Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BotCave Software / Skype


  • This topic is locked This topic is locked
15 replies to this topic

#1 piemels

piemels

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 December 2016 - 09:59 AM

So about 2 months ago i ordered a USB-stick with 1 terabyte online, but when i plugged it into my computer i saw that windows defender had detected something so i unplugged the stick.Later i scanned it with malwarebytes antimalware, windows defender and malwarebytes anti-rootkit. It detected some malicious files and i deleted them.

This week though, i encountered some problems with my paypal. When i went to the paypal site it said that they had some new terms and conditions and that i had to renew my mastercard information in order to accept the terms and conditions. I completely forgot about the infected USB-stick + i thought it was safe because i thought i had scanned and deleted the virus.

But today i noticed that my bank account was getting charged with lots of small amounts. It charged me 5 times for BotCave Software and 6 times for Skype, all in small amounts like 5 euro's or 20 euro's, sometimes it even charged me in USD. I blocked my card and scanned my pc again with malwarebytes but it didnt find anything this time. I really do not know where to look or how to manually remove the virus so i would appreciate all the help i can get.  



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 11 December 2016 - 01:29 PM

Hi piemels :)
 
My name is polskamachina and I would like to welcome you back to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

As a safety precaution, I would suggest that you not connect your infected computer to the internet until your machine is cleaned.
 
Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 11 December 2016 - 03:31 PM

Hi piemels :)
 
In order to get some idea of what's going on with your computer, please do the following:
 
Please reconnect to the internet, download Farbar Recovery Scan Tool, and save it to your Desktop.

Note: You need to run the version which is compatible with your system (either the 32-bit or 64-bit version). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the correct version.

  • Right click to run as administrator
  • When the tool opens click Yes to disclaimer
  • Press Scan button
  • It will produce two logs called FRST.txt and Addition.txt in the same directory from which the tool was run
  • Please copy and paste the logs into your next reply to me

Let me know if you have any questions.

 

polskamachina

 

 



#4 piemels

piemels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 December 2016 - 07:09 AM

