Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found some infections


  • This topic is locked This topic is locked
9 replies to this topic

#1 Markimoo

Markimoo

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 25 February 2016 - 05:52 AM

Hi,

 

I runned a scan using Malwarebytes' Anti-Malware and I've found "some" infections so I want to see if a expert can help me clean up my system.

The scan of Malwarebytes' Anti-Malware is currently running. I'll post the log when the scan is ready.

 

FRST.txt

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:24-02-2016

Gestart door sirma (Beheerder) op DESKTOP-T86NBD9 (25-02-2016 11:45:40)
Gestart vanaf C:\Users\sirma\Downloads
Geladen Profielen: sirma &  (Beschikbare Profielen: sirma & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2guard.exe
() C:\Program Files (x86)\puush\puush.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-12-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-10-24] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-25] (NVIDIA Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft internet security\a2guard.exe [9235928 2016-01-27] (Emsisoft Ltd)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [465544 2016-02-10] (Power Software Ltd)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-12-16] ()
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [Spotify] => C:\Users\sirma\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [Spotify Web Helper] => C:\Users\sirma\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-12-16] ()
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\sirma\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\sirma\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-02-20]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-02-20]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-02-22]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{907dfed1-8af3-4b5e-b9b7-d07be0225be3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{907dfed1-8af3-4b5e-b9b7-d07be0225be3}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{f7f870c2-5f27-48c2-9261-b2c7e6df4a7b}: [DhcpNameServer] 192.168.2.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-20] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-20] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-20] (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-20] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1450523819219
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\sirma\AppData\Roaming\Mozilla\Firefox\Profiles\opuwi1j4.default
FF Homepage: hxxps://www.facebook.com
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-20] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-20] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: LastPass - C:\Users\sirma\AppData\Roaming\Mozilla\Firefox\Profiles\opuwi1j4.default\Extensions\support@lastpass.com [2016-02-20]
FF Extension: Adblock Plus - C:\Users\sirma\AppData\Roaming\Mozilla\Firefox\Profiles\opuwi1j4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.nl/
CHR StartupUrls: Default -> "hxxps://www.google.nl/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16]
CHR Extension: (CookiesOK) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni [2016-02-20]
CHR Extension: (Google Documenten) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Google Drive) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (Turn Off the Lights) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-02-10]
CHR Extension: (IM+) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdplllgoohfmnpnbplklnkegbffnheo [2015-12-16]
CHR Extension: (Brushed) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-12-16]
CHR Extension: (ColorZilla) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-12-16]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-02-23]
CHR Extension: (YouTube) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Adblock Plus) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-23]
CHR Extension: (Google Search) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-12-16]
CHR Extension: (Dropbox voor Gmail) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-16]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-12-16]
CHR Extension: (Google Spreadsheets) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-02-25]
CHR Extension: (Offline Documenten) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-24]
CHR Extension: (WhatFont) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-12-16]
CHR Extension: (lipsum.com extension) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkggolejkaoanbjnmkakgjcdcnpfkgi [2016-02-15]
CHR Extension: (Turn Off the Lights) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2015-12-16]
CHR Extension: (Facebook AdBlock) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2015-12-16]
CHR Extension: (Bing2Google) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgoehlfmhfafaiepckjikpphoklijedl [2015-12-16]
CHR Extension: (Facebook Most Recent Default) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekfocplekjmdnfnjkjnipgenjcgemmb [2015-12-16]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
CHR Extension: (Click&Clean App) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-01-30]
CHR Extension: (Gmail) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (OMG! Ubuntu!) - C:\Users\sirma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoodaljflkhbojjaiibgnlindbhebme [2015-12-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Internet Security\a2service.exe [10963864 2016-01-27] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-12-19] (ELAN Microelectronics Corp.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [394752 2016-02-02] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-25] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373728 2016-02-18] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2016-02-02] (Microsoft Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3125728 2016-02-11] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MySQL56; C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld.exe [13061632 2015-07-15] () [Bestand niet getekend]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-25] (NVIDIA Corporation)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966288 2014-10-22] (@ByELDI) [Bestand niet getekend]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2015-12-24] (RaMMicHaeL)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2016-02-02] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-12-19] (Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys [124080 2016-02-24] (Emsisoft Ltd)
S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [56704 2016-02-25] (Malwarebytes)
R1 FWNDIS_LWF; C:\Windows\system32\DRIVERS\fwndislwf64.sys [312064 2015-12-07] ()
R1 fwwfp; C:\Program Files\Emsisoft Internet Security\fwwfp764.sys [564896 2015-12-07] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-19] (REALiX™)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-02-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-19] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-19] (Synaptics Incorporated)
S3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics)
R3 t_mouse.sys; C:\Windows\System32\drivers\t_mouse.sys [6144 2015-10-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-02-25 11:45 - 2016-02-25 11:45 - 02371072 _____ (Farbar) C:\Users\sirma\Downloads\FRST64.exe
2016-02-25 11:45 - 2016-02-25 11:45 - 00034267 _____ C:\Users\sirma\Downloads\FRST.txt
2016-02-25 11:45 - 2016-02-25 11:45 - 00000000 ____D C:\FRST
2016-02-25 11:28 - 2016-02-25 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-25 11:28 - 2016-02-25 11:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-25 11:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-25 11:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-25 11:27 - 2016-02-25 11:27 - 22908888 _____ (Malwarebytes ) C:\Users\sirma\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-24 13:31 - 2016-02-24 13:31 - 19643222 _____ C:\Users\sirma\Downloads\tweaking.com_windows_repair_aio.zip
2016-02-24 12:06 - 2016-02-24 12:06 - 00034919 _____ C:\Users\sirma\Downloads\Gypsum Project.xlsx
2016-02-23 20:16 - 2016-02-23 20:16 - 00000000 ___HD C:\$Windows.~WS
2016-02-23 20:15 - 2016-02-23 20:15 - 18446672 _____ (Microsoft Corporation) C:\Users\sirma\Downloads\MediaCreationTool.exe
2016-02-23 18:52 - 2016-02-23 18:51 - 00010212 _____ C:\Users\sirma\Desktop\Testing.bat
2016-02-23 18:49 - 2016-02-23 18:49 - 00000032 _____ C:\Users\sirma\Downloads\null
2016-02-23 18:47 - 2016-02-23 18:47 - 00062464 _____ C:\Users\sirma\Downloads\Testing.exe
