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA76B700-AA7E-40F0-A2EA-10B6B30D490B} => sleutel is succesvol verwijderd
            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DeviceSettings\Cnerle => sleutel is succesvol verwijderd
            C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst
            Hosts met succes hersteld.

            =========== EmptyTemp: ==========

            BITS transfer queue => 102736 B
            DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52193134 B
            Java, Flash, Steam htmlcache => 506 B
            Windows/system/drivers => 55082231 B
            Edge => 111896 B
            Chrome => 566606 B
            Firefox => 0 B
            Opera => 0 B

            Temp, IE cache, history, cookies, recent:
            Default => 0 B
            Users => 0 B
            ProgramData => 0 B
            Public => 0 B
            systemprofile => 0 B
            LocalService => 0 B
            NetworkService => 172212 B
            Ferry => 207945040 B

            RecycleBin => 0 B
            EmptyTemp: => 301.5 MB tijdelijke gegevens verwijderd.

            ================================


            Het systeem moest herstart worden.

            ==== Eind van Fixlog 17:14:28 ====

            grtz,
            Bintang

            Comment


            • #7
              Gaat het al beter nu?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Hoi Juisterr,

                In 1ste instantie had ik mijn Microsoft Edge nog in de 'stress'. Startte nog spontaan op en wou naar bepaalde sites.
                Na jouw laatste advies was dit er nog en een laaste scan met Malware en het verwijderen van enkele mappen onder Program Files zorgde er voor dat ik (volgens mij) er een normale Edge heb.

                Dank voor jouw tijd !!!

                grtz,
                Ferry

                ps. moet ik de melding nu zelf gaan sluiten ?

                Comment


                • #9
                  Als er verder geen problemen zijn gaan we afronden.

                  * De gebruikte tools en logbestanden opruimen.
                  Download "Delfix by Xplode" hier of hier.

                  Start de tool middels dubbelklik.
                  Zet nu vinkjes voor de volgende items:
                  • Remove disinfection tools
                  • Create registry backup

                  Klik op Run en wacht geduldig tot de tool gereed is.
                  De tool maakt een logbestand. Dit hoeft u niet te plaatsen.

                  * Pas op bij het downloaden en installeren van programma's.
                  Bestanden downloaden via de website 'softonic.com' en 'cnet.com' kan je beter vermijden aangezien deze vaak voorzien zijn van extra ongewenste software.
                  Tijdens het installeren van programma's goed opletten of er extra, onnodige software meegeïnstalleerd wordt, zoals toolbars, extensies, plug-ins of browsers.
                  Deze extra software staat standaard aangevinkt en kan je zonder problemen uitvinken.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Juisterr,

                    Hartelijk dank voor jouw hulp en tips !!!!

                    grtz,
                    Bintang

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X