Here is the FRST.txt log:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 07-12-2016
Gestart door Johan (Beheerder) op GEENPC (12-12-2016 12:51:22)
Gestart vanaf C:\Users\Johan\Downloads
Geladen Profielen: Johan (Beschikbare Profielen: Johan)
Platform: Windows 10 Home Versie 1607 (X64) Taal: Dutch (Netherlands)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Johan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
(Razer, Inc.) C:\Users\Johan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Johan\Downloads\FRST64 (1).exe
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2016-10-19] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2016-10-19] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-22] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Run: [Discord] => C:\Users\Johan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-10-22]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 195.130.131.5 195.130.130.5
Tcpip\..\Interfaces\{0496b137-209f-44b0-8649-20e4aeeb38b5}: [NameServer] 8.8.8.8,4.2.2.2
Tcpip\..\Interfaces\{0496b137-209f-44b0-8649-20e4aeeb38b5}: [DhcpNameServer] 195.130.131.5 195.130.130.5
Tcpip\..\Interfaces\{69d2180d-ae49-404d-9bbe-3f33b520deb9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{deda5b44-346d-438c-9de1-2c9202d14dd1}: [DhcpNameServer] 10.15.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-888377697-4162799174-962513261-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-be/?ocid=iehp
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-04] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-888377697-4162799174-962513261-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Johan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-888377697-4162799174-962513261-1001: SkypePlugin -> C:\Users\Johan\AppData\Local\SkypePlugin\7.17.0.43\npGatewayNpapi.dll [2016-03-21] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-888377697-4162799174-962513261-1001: SkypePlugin64 -> C:\Users\Johan\AppData\Local\SkypePlugin\7.17.0.43\npGatewayNpapi-x64.dll [2016-03-21] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR Profile: C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (BetterTTV) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-10]
CHR Extension: (Google Drive) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (Bellen via Skype) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Adblock Plus) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-04-08] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-12-22] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [Bestand niet getekend]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2117128 2016-10-28] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2178576 2016-10-28] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1316080 2016-12-07] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-04] (Razer Inc)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3696fe4b96482e60\nvlddmkm.sys [14182960 2016-11-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [462480 2015-08-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-07-21] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [43736 2015-07-21] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [42200 2015-07-21] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42200 2015-07-21] (Razer Inc)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-08-29] (SteelSeries ApS)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-12-12 12:51 - 2016-12-12 12:52 - 00016383 _____ C:\Users\Johan\Downloads\FRST.txt
2016-12-12 12:45 - 2016-12-12 12:50 - 02420224 _____ (Farbar) C:\Users\Johan\Downloads\FRST64 (1).exe
2016-12-12 12:44 - 2016-12-12 12:51 - 00000000 ____D C:\FRST
2016-12-12 12:35 - 2016-12-12 12:44 - 02420224 _____ (Farbar) C:\Users\Johan\Downloads\FRST64.exe
2016-12-10 14:44 - 2016-12-10 14:44 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Johan\Downloads\mbar-1.09.3.1001.exe
2016-12-09 18:25 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 18:25 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 18:25 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 18:25 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 18:25 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 18:25 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 18:25 - 2016-11-11 11:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-09 18:25 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 18:25 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 18:25 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 18:25 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 18:25 - 2016-11-11 11:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-09 18:25 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 18:25 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 18:25 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 18:25 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 18:25 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 18:25 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 18:25 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 18:25 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 18:25 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 18:25 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 18:25 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 18:25 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 18:25 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 18:25 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 18:25 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 18:25 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 18:25 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 18:25 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 18:25 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 18:25 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 18:25 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 18:25 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 18:25 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 18:25 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 18:25 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 18:25 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 18:25 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 18:25 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 18:25 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 18:25 - 2016-11-11 10:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-09 18:25 - 2016-11-11 10:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-09 18:25 - 2016-11-11 10:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-09 18:25 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 18:25 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 18:25 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 18:25 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 18:25 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 18:25 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 18:25 - 2016-11-11 10:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-09 18:25 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 18:25 - 2016-11-11 10:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-09 18:25 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 18:25 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 18:25 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 18:25 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 18:25 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 18:25 - 2016-11-11 10:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-09 18:25 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 18:25 - 2016-11-11 10:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-09 18:25 - 2016-11-11 08:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-09 18:25 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 18:25 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 18:25 - 2016-11-11 08:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-09 18:25 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 18:25 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 18:25 - 2016-11-11 08:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-09 18:25 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 18:25 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 18:25 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 18:25 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 18:25 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 18:25 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 18:25 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 18:25 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 18:25 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 18:25 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 18:25 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 18:25 - 2016-11-11 08:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-09 18:25 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 18:25 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 18:25 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 18:25 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 18:25 - 2016-11-11 08:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-09 18:25 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 18:25 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 18:25 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 18:25 - 2016-11-11 08:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-09 18:25 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 18:25 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 18:25 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 18:25 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 18:25 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 18:25 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 18:25 