2016-02-23 18:43 - 2016-02-23 18:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-T86NBD9-Windows-10-Pro-(64-bit).dat
2016-02-23 18:43 - 2016-02-23 18:43 - 00000000 ____D C:\RegBackup
2016-02-23 18:42 - 2016-02-23 18:42 - 00000000 ____D C:\Users\sirma\Downloads\tweaking.com_windows_repair_aio
2016-02-23 18:13 - 2016-02-24 12:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-23 18:12 - 2016-02-23 19:32 - 00000000 ____D C:\Users\sirma\Desktop\mbar
2016-02-23 18:12 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-23 18:11 - 2016-02-23 18:12 - 16563352 _____ (Malwarebytes Corp.) C:\Users\sirma\Downloads\mbar-1.09.3.1001.exe
2016-02-23 11:10 - 2016-02-23 11:14 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2016-02-23 11:10 - 2016-02-23 11:10 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2016-02-22 12:11 - 2016-02-25 11:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-22 12:11 - 2016-02-25 10:50 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-22 12:11 - 2016-02-25 10:50 - 00056704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-02-22 12:11 - 2016-02-22 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-02-22 12:11 - 2016-02-22 12:11 - 00000000 ____D C:\Program Files\Malwarebytes
2016-02-22 11:00 - 2016-02-23 20:20 - 00008766 _____ C:\WINDOWS\diagwrn.xml
2016-02-22 11:00 - 2016-02-23 20:20 - 00005028 _____ C:\WINDOWS\diagerr.xml
2016-02-22 10:56 - 2016-02-22 10:56 - 00000000 ____D C:\$WINDOWS.~BT
2016-02-21 13:47 - 2016-02-21 13:47 - 00000000 ____D C:\Users\sirma\AppData\Roaming\PowerISO
2016-02-21 13:41 - 2016-02-21 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-02-21 13:41 - 2016-02-21 13:41 - 00000000 ____D C:\Program Files\PowerISO
2016-02-21 13:41 - 2016-02-10 14:21 - 00137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2016-02-21 13:25 - 2016-02-21 13:27 - 00000000 ____D C:\Users\sirma\Desktop\USB
2016-02-21 10:55 - 2016-02-21 10:55 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-02-21 10:55 - 2016-02-21 10:55 - 00000000 ____D C:\Users\sirma\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-02-20 15:07 - 2016-02-21 11:43 - 00000000 ____D C:\Users\sirma\AppData\LocalLow\LastPass
2016-02-20 15:07 - 2016-02-20 15:07 - 00001156 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2016-02-20 15:07 - 2016-02-20 15:07 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2016-02-20 15:07 - 2016-02-20 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-02-20 15:06 - 2016-02-20 15:07 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-02-19 15:35 - 2016-02-19 15:35 - 00000568 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-02-19 15:35 - 2016-02-19 15:35 - 00000486 _____ C:\WINDOWS\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2016-02-19 15:33 - 2016-02-19 15:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-02-19 13:01 - 2016-02-19 13:01 - 00000000 ____D C:\Users\sirma\AppData\Local\Jagex
2016-02-19 13:01 - 2016-02-19 13:01 - 00000000 ____D C:\ProgramData\Jagex
2016-02-19 13:00 - 2016-02-19 13:00 - 00000177 _____ C:\Users\sirma\Desktop\RuneScape Launcher.url
2016-02-19 13:00 - 2016-02-19 13:00 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagex
2016-02-19 13:00 - 2016-02-19 13:00 - 00000000 ____D C:\Program Files\Jagex
2016-02-18 22:41 - 2016-02-18 22:41 - 39821448 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 15461320 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 13455904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 04133376 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 04047896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 01889112 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 01816728 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 01814064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 01461848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00435096 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00433968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00381936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00379800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00312816 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00297176 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00242168 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00222744 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00205360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00181328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2016-02-18 22:41 - 2016-02-18 22:41 - 00055256 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 29101576 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 19861520 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 11678216 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 08678408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 05685768 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 05262856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 04656136 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 04179984 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 03970064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 01576968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 01167888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 01027040 _____ C:\WINDOWS\system32\igfxSDK.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00964576 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00960992 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00632840 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00622048 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00536544 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00466912 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00439304 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00416272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00390160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00388616 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00350192 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00318472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00301536 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00273416 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-02-18 22:39 - 2016-02-18 22:39 - 00266248 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00255504 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00237024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00232416 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00231904 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00225288 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00206864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4380.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00193032 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00175072 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2016-02-18 22:39 - 2016-02-18 22:39 - 00173064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00111632 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00103440 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00100880 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00095248 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00084488 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00052744 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00029192 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00029192 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00027664 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00027664 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00022544 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2016-02-18 22:39 - 2016-02-18 22:39 - 00022544 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2016-02-15 18:42 - 2016-02-15 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v12 - Professional Demo
2016-02-15 18:41 - 2016-02-15 18:42 - 00000000 ____D C:\Program Files (x86)\WebSite X5 v12 - Professional Demo
2016-02-15 18:19 - 2016-02-15 18:19 - 00000000 ____D C:\Users\sirma\Documents\Incomedia
2016-02-15 18:14 - 2016-02-15 18:39 - 00000000 ____D C:\Users\sirma\AppData\Local\Incomedia
2016-02-15 13:36 - 2016-02-15 13:36 - 00000132 _____ C:\Users\sirma\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-02-15 13:28 - 2016-02-21 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-15 12:29 - 2016-02-15 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-02-15 12:28 - 2016-02-15 12:46 - 00000000 ____D C:\Program Files\Adobe
2016-02-15 12:27 - 2016-02-15 12:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-14 19:15 - 2016-02-14 19:15 - 00000000 _____ C:\WINDOWS\system32\cd