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 18:25 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 18:25 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 18:25 - 2016-11-11 08:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-09 18:25 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 18:25 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 18:25 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 18:24 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 18:24 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 18:24 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 18:24 - 2016-11-11 11:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-09 18:24 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 18:24 - 2016-11-11 11:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-09 18:24 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 18:24 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 18:24 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 18:24 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 18:24 - 2016-11-11 11:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-09 18:24 - 2016-11-11 11:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-09 18:24 - 2016-11-11 11:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-09 18:24 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 18:24 - 2016-11-11 11:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-09 18:24 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 18:24 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 18:24 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 18:24 - 2016-11-11 10:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-09 18:24 - 2016-11-11 10:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-09 18:24 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 18:24 - 2016-11-11 10:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-09 18:24 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 18:24 - 2016-11-11 10:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-09 18:24 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 18:24 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 18:24 - 2016-11-11 10:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-09 18:24 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 18:24 - 2016-11-11 10:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-09 18:24 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 18:24 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 18:24 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 18:24 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 18:24 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 18:24 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 18:24 - 2016-11-11 10:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-09 18:24 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 18:24 - 2016-11-11 10:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-09 18:24 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 18:24 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 18:24 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 18:24 - 2016-11-11 10:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-09 18:24 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 18:24 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 18:24 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 18:24 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 18:24 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 18:24 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 18:24 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 18:24 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 18:24 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 18:24 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 18:24 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 18:24 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 18:24 - 2016-11-11 10:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-09 18:24 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 18:24 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 18:24 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 18:24 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 18:24 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 18:24 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-09 18:24 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 18:24 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 18:24 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 18:24 - 2016-11-11 10:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-09 18:24 - 2016-11-11 10:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-09 18:24 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 18:24 - 2016-11-11 10:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-09 18:24 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 18:24 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 18:24 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 18:24 - 2016-11-11 10:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-09 18:24 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 18:24 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 18:24 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 18:24 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 18:24 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 18:24 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 18:24 - 2016-11-11 10:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-09 18:24 - 2016-11-11 10:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-09 18:24 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 18:24 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 18:24 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 18:24 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 18:24 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 18:24 - 2016-11-11 10:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-09 18:24 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 18:24 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 18:24 - 2016-11-11 10:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-09 18:24 - 2016-11-11 10:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-09 18:24 - 2016-11-11 10:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-09 18:24 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 18:24 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 18:24 - 2016-11-11 10:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-09 18:24 - 2016-11-11 10:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 18:24 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 18:24 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 18:24 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 18:24 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 18:24 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 18:24 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 18:24 - 2016-11-11 10:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-09 18:24 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 18:24 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 18:24 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 18:24 - 2016-11-11 10:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 18:24 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-09 18:24 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-09 18:24 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 18:24 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 18:24 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 18:24 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 18:24 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 18:24 - 2016-11-11 10:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-09 18:24 - 2016-11-11 10:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-09 18:24 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 18:24 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 18:24 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 18:24 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 18:24 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 18:24 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 18:24 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 18:24 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 18:24 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 18:24 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 18:24 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 18:24 - 2016-11-11 08:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-09 18:24 - 2016-11-11 08:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-09 18:24 - 2016-11-11 08:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 18:24 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 18:24 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 18:24 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 18:24 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 18:24 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 18:24 - 2016-11-11 08:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-09 18:24 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 18:24 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 18:24 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 18:24 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 18:24 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 18:24 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 18:24 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 18:24 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 18:24 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 18:24 - 2016-11-11 08:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-09 18:24 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 18:24 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 18:24 - 2016-11-11 08:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-09 18:24 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 18:24 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 18:24 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 18:24 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 18:24 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 18:24 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 18:24 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 18:24 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 18:24 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 18:24 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 18:24 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 18:24 - 2016-11-11 08:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-09 18:24 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 18:24 - 2016-11-11 08:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-09 18:24 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 18:24 - 2016-11-11 08:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-09 18:24 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 18:24 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 18:24 - 2016-11-11 08:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-09 18:24 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 18:24 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 18:24 - 2016-11-11 08:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-09 18:24 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 18:24 - 2016-11-11 08:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-09 18:24 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 18:24 - 2016-11-11 08:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-09 18:24 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 18:24 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 18:24 - 2016-11-11 08:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-09 18:24 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 18:24 - 2016-11-11 08:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-09 18:24 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 18:24 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 18:24 - 2016-11-11 08:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-09 18:24 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 18:24 - 2016-11-11 08:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-09 18:24 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-09 18:24 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 18:24 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 18:24 - 2016-11-11 08:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-09 18:24 - 2016-11-11 07:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-07 12:56 - 2016-12-07 12:57 - 00000000 ____D C:\ProgramData\Skype
2016-12-04 01:20 - 2016-12-04 01:20 - 00000043 _____ C:\Users\Johan\Desktop\hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.txt
2016-11-30 17:23 - 2016-11-30 17:23 - 00000000 ____D C:\Users\Johan\AppData\Roaming\NVIDIA
2016-11-30 13:27 - 2016-11-17 14:45 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-30 13:27 - 2016-11-17 14:45 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-29 22:15 - 2016-11-29 22:15 - 00000000 ____D C:\Users\Johan\AppData\Local\Femap
2016-11-29 22:12 - 2016-11-29 22:12 - 00002162 _____ C:\Users\Public\Desktop\Solid Edge ST9.lnk
2016-11-29 22:12 - 2016-11-29 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid Edge ST9
2016-11-29 22:02 - 2016-11-29 22:11 - 00000000 ____D C:\Program Files\Solid Edge ST9
2016-11-29 22:01 - 2016-11-29 22:01 - 00001143 _____ C:\Users\Public\Desktop\KeyShot 6 Resources.lnk
2016-11-29 22:01 - 2016-11-29 22:01 - 00000000 ____D C:\Users\Johan\AppData\Local\Luxion
2016-11-29 22:00 - 2016-11-29 22:01 - 00000000 ____D C:\Users\Public\Documents\KeyShot 6
2016-11-29 21:59 - 2016-11-29 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyShot 6 64
2016-11-29 21:59 - 2016-11-29 21:59 - 00000969 _____ C:\Users\Public\Desktop\KeyShot 6 64.lnk
2016-11-29 21:57 - 2016-11-29 22:01 - 00000000 ____D C:\Program Files\KeyShot6
2016-11-29 20:38 - 2016-11-29 21:54 - 2129296808 _____ (Igor Pavlov) C:\Users\Johan\Downloads\Solid_Edge_Student_ENGLISH_ST9.exe
2016-11-28 18:43 - 2016-11-28 18:43 - 00000222 _____ C:\Users\Johan\Desktop\Farming Simulator 17.url
2016-11-28 17:20 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-28 17:20 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-28 17:20 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-28 17:20 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-28 17:20 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-28 17:20 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-28 17:20 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-28 17:19 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-28 17:19 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-28 17:19 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-28 17:18 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-28 17:17 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-28 17:17 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-28 17:17 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-28 17:17 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-28 17:16 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-28 17:16 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-28 17:16 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-28 17:15 - 2016-11-28 17:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-28 17:15 - 2016-11-24 20:22 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-11-28 17:15 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-28 17:15 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-28 17:15 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-28 17:15 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-28 17:15 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-28 17:15 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-28 17:15 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-28 17:15 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-28 17:15 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-28 17:15 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-28 17:15 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-28 17:15 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-28 17:15 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-28 17:15 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-28 17:15 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-28 17:15 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-28 17:15 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-28 17:15 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-28 17:15 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-28 17:15 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-28 17:15 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-28 17:15 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-28 17:15 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-28 17:15 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-28 17:15 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-28 17:15 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-28 17:15 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-28 17:15 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-28 17:15 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-28 17:15 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-28 17:15 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-28 17:15 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-28 17:15 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-28 17:15 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-28 17:15 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-28 17:15 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-28 17:15 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-28 17:15 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-28 17:15 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-28 17:15 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-28 17:15 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-28 17:15 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-28 17:15 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-28 17:15 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-28 17:15 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-28 17:15 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-28 17:15 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-28 17:15 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-28 17:15 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-28 17:15 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-28 17:15 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-28 17:15 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-28 17:15 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-28 17:15 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-28 17:15 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-28 17:15 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-28 17:15 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-28 17:15 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-28 17:15 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-28 17:15 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-28 17:15 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-28 17:15 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-28 17:15 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-28 17:15 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-28 17:15 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-28 17:15 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-28 17:14 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-28 17:14 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-28 