2016-02-14 19:11 - 2016-02-14 19:11 - 00000000 ____D C:\Users\sirma\Documents\Navicat
2016-02-14 17:40 - 2016-02-14 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2016-02-14 17:40 - 2016-02-14 17:40 - 00000000 ____D C:\Program Files (x86)\PremiumSoft
2016-02-14 17:40 - 2009-07-10 12:43 - 01589248 _____ C:\WINDOWS\SysWOW64\libmysql_d.dll
2016-02-14 17:22 - 2016-02-14 17:22 - 00000000 ____D C:\Program Files\runphp
2016-02-14 17:22 - 2016-02-14 17:22 - 00000000 ____D C:\Program Files (x86)\PHP
2016-02-14 17:12 - 2016-02-15 15:30 - 00000000 ____D C:\Users\sirma\Documents\Site zonder naam 2
2016-02-14 17:04 - 2016-02-14 17:04 - 00003670 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sir.mark1994@gmail.com
2016-02-14 17:01 - 2016-02-14 17:01 - 00000000 ____D C:\Users\sirma\AppData\Roaming\PDAppFlex
2016-02-14 17:01 - 2016-02-14 17:01 - 00000000 ____D C:\Users\sirma\AppData\LocalLow\Adobe
2016-02-14 16:59 - 2016-02-15 12:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-14 16:59 - 2016-02-14 16:59 - 00001312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
2016-02-14 16:58 - 2016-02-14 16:58 - 00001604 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-02-14 16:58 - 2016-02-14 16:58 - 00001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-02-14 16:57 - 2016-02-15 12:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-14 16:57 - 2016-02-14 16:57 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-02-14 16:57 - 2016-02-14 16:57 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-14 16:57 - 2016-02-14 16:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-14 16:57 - 2016-02-14 16:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-14 16:50 - 2016-02-16 11:04 - 00000000 ____D C:\ProgramData\Adobe
2016-02-14 16:49 - 2016-02-24 10:53 - 00000000 ____D C:\Users\sirma\AppData\Local\Adobe
2016-02-14 16:35 - 2016-02-14 16:36 - 00000000 ____D C:\Users\sirma\Documents\Visual Studio 2015
2016-02-14 16:30 - 2016-02-14 16:30 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-02-14 14:57 - 2016-02-14 14:57 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-02-14 14:57 - 2016-02-14 14:57 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-02-14 14:57 - 2016-02-14 14:57 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-02-14 14:57 - 2016-02-14 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-02-14 14:56 - 2016-02-14 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-02-14 14:54 - 2016-02-14 14:54 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-02-14 14:54 - 2016-02-14 14:54 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-02-14 14:50 - 2016-02-14 14:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-02-14 14:49 - 2016-02-14 17:25 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-02-14 14:49 - 2016-02-14 14:49 - 00000000 ____D C:\Program Files\IIS Express
2016-02-14 14:48 - 2016-02-14 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-02-14 14:47 - 2016-02-14 14:47 - 00000000 ____D C:\ProgramData\NuGet
2016-02-14 14:47 - 2016-02-14 14:47 - 00000000 ____D C:\Program Files\IIS
2016-02-14 14:47 - 2016-02-14 14:47 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-02-14 14:47 - 2016-02-14 14:47 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-02-14 14:47 - 2016-02-14 14:47 - 00000000 ____D C:\Program Files (x86)\IIS
2016-02-14 14:46 - 2016-02-14 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-02-14 14:45 - 2016-02-14 14:45 - 00001506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-02-14 14:45 - 2016-02-14 14:45 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-02-14 14:45 - 2016-02-14 14:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-02-14 14:44 - 2016-02-14 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-02-14 14:43 - 2016-02-14 14:43 - 00000000 ____D C:\WINDOWS\symbols
2016-02-14 14:43 - 2016-02-14 14:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-02-14 14:42 - 2015-10-29 19:26 - 02470912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-02-14 14:41 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2016-02-14 14:41 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2016-02-14 14:41 - 2015-10-29 19:41 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-02-14 14:41 - 2015-10-29 19:40 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-02-14 14:41 - 2015-10-29 19:38 - 00369152 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2016-02-14 14:41 - 2015-10-29 19:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-02-14 14:41 - 2015-10-29 19:37 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2016-02-14 14:41 - 2015-10-29 19:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2016-02-14 14:41 - 2015-10-29 19:36 - 00349184 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2016-02-14 14:41 - 2015-10-29 19:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-02-14 14:41 - 2015-10-29 19:35 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2016-02-14 14:41 - 2015-10-29 19:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2016-02-14 14:41 - 2015-10-29 19:34 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2016-02-14 14:41 - 2015-10-29 19:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-02-14 14:41 - 2015-10-29 19:32 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-02-14 14:41 - 2015-10-29 19:31 - 00727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-02-14 14:41 - 2015-10-29 19:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2016-02-14 14:41 - 2015-10-29 19:31 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-02-14 14:41 - 2015-10-29 19:31 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2016-02-14 14:41 - 2015-10-29 19:30 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-02-14 14:41 - 2015-10-29 19:30 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2016-02-14 14:41 - 2015-10-29 19:29 - 05667840 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2016-02-14 14:41 - 2015-10-29 19:29 - 05562368 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-02-14 14:41 - 2015-10-29 19:29 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-02-14 14:41 - 2015-10-29 19:29 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2016-02-14 14:41 - 2015-10-29 19:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2016-02-14 14:41 - 2015-10-29 19:28 - 03292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-02-14 14:41 - 2015-10-29 19:28 - 00763904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2016-02-14 14:41 - 2015-10-29 19:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2016-02-14 14:41 - 2015-10-29 19:27 - 04533760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2016-02-14 14:41 - 2015-10-29 19:27 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2016-02-14 14:41 - 2015-10-29 19:27 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2016-02-14 14:41 - 2015-10-29 19:25 - 04445696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2016-02-14 14:41 - 2015-10-29 19:24 - 08574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-02-14 14:41 - 2015-10-29 19:22 - 06584320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2016-02-14 14:41 - 2015-10-29 19:13 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-02-14 14:41 - 2015-10-29 19:12 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2016-02-14 14:41 - 2015-10-29 19:11 - 01064960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2016-02-14 14:41 - 2015-10-29 19:11 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-02-14 14:40 - 2016-02-14 14:57 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-02-14 14:40 - 2016-02-14 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-02-14 14:40 - 2016-02-14 14:45 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-02-14 14:40 - 2016-02-14 14:40 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-02-14 14:37 - 2016-02-14 14:41 - 00000000 ____D C:\WINDOWS\system32\1033
2016-02-14 14:36 - 2016-02-14 14:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-02-14 14:36 - 2016-02-14 14:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2016-02-14 14:35 - 2016-02-14 16:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-02-14 14:35 - 2016-02-14 14:43 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-02-14 14:32 - 2016-02-14 14:32 - 00002185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2016-02-14 14:23 - 2016-02-14 17:35 - 00000000 ____D C:\Program Files\PHP Manager 1.4 for IIS 10
2016-02-14 14:22 - 2016-02-23 19:32 - 00000000 ____D C:\Users\sirma\Desktop\Project Mark en Bartos
2016-02-13 15:29 - 2016-02-13 15:29 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Sjablonen
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Netwerkprinteromgeving
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Mijn documenten