17:14 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-28 17:14 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-28 17:14 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-28 17:14 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-28 17:14 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-28 17:14 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-28 17:14 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-28 17:14 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-28 17:14 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-28 17:14 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-28 17:14 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-28 17:14 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-28 17:14 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-28 17:14 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-28 17:14 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-28 17:14 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-28 17:14 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-28 17:14 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-28 17:14 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-28 17:14 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-28 17:14 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-28 17:14 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-28 17:14 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-28 17:14 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-28 17:14 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-28 17:14 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-28 17:14 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-28 17:14 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-28 17:14 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-28 17:14 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-28 17:14 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-28 17:14 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-28 17:14 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-28 17:14 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-28 17:14 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-28 17:14 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-28 17:14 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-28 17:14 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-28 17:14 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-28 17:14 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-28 17:14 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-28 17:14 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-28 17:14 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-28 17:14 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-28 17:14 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-28 17:14 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-28 17:14 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-28 17:14 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-28 17:14 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-28 17:14 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-28 17:14 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-28 17:14 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-28 17:14 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-28 17:12 - 2016-11-24 21:53 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 28202040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 10804064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 08762072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 01951680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437609.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437609.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00945208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00895424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00802584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00642576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00439864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-11-28 17:12 - 2016-11-24 21:53 - 00327224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-12-12 12:53 - 2015-11-24 19:29 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-12-12 12:46 - 2015-11-24 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-12 12:30 - 2016-10-22 17:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 00:48 - 2015-12-26 17:27 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-12-11 17:29 - 2016-06-28 11:28 - 00000002 _____ C:\END
2016-12-11 12:58 - 2016-07-16 23:15 - 00767864 _____ C:\WINDOWS\system32\perfh013.dat
2016-12-11 12:58 - 2016-07-16 23:15 - 00164132 _____ C:\WINDOWS\system32\perfc013.dat
2016-12-11 12:58 - 2015-11-24 18:40 - 02149268 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 12:57 - 2016-10-22 16:39 - 00000000 ____D C:\Users\Johan\Documents\temp
2016-12-11 12:55 - 2016-10-22 18:01 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-11 12:54 - 2016-10-22 18:05 - 00000000 ____D C:\Users\Johan
2016-12-11 12:54 - 2015-08-26 16:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 12:53 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 12:52 - 2016-10-22 18:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-11 12:52 - 2016-10-22 17:57 - 00240680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-11 12:52 - 2015-12-22 20:35 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-11 12:52 - 2015-11-24 19:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-11 01:52 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-11 01:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 01:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 01:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 01:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 01:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 19:51 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-10 15:36 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 15:18 - 2016-11-03 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-10 15:18 - 2015-08-12 18:14 - 00000000 ____D C:\Users\Johan\Desktop\mbar
2016-12-10 14:59 - 2016-11-04 11:47 - 00000000 ____D C:\Users\Johan\AppData\Roaming\Skype
2016-12-10 14:49 - 2015-09-13 19:33 - 00000000 ____D C:\Users\Johan\AppData\LocalLow\Temp
2016-12-10 14:45 - 2016-11-03 18:32 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-10 14:45 - 2015-11-24 19:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 19:43 - 2015-12-07 13:15 - 00000000 ____D C:\Users\Johan\AppData\Local\CrashDumps
2016-12-09 18:04 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 13:08 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-08 19:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-07 12:57 - 2015-11-24 18:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-06 13:14 - 2016-07-20 10:18 - 00000000 ____D C:\Users\Johan\AppData\Roaming\discord
2016-12-04 01:21 - 2015-11-24 19:29 - 00000000 _____ C:\WINDOWS\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2016-12-04 01:11 - 2016-10-22 18:21 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-04 01:11 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-04 01:11 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-02 17:08 - 2015-11-24 18:39 - 00000000 ____D C:\Users\Johan\AppData\Local\Packages
2016-11-30 13:29 - 2016-10-22 19:01 - 00003920 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:29 - 2016-10-22 19:01 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-30 13:29 - 2016-10-22 18:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-30 13:28 - 2016-10-22 19:00 - 00003984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:28 - 2016-10-22 19:00 - 00003956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:28 - 2016-10-22 19:00 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:28 - 2016-10-22 19:00 - 00003732 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:28 - 2016-10-22 19:00 - 00003690 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-30 13:28 - 2016-10-22 18:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-30 13:28 - 2016-10-22 18:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-29 19:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-28 23:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-28 19:24 - 2015-11-24 21:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-28 19:20 - 2015-11-24 21:54 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-28 19:16 - 2015-08-16 19:52 - 00000000 ____D C:\Users\Johan\Documents\My Games
2016-11-28 18:43 - 2015-11-24 18:55 - 00000000 ____D C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-28 17:16 - 2015-11-24 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-28 09:54 - 2015-11-24 18:48 - 00002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-24 21:53 - 2016-09-23 21:42 - 03934320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-24 21:53 - 2016-09-23 21:42 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-24 21:53 - 2016-09-23 18:42 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-24 20:39 - 2016-10-22 18:01 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-24 20:39 - 2016-10-22 18:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-23 13:58 - 2016-10-22 18:01 - 07538847 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-17 14:45 - 2016-10-22 19:01 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-11-17 14:45 - 2016-10-22 19:01 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-11-17 14:45 - 2016-10-22 19:01 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-11-17 14:45 - 2016-10-22 19:01 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-11-17 14:45 - 2016-10-22 19:01 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-11-17 14:45 - 2016-10-22 19:00 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-11-16 17:42 - 2016-10-22 19:00 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
 
==================== Bestanden in de root van sommige mappen =======
 
2016-09-26 18:17 - 2016-09-26 18:17 - 1065984 _____ () C:\Users\Johan\AppData\Local\file__0.localstorage
 
Sommige bestanden in TEMP:
====================
C:\Users\Johan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Johan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Johan\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2016-12-02 19:17
 
==================== Eind van FRST.txt ============================
 
 
And here is the Addition.txt log:
 
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 07-12-2016
Gestart door Johan (12-12-2016 12:58:06)
Gestart vanaf C:\Users\Johan\Downloads
Windows 10 Home Versie 1607 (X64) (2016-10-22 17:24:49)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-888377697-4162799174-962513261-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-888377697-4162799174-962513261-503 - Limited - Disabled)
Gast (S-1-5-21-888377697-4162799174-962513261-501 - Limited - Disabled)
Johan (S-1-5-21-888377697-4162799174-962513261-1001 - Administrator - Enabled) => C:\Users\Johan
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 376.09 - NVIDIA Corporation) Hidden
ASUS Xonar DGX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.9.53998 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BitTorrent (HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Chaos Reborn (HKLM\...\Steam App 319050) (Version:  - Snapshot Games Inc.)
Cossacks 3 (HKLM-x32\...\Cossacks 3_is1) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Discord (HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon's Dogma: Dark Arisen (HKLM-x32\...\Steam App 367500) (Version:  - Capcom)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
ExpressVPN v3.626 (HKLM-x32\...\ExpressVPN) (Version: v3.626 - ExpressVPN)
Farming Simulator 17 (HKLM\...\Steam App 447020) (Version:  - Giants Software)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Gang Beasts (HKLM\...\Steam App 285900) (Version:  - Boneloaf)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 2.00.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 2.00.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
KeyShot 6 64 bit (HKLM-x32\...\KeyShot 6_64) (Version: 6.1 64 bit - Luxion ApS)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Magicka 2 (HKLM\...\Steam App 238370) (Version:  - Pieces Interactive)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
Nuclear Throne (HKLM\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.2.60207 - Electronic Arts, Inc.)
Overlord II (HKLM\...\Steam App 12810) (Version:  - Triumph Studios)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.100.227.0 - Overwolf Ltd.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.12.0.16 - GOG.com)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Seraph (HKLM\...\Steam App 425670) (Version:  - Dreadbit)
Shadow Warrior 2 (HKLM\...\Steam App 324800) (Version:  - Flying Wild Hog)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{A51A9885-30AA-4736-BECA-5DB4BCB1A2EA}) (Version: 7.17.0.43 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Solid Edge ST9 (HKLM\...\{1E02E133-6790-460A-B9C7-9CEA71CB502A}) (Version: 109.00.00111 - Siemens)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
TeamSpeak 3 Client (HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version:  - Gameforge4d)
Tiger Knight: Empire War (HKLM\...\Steam App 534500) (Version:  - NetDragon Websoft Holdings Limited)
UE4 Prerequisites (x86) (x32 Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (x32 Version: 1.0.12.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
UNLOVED (HKLM\...\Steam App 321270) (Version:  - BlueEagle Productions)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War for the Overworld (HKLM\...\Steam App 230190) (Version:  - Brightrock Games)
We Happy Few (HKLM\...\Steam App 320240) (Version:  - Compulsion Games)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
CustomCLSID: HKU\S-1-5-21-888377697-4162799174-962513261-1001_Classes\CLSID\{8CE9991C-CC9B-42FA-85CF-BEFCB1F5DC30}\InprocServer32 -> C:\Users\Johan\AppData\Local\SkypePlugin\7.17.0.43\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-888377697-4162799174-962513261-1001_Classes\CLSID\{AFD4369B-8A38-4407-882D-8297641DCFDF}\localserver32 -> C:\Users\Johan\AppData\Local\SkypePlugin\7.17.0.43\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-888377697-4162799174-962513261-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Johan\AppData\Local\SkypePlugin\7.17.0.43\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {1801245D-E7EA-41D6-AC5A-80CDDFF65DD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {1A8F844F-9728-4993-847E-DC7D62F903B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {1D68E19A-1ECE-47C6-9325-39A6E5CD8045} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {35C686CC-D68C-4CB6-B73C-1CB92EDE1957} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {506571A1-943A-480F-91F4-06D0D4C244D8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {5582988A-BCEA-4AE2-A148-E73F13044D95} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-04] (Adobe Systems Incorporated)
Task: {656BDDC3-F551-4258-B4D1-F62C32F0E5F4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {78FDB6FD-2FD6-44A5-802D-918900CF1F48} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A075721A-287F-4356-9E4B-4DA8C6DE8553} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {A9AF82C5-4FFF-44B4-86D0-43948139CEAA} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2016-05-03] (GIGABYTE Technology Co.,Ltd.)
Task: {ACA91EC8-7552-49A3-9FDF-6D69DD8ED1B3} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {C00CE692-F51D-4E8F-875E-03F93D5A37FD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {C6DBBEF7-393A-466C-950C-2563575BE2E0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {E94F8488-E1DF-4EEB-A303-94785EFF3F29} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-12-07] (Overwolf LTD)
Task: {F5D4DBDA-8A02-4BE3-81D6-0A395C0BE9BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Snelkoppelingen =============================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
==================== Geladen Modules (gefilterd) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 18:24 - 2016-11-11 11:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-22 19:00 - 2016-11-17 14:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-22 19:00 - 2016-11-17 14:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-22 19:01 - 2016-11-17 14:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-10-22 18:00 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-09-24 23:20 - 2016-09-24 23:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-22 18:01 - 2016-11-24 20:39 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-09 18:24 - 2016-11-11 11:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-22 19:00 - 2016-10-22 19:00 - 01864384 _____ () C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-10-22 18:51 - 2016-10-22 18:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 18:24 - 2016-11-11 10:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-06-24 21:56 - 2015-06-24 21:56 - 00118592 _____ () C:\WINDOWS\SYSTEM32\AcpiServiceVnA64.dll
2015-06-24 21:57 - 2015-06-24 21:57 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2016-10-19 07:44 - 2016-10-19 08:27 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2016-10-19 07:44 - 2016-10-19 08:27 - 00282112 _____ () C:\Windows\System\HsMgr64.exe
2016-08-19 09:12 - 2016-08-19 09:12 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-11-28 17:15 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-28 17:15 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-28 17:15 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-28 17:15 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-28 17:15 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00315168 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
2015-11-24 18:55 - 2016-11-28 17:11 - 05028640 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\engine2.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00716576 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\tier0.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00403232 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vstdlib.dll
2015-11-24 18:55 - 2016-10-22 19:33 - 00997152 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\SDL2.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00383264 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\filesystem_stdio.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00242976 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\inputsystem.dll
2015-11-24 18:56 - 2016-11-28 17:11 - 00239904 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\imemanager.dll