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Start
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mijn video's
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mijn muziek
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mijn afbeeldingen
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Geschiedenis
2016-02-13 15:29 - 2016-02-13 15:29 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-13 15:29 - 2015-12-16 16:56 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-02-12 14:57 - 2016-02-12 14:57 - 00000000 ____D C:\Users\sirma\AppData\LocalLow\RageSquid
2016-02-11 04:03 - 2016-02-11 04:03 - 00004826 _____ C:\WINDOWS\system32\iglhxs64.vp
2016-02-11 04:02 - 2016-02-11 04:02 - 05799386 _____ C:\WINDOWS\system32\igdclbif.bin
2016-02-11 04:02 - 2016-02-11 04:02 - 00029210 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2016-02-09 20:30 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 20:29 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 20:29 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 20:29 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 20:29 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 20:29 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 20:29 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 20:29 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 20:29 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 20:29 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 20:29 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 20:29 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 20:29 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 20:29 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 20:29 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 20:29 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 20:29 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 20:29 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 20:29 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 20:29 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 20:29 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 20:29 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 20:29 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 20:29 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 20:29 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 20:29 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 20:29 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 20:29 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 20:29 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 20:29 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 20:29 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 20:29 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 20:29 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 20:29 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 20:29 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 20:29 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 20:29 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 20:29 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 20:29 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 20:29 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 20:29 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 20:29 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 20:29 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 20:29 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 20:29 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 20:29 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 20:29 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 20:29 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 20:29 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 20:29 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 20:29 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 20:29 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 20:29 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 20:29 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 20:29 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 20:29 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 20:29 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 20:29 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 20:29 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 20:29 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 20:29 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 20:29 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 20:29 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 20:29 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 20:29 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-07 20:40 - 2016-02-07 20:40 - 00000000 ____D C:\Users\sirma\AppData\LocalLow\Oracle
2016-02-04 14:30 - 2016-02-24 14:35 - 00000000 ____D C:\Users\sirma\AppData\Local\CrashDumps
2016-02-02 18:05 - 2016-02-02 18:07 - 00000000 ____D C:\Users\sirma\AppData\Local\paint.net
2016-02-02 18:05 - 2016-02-02 18:05 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-02 18:05 - 2016-02-02 18:05 - 00000000 ____D C:\Program Files\paint.net
2016-02-02 16:50 - 2016-02-06 10:58 - 00000000 ____D C:\Users\sirma\AppData\Roaming\discord
2016-02-02 16:50 - 2016-02-02 16:51 - 00000000 ____D C:\Users\sirma\AppData\Local\SquirrelTemp
2016-02-02 16:50 - 2016-02-02 16:50 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-02-02 16:50 - 2016-02-02 16:50 - 00000000 ____D C:\Users\sirma\AppData\Local\Discord
2016-02-02 16:43 - 2016-02-14 19:49 - 00000000 ____D C:\TCA
2016-02-02 16:42 - 2016-02-02 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-02-02 16:42 - 2016-02-02 16:42 - 00000000 ____D C:\Program Files\WinHTTrack
2016-02-02 15:58 - 2016-02-24 12:09 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Oracle
2016-02-02 15:58 - 2016-02-02 15:58 - 00003774 _____ C:\WINDOWS\System32\Tasks\MySQLNotifierTask
2016-02-02 15:58 - 2016-02-02 15:58 - 00000469 _____ C:\WINDOWS\ODBCINST.INI
2016-02-02 15:57 - 2016-02-02 15:58 - 00000000 ____D C:\Program Files\MySQL
2016-02-02 15:55 - 2016-02-14 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-02-02 15:55 - 2016-02-14 19:22 - 00000000 ____D C:\Program Files (x86)\MySQL
2016-02-02 15:55 - 2016-02-14 17:28 - 00000000 ____D C:\ProgramData\MySQL
2016-02-02 15:55 - 2016-02-02 15:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2016-02-02 15:54 - 2016-02-02 15:54 - 02095972 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-02 15:54 - 2016-02-02 15:54 - 00000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2016-02-02 15:54 - 2016-02-02 15:54 - 00000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2016-02-02 15:54 - 2016-02-02 15:54 - 00000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2016-02-02 15:54 - 2016-02-02 15:54 - 00000020 ___SH C:\Users\.NET v2.0\ntuser.ini
2016-02-02 15:54 - 2016-02-02 15:54 - 00000020 ___SH C:\Users\.NET v2.0 Classic\ntuser.ini
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Sjablonen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Netwerkprinteromgeving
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Mijn documenten
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Menu Start
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Mijn video's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Mijn muziek
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Mijn afbeeldingen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Local\Geschiedenis
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Sjablonen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Netwerkprinteromgeving
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Mijn documenten
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Menu Start
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Mijn video's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Mijn muziek
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Mijn afbeeldingen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Geschiedenis
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Sjablonen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Netwerkprinteromgeving
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Mijn documenten
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Menu Start
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Mijn video's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Mijn muziek
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Mijn afbeeldingen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Geschiedenis