2015-11-24 18:56 - 2016-11-28 17:11 - 00173344 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\localize.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01305376 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\rendersystemdx9.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00558368 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\resourcesystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00639264 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\schemasystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01003808 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\materialsystem2.dll
2015-11-24 18:56 - 2016-11-28 17:11 - 00130848 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\valve_avi.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 06157088 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scaleformui_4_dx9.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00852768 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\meshsystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01058080 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\worldrenderer.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00805152 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vscript.dll
2015-11-24 18:55 - 2016-11-30 16:17 - 02319648 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\networksystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01369888 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\animationsystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 02319136 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vphysics2.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01122080 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\soundsystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 02600736 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scenesystem.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01188640 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vguirendersurface.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00452384 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vgui2.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 03133216 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\particles.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00310048 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\renderingpipelines.dll
2015-11-24 18:55 - 2016-12-04 01:17 - 33031456 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\server.dll
2015-11-24 18:55 - 2016-12-08 12:55 - 37542176 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\client.dll
2015-11-24 18:55 - 2015-11-24 18:57 - 05981184 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\v8.dll
2015-11-24 18:55 - 2015-11-24 18:57 - 03166720 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\video64.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 02926080 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavcodec-56.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 00574976 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavformat-56.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 00385024 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavresample-2.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 00487936 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavutil-54.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 00564736 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libswscale-3.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 01414656 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\icuuc.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 01795584 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\icui18n.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 03009824 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\panorama.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 01091872 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\panorama_text_pango.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 00481280 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libfontconfig-1.dll
2015-11-24 18:55 - 2015-11-24 18:56 - 01058304 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libfreetype-6.dll
2015-11-24 18:56 - 2015-11-24 18:56 - 00137728 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64mp3.asi
2015-11-24 18:56 - 2015-11-24 18:56 - 00071168 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64ds3d.flt
2015-11-24 18:56 - 2015-11-24 18:56 - 00131584 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64eax.flt
2015-11-24 18:55 - 2016-11-28 17:11 - 01482528 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\host.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00246048 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scenefilecache.dll
2015-11-24 18:55 - 2016-11-28 17:11 - 00537888 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\navsystem.dll
2016-10-22 18:01 - 2016-12-11 12:52 - 00035328 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-10-22 18:00 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-10-31 11:51 - 2016-10-31 11:51 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-22 19:00 - 2016-11-17 14:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-22 19:00 - 2016-11-17 14:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-22 19:00 - 2016-11-17 14:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-11-24 18:49 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-24 18:49 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-24 18:49 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-24 18:49 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-24 18:49 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-24 18:49 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-24 18:49 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-24 18:49 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-24 18:49 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-24 18:49 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-24 18:49 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 16:22 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-22 19:00 - 2016-10-22 19:00 - 01383616 _____ () C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-10-22 19:00 - 2016-10-22 19:00 - 00118976 _____ () C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-10-19 07:44 - 2012-06-06 02:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2016-10-22 19:01 - 2016-11-17 14:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-11-18 11:41 - 2016-11-18 11:41 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-03-24 17:01 - 2015-03-24 17:01 - 00192512 _____ () C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GvVGAConfig.dll
2016-08-25 09:41 - 2016-08-24 16:49 - 01950392 _____ () C:\Users\Johan\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 09:50 - 2016-11-28 17:03 - 01058816 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 09:50 - 2016-11-28 17:03 - 03801088 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 09:50 - 2016-08-25 09:50 - 00894136 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 09:50 - 2016-08-25 09:50 - 01119416 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-25 09:41 - 2016-08-24 16:49 - 02230456 _____ () C:\Users\Johan\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 09:41 - 2016-08-24 16:49 - 00088760 _____ () C:\Users\Johan\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-22 19:00 - 2016-11-17 11:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-22 19:00 - 2016-11-17 11:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-22 19:00 - 2016-11-17 11:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-22 19:00 - 2016-11-17 11:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-22 19:00 - 2016-11-17 11:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-22 19:00 - 2016-11-17 11:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-22 19:00 - 2016-11-17 11:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-22 16:44 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-12-11 12:55 - 2016-12-11 12:55 - 00170496 _____ () \\?\C:\Users\Johan\AppData\Local\Temp\D08B.tmp.node
2016-08-25 09:50 - 2016-10-18 17:00 - 02658304 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-02 16:46 - 2016-10-18 17:00 - 02147328 _____ () \\?\C:\Users\Johan\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-12-11 12:55 - 2016-12-11 12:55 - 00170496 _____ () \\?\C:\Users\Johan\AppData\Local\Temp\D09A.tmp.node
2016-10-25 16:39 - 2016-09-07 21:42 - 50656768 _____ () C:\Users\Johan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-11-24 18:49 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-10-25 16:39 - 2016-09-07 21:42 - 01874944 _____ () C:\Users\Johan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-10-25 16:39 - 2016-09-07 21:42 - 00075264 _____ () C:\Users\Johan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-11-28 09:54 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-28 09:54 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
 