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Sjablonen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Netwerkprinteromgeving
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Mijn documenten
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Menu Start
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Mijn video's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Mijn muziek
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Mijn afbeeldingen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Local\Geschiedenis
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Sjablonen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Netwerkprinteromgeving
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Mijn documenten
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Menu Start
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Mijn video's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Mijn muziek
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Mijn afbeeldingen
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Local\Geschiedenis
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 ____D C:\Users\.NET v4.5 Classic
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 ____D C:\Users\.NET v4.5
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 ____D C:\Users\.NET v2.0 Classic
2016-02-02 15:54 - 2016-02-02 15:54 - 00000000 ____D C:\Users\.NET v2.0
2016-02-02 15:54 - 2015-12-16 16:56 - 00000000 ____D C:\Users\Classic .NET AppPool\AppData\Local\Microsoft Help
2016-02-02 15:54 - 2015-12-16 16:56 - 00000000 ____D C:\Users\.NET v4.5\AppData\Local\Microsoft Help
2016-02-02 15:54 - 2015-12-16 16:56 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Local\Microsoft Help
2016-02-02 15:54 - 2015-12-16 16:56 - 00000000 ____D C:\Users\.NET v2.0\AppData\Local\Microsoft Help
2016-02-02 15:54 - 2015-12-16 16:56 - 00000000 ____D C:\Users\.NET v2.0 Classic\AppData\Local\Microsoft Help
2016-02-02 15:52 - 2016-02-02 15:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2016-02-02 15:52 - 2016-02-02 15:52 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-02-02 15:52 - 2016-02-02 15:52 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-02-02 15:52 - 2016-02-02 15:52 - 00000000 ____D C:\WINDOWS\system32\0413
2016-02-02 15:52 - 2016-02-02 15:52 - 00000000 ____D C:\inetpub
2016-02-02 15:16 - 2016-02-02 15:16 - 00000000 ____D C:\Users\sirma\AppData\Local\UnrealEngineLauncher
2016-02-02 15:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-02-02 15:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-02-02 15:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-02-02 15:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-02-02 15:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-02-02 15:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-02-02 15:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-02-02 15:16 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-02-02 15:15 - 2016-02-02 15:15 - 00000000 ____D C:\Users\sirma\AppData\Local\UnrealEngine
2016-02-02 15:15 - 2016-02-02 15:15 - 00000000 ____D C:\Users\sirma\AppData\Local\EpicGamesLauncher
2016-02-02 15:14 - 2016-02-02 15:16 - 00000000 ____D C:\ProgramData\Epic
2016-02-02 15:14 - 2016-02-02 15:14 - 00001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-02-02 15:14 - 2016-02-02 15:14 - 00000000 ____D C:\Program Files (x86)\Epic Games
2016-02-02 15:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-02-02 15:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-02-02 11:40 - 2016-02-02 11:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-30 13:15 - 2016-02-17 13:52 - 00000000 ____D C:\Users\sirma\AppData\Roaming\FileZilla
2016-01-30 13:14 - 2016-02-17 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-01-30 13:14 - 2016-02-17 13:31 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-01-28 12:49 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 12:49 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 12:49 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 12:49 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 12:49 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 12:49 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 12:49 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 12:49 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 12:49 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 12:49 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 12:49 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 12:49 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 12:49 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 12:49 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 12:49 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 12:49 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 12:49 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 12:49 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 12:49 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 12:49 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 12:49 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 12:49 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 12:49 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 12:49 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 12:49 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 12:49 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 12:49 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 12:49 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 12:49 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 12:49 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 12:49 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 12:49 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 12:49 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 12:49 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 12:49 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 12:49 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 12:49 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 12:49 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 12:49 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 12:49 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 12:49 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 12:49 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 12:49 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 12:49 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 12:49 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 12:49 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 12:49 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 12:49 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 12:49 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 12:49 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 12:49 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 12:49 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 12:49 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 12:49 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 12:49 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 12:49 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 12:49 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 12:49 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 12:49 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 12:49 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 12:49 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 12:49 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 12:49 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 12:49 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 12:49 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 12:49 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 12:49 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 12:49 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 12:49 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 12:49 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 12:49 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 12:49 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 12:49 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 12:49 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 12:49 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 12:49 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 12:49 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 12:49 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 12:49 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 12:49 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 12:49 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 12:49 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 12:49 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 12:49 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 12:49 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 12:49 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 12:49 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 12:49 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 12:49 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 12:49 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 12:49 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 12:49 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 12:49 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 12:49 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 12:49 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 12:49 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 12:49 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 12:49 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 12:49 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 12:49 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 12:49 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 12:49 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 12:49 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-02-25 11:46 - 2015-12-16 12:37 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2016-02-25 11:37 - 2015-12-16 11:57 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Skype
2016-02-25 11:03 - 2015-12-16 13:44 - 00000024 _____ C:\Users\sirma\random.dat
2016-02-25 11:02 - 2015-12-16 11:52 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-25 10:59 - 2015-12-16 11:10 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-25 10:59 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-25 10:57 - 2016-01-24 11:44 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-02-25 10:53 - 2015-12-16 13:44 - 00000024 _____ C:\Users\sirma\jagexappletviewer.preferences
2016-02-25 10:52 - 2015-12-31 14:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-02-25 10:51 - 2015-12-16 13:44 - 00000044 _____ C:\Users\sirma\jagex_cl_runescape_LIVE.dat
2016-02-25 10:50 - 2015-12-16 13:08 - 00000000 ____D C:\Users\sirma\AppData\Roaming\mIRC
2016-02-25 10:49 - 2015-12-16 11:52 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 10:49 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-25 10:48 - 2016-01-14 15:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-25 10:48 - 2015-12-16 11:47 - 00000000 __SHD C:\Users\sirma\IntelGraphicsProfiles
2016-02-25 10:47 - 2015-12-16 20:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-25 10:46 - 2015-12-16 10:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 13:40 - 2015-12-26 18:43 - 00001037 _____ C:\Users\sirma\Documents\mirc.txt
2016-02-24 11:08 - 2015-12-17 21:26 - 00000045 _____ C:\Users\sirma\jagex_cl_runescape_LIVE1.dat
2016-02-23 20:20 - 2015-12-16 11:18 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-23 16:34 - 2015-12-16 11:47 - 00000000 ____D C:\Users\sirma\AppData\Local\Packages
2016-02-23 14:29 - 2015-12-16 14:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-23 11:10 - 2015-12-16 11:43 - 02161780 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-23 11:10 - 2015-12-16 11:15 - 00939396 _____ C:\WINDOWS\system32\perfh013.dat
2016-02-23 11:10 - 2015-12-16 11:15 - 00208266 _____ C:\WINDOWS\system32\perfc013.dat
2016-02-23 11:10 - 2015-12-16 11:08 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:02 - 2015-12-16 18:59 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-22 11:02 - 2015-12-16 12:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-21 13:44 - 2015-12-16 20:21 - 04958192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-21 13:43 - 2015-12-16 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-21 10:53 - 2016-01-11 19:21 - 00000000 ____D C:\Users\sirma\AppData\Roaming\uTorrent
2016-02-20 12:03 - 2015-12-16 11:52 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 15:35 - 2015-12-16 11:47 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-02-18 22:41 - 2015-09-21 22:37 - 34754944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2016-02-18 22:41 - 2015-07-18 00:34 - 38866088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2016-02-18 22:41 - 2015-07-18 00:34 - 33429160 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2016-02-18 22:41 - 2015-07-18 00:34 - 11839848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2016-02-18 22:41 - 2015-07-18 00:34 - 05054496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2016-02-18 22:41 - 2015-07-10 16:49 - 14552584 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2016-02-18 22:41 - 2015-07-10 16:49 - 06599392 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2016-02-18 22:39 - 2015-12-16 20:25 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-18 22:39 - 2015-10-30 08:18 - 00103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-02-18 22:39 - 2015-09-21 22:35 - 02071056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2016-02-18 22:39 - 2015-09-21 22:35 - 00753680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2016-02-18 22:39 - 2015-09-21 22:35 - 00402912 _____ C:\WINDOWS\system32\igfxTray.exe
2016-02-18 22:39 - 2015-09-21 22:35 - 00387592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2016-02-18 22:39 - 2015-09-21 22:35 - 00373728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2016-02-18 22:39 - 2015-09-21 22:35 - 00354784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2016-02-18 22:39 - 2015-09-21 22:35 - 00269280 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2016-02-18 22:39 - 2015-07-10 16:50 - 07899104 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-02-17 12:02 - 2015-12-16 11:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-15 12:53 - 2015-12-16 11:47 - 00000000 ____D C:\Users\sirma\AppData\Roaming\Adobe
2016-02-14 16:32 - 2015-12-16 14:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-14 14:57 - 2015-12-16 11:10 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-14 14:49 - 2015-12-16 11:02 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-14 14:43 - 2015-12-16 11:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-14 14:33 - 2015-12-16 11:10 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-14 14:00 - 2015-12-17 21:26 - 00000000 ____D C:\Users\sirma\.jagex_cache_32
2016-02-14 13:43 - 2015-12-16 11:57 - 00000000 ____D C:\ProgramData\Skype
2016-02-13 16:20 - 2015-12-16 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-13 16:13 - 2015-12-16 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-13 11:56 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\rescache
2016-02-11 14:48 - 2015-12-16 11:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 14:25 - 2015-12-16 11:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-06 21:41 - 2015-12-16 11:45 - 00000000 ____D C:\Users\sirma
2016-02-03 20:01 - 2015-12-16 11:12 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-12-16 11:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 15:55 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\Registration
2016-02-02 15:52 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-02 15:51 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-02-02 15:51 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-02-02 15:51 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-02-02 15:51 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-02-02 15:51 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-02-02 15:51 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-02-02 15:50 - 2015-10-30 08:19 - 00047974 _____ C:\WINDOWS\SysWOW64\IIsScHlp.wsc
2016-02-02 15:50 - 2015-10-30 08:19 - 00041401 _____ C:\WINDOWS\SysWOW64\IIsExt.vbs
2016-02-02 15:50 - 2015-10-30 08:19 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoadmn.dll
2016-02-02 15:50 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoctrs.dll
2016-02-02 15:50 - 2015-10-30 08:18 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoadmn.dll
2016-02-02 15:50 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoctrs.dll
2016-02-02 11:57 - 2015-12-16 11:52 - 00004154 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 11:57 - 2015-12-16 11:52 - 00003922 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 11:36 - 2015-12-16 12:43 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-30 13:23 - 2015-12-16 12:00 - 00000000 ____D C:\Program Files\Bandizip
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 20:57 - 2015-12-16 11:10 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Bestanden in de root van sommige mappen =======
 
2016-02-20 15:07 - 2016-02-20 15:07 - 21405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-02-15 13:36 - 2016-02-15 13:36 - 0000132 _____ () C:\Users\sirma\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-16 20:25 - 2015-12-16 20:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Sommige bestanden in TEMP:
====================
C:\Users\sirma\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\sirma\AppData\Local\Temp\MSETUP4.EXE
C:\Users\sirma\AppData\Local\Temp\php_pdo_sqlsrv_53_nts.dll
C:\Users\sirma\AppData\Local\Temp\php_sqlsrv_53_nts.dll
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2016-02-24 12:10
 
==================== Eind van FRST.txt ============================
Addition.txt
Attached File  Addition.txt   61.56KB   4 downloads
 
Malwarebytes' Anti-Malware:
I can't get the log where I found the infections, (25 - 3 malware and 22 PUP). Sorry.

Edited by Markimoo, 25 February 2016 - 06:21 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 25 February 2016 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I just want to make sure that you have cleaned everything that was reported by Malwarebytes.
===

Remove these programs via the Control Panel > Programs and Features applet.
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E205... (long line)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966288 2014-10-22] (@ByELDI) [Bestand niet getekend]
C:\Program Files\KMSpico\
Task: {9157B853-8DF1-4737-BEAD-D1C4AED50AFB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-12-16] ()
Task: {D4FA54AE-22C1-4DB9-86DA-61A8B8B4D58F} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

The tool will create a log (Fixlog.txt) please post it to your reply.

Any remaining issues?

#3 Markimoo

Markimoo
  • Topic Starter

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 25 February 2016 - 10:49 AM

Hi,

About Malwarebytes, yes I did. I'll do the rest tomorrow.

Why do I need to reset Google Chrome?

Edited by Markimoo, 25 February 2016 - 10:49 AM.


#4 Markimoo

Markimoo
  • Topic Starter

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 25 February 2016 - 03:04 PM

Hello,

 

Google Chrome has been resetted automaticly? Also the computer asked for a reboot after doing the fixlist.txt what gave me a fixlog.txt:

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:24-02-2016
Gestart door sirma (2016-02-25 20:47:13) Run:1
Gestart vanaf C:\Users\sirma\Downloads
Geladen Profielen: sirma (Beschikbare Profielen: sirma & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:
 
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E205... (long line)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966288 2014-10-22] (@ByELDI) [Bestand niet getekend]
C:\Program Files\KMSpico\
Task: {9157B853-8DF1-4737-BEAD-D1C4AED50AFB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-12-16] ()
Task: {D4FA54AE-22C1-4DB9-86DA-61A8B8B4D58F} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
 
End
*****************
 
Herstelpunt is succesfol gemaakt.
Proces succesvol afgesloten.
C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst.
Hosts met succes hersteld.
HKU\S-1-5-21-431145589-1696384267-2759985026-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => waarde is succesvol verwijderd.
HKU\S-1-5-21-431145589-1696384267-2759985026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => waarde niet gevonden.
"HKLM\SOFTWARE\Policies\Google" => sleutel is succesvol verwijderd.
C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst.
Hosts met succes hersteld.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => sleutel is succesvol verwijderd.
Service KMSELDI => dienst niet gevonden.
C:\Program Files\KMSpico => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9157B853-8DF1-4737-BEAD-D1C4AED50AFB}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9157B853-8DF1-4737-BEAD-D1C4AED50AFB}" => sleutel is succesvol verwijderd.
C:\WINDOWS\System32\Tasks\AutoKMS => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4FA54AE-22C1-4DB9-86DA-61A8B8B4D58F} => sleutel niet gevonden. 
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => niet gevonden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => sleutel niet gevonden. 
EmptyTemp: => 6.1 GB tijdelijke gegevens verwijderd.
 
 
Het systeem moest herstart worden.
 
==== Eind van Fixlog 20:51:30 ====
 
Computer is still not very fast and I'm not sure if I can install my nvidia drivers without getting BSODs.


#5 Markimoo

Markimoo
  • Topic Starter

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 26 February 2016 - 05:01 AM

A new problem. My Office programs wont start.

 

3cbf0f8fb1.png

 

Edit: Closed all stuff based on Office in my task manager and all works.


Edited by Markimoo, 26 February 2016 - 05:04 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 26 February 2016 - 08:48 AM

Computer is still not very fast and I'm not sure if I can install my nvidia drivers without getting BSODs.


Do you have many BSOD?

If not then I do not see why you should not update the drivers.

#7 Markimoo

Markimoo
  • Topic Starter

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 26 February 2016 - 09:03 AM

When disabled not, but older and newer drivers give me BSODs.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 26 February 2016 - 10:19 AM

Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.

whocra11.png



#9 Markimoo

Markimoo
  • Topic Starter

  • Banned
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 26 February 2016 - 10:30 AM

Hi nasdaq,

 

Is this what you wanted? After that I de-installed/activated my NVIDIA driver.

Crash Dump Analysis

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Sun 20-12-2015 10:20:52 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\122015-20531-01.dmp
This was probably caused by the following module: nvlddmkm.sys (0xFFFFF801D115C178)
Bugcheck code: 0x116 (0xFFFFE000E9596010, 0xFFFFF801D115C178, 0xFFFFFFFFC000009A, 0x4)
Error: VIDEO_TDR_ERROR
file path: C:\WINDOWS\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 353.54
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 353.54
Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 353.54 , NVIDIA Corporation).
Google query: NVIDIA Corporation VIDEO_TDR_ERROR



On Sun 20-12-2015 10:20:52 GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: nvlddmkm.sys (0xFFFFF801D115C178)
Bugcheck code: 0x116 (0xFFFFE000E9596010, 0xFFFFF801D115C178, 0xFFFFFFFFC000009A, 0x4)
Error: VIDEO_TDR_ERROR
file path: C:\WINDOWS\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 353.54
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 353.54
Bug check description: This indicates that an attempt to reset the display driver and recover from a timeout failed.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 353.54 , NVIDIA Corporation).
Google query: NVIDIA Corporation VIDEO_TDR_ERROR



On Wed 16-12-2015 14:37:07 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\121615-19281-01.dmp
This was probably caused by the following module: nvlddmkm.sys (nvlddmkm+0x22BC96)
Bugcheck code: 0x133 (0x1, 0x1E00, 0x0, 0x0)
Error: DPC_WATCHDOG_VIOLATION
file path: C:\WINDOWS\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 353.54
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 353.54
Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 353.54 , NVIDIA Corporation).
Google query: NVIDIA Corporation DPC_WATCHDOG_VIOLATION



On Wed 16-12-2015 13:45:58 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\121615-26875-01.dmp
This was probably caused by the following module: nvlddmkm.sys (nvlddmkm+0x1A40C5)
Bugcheck code: 0x133 (0x0, 0x501, 0x500, 0x0)
Error: DPC_WATCHDOG_VIOLATION
file path: C:\WINDOWS\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 353.54
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 353.54
Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 353.54 , NVIDIA Corporation).
Google query: NVIDIA Corporation DPC_WATCHDOG_VIOLATION



On Wed 16-12-2015 11:23:53 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\121615-31390-01.dmp
This was probably caused by the following module: nvlddmkm.sys (nvlddmkm+0x1A40C5)
Bugcheck code: 0x133 (0x1, 0x1E00, 0x0, 0x0)
Error: DPC_WATCHDOG_VIOLATION
file path: C:\WINDOWS\system32\drivers\nvlddmkm.sys
product: NVIDIA Windows Kernel Mode Driver, Version 353.54
company: NVIDIA Corporation
description: NVIDIA Windows Kernel Mode Driver, Version 353.54
Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 353.54 , NVIDIA Corporation).
Google query: NVIDIA Corporation DPC_WATCHDOG_VIOLATION



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 26 February 2016 - 03:33 PM

Lets see what versions on that file in in you system.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    nvlddmkm.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users