==================== Hosts inhoud: ===============================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2015-11-24 18:03 - 2016-07-04 12:30 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-888377697-4162799174-962513261-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 4.2.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-888377697-4162799174-962513261-1001\...\StartupApproved\Run: => "Skype"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{13F59AFB-05D6-4636-9D55-2569B8C58255}C:\program files (x86)\steam\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe] => C:\program files (x86)\steam\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe
FirewallRules: [TCP Query User{A6D33299-BF0B-479D-910B-EBF420309AED}C:\program files (x86)\steam\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe] => C:\program files (x86)\steam\steamapps\common\unloved\unloved\binaries\win32\unloved-win32-shipping.exe
FirewallRules: [{EE04399E-46A5-4099-AD5C-8CC041923AF6}] => C:\Program Files (x86)\Steam\steamapps\common\UNLOVED\Unloved.exe
FirewallRules: [{5C92EEFC-1F76-4ED3-BB14-634AA6A71749}] => C:\Program Files (x86)\Steam\steamapps\common\UNLOVED\Unloved.exe
FirewallRules: [{82CFC5F3-2487-47C9-A722-E241C338459D}] => C:\Program Files (x86)\Steam\steamapps\common\Seraph\Seraph.exe
FirewallRules: [{2EF31B6A-D506-41A8-987F-A896E5FECFDB}] => C:\Program Files (x86)\Steam\steamapps\common\Seraph\Seraph.exe
FirewallRules: [{6D21B755-BFBB-442A-8B66-ACD660E35D2D}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{3F40E578-4B89-43A2-8F71-934973A95C94}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{96E90033-BEDD-44D9-8052-FC70429391B9}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{6EB180F2-55A6-4D44-A0BA-EB6097419163}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E36ED509-0BA1-45BE-9793-1C20EE92EC4B}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{E4AC0A0B-F2DD-47C1-B723-1CAE3179FA32}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{FDB2265D-7598-4351-B1B6-E36B5BC7B406}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{5BF0F477-52A4-409D-81A6-C45287B0B8F9}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [UDP Query User{50CBDE37-84F5-429D-8BDE-7A723ADA1F6B}C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [TCP Query User{7FEA0775-274D-482E-8D41-D74A02611D8A}C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [{D2E57DA6-6DC5-4B52-8CCD-2D7CEE109ECB}] => C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{DA04D479-951A-422F-99CB-8DCF267F2ED6}] => C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{3740FB3C-6A31-480B-B7AB-101D55F3ACFB}] => C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{0D9F4F6C-02B2-49D1-8A7A-7C20E210B128}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{DCB817B4-4F61-4292-AE59-363EAC41F165}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [UDP Query User{AB48FE29-38A7-45C0-8731-3C6805E3B7FF}C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe] => C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [TCP Query User{AC12C185-7F51-44CA-9181-243E6A5CE3CB}C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe] => C:\program files (x86)\steam\steamapps\common\war for the overworld\wftogame.exe
FirewallRules: [{FA5B16C6-0B40-49AF-A30C-2F370DAD06F9}] => C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{8DA02374-CE32-4D1E-85DF-DB3F6C085090}] => C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{7ACDEFE0-1A27-4911-AE9A-2915E79A81CE}] => C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
FirewallRules: [{86572961-ED15-4A5E-BAEF-AF6821DD2641}] => C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe
FirewallRules: [{DFC6DF93-86A6-4FB4-B057-ADAAA0ECA7D7}] => C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{121360BC-840D-44A6-9310-349168F286D7}] => C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{A09EE431-C427-433E-AF5E-2871859E73C7}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{CAB987B5-98D1-47E7-8A21-EFE16E2F7D25}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{E886CAEA-87D3-4D41-A16D-18809E0E5C71}] => C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{FD648227-9F74-44ED-9386-2530D6E5FC3A}] => C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{83776687-B196-4441-ACD3-D4172CF8E58F}] => C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{42A74F4D-EFBE-4C59-9508-B33B495BB13F}] => C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [UDP Query User{D6D03240-9790-4928-A298-C49E4D5BA1E3}C:\program files\dolphin\dolphin.exe] => C:\program files\dolphin\dolphin.exe
FirewallRules: [TCP Query User{132222E7-ED93-4E01-9071-D3E60BB19E3B}C:\program files\dolphin\dolphin.exe] => C:\program files\dolphin\dolphin.exe
FirewallRules: [{E1F4DC5B-53EB-4E6C-9D45-1CB0D570472B}] => C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{00A92B40-1F71-48DD-8094-02A99D4AD94C}] => C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{A01ED29B-BF90-40D3-89D7-EFE97E04BE8A}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FBD8A200-0B3D-41F0-A3DB-63EAA4C642E7}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{893B4BE1-5488-4C8E-8686-13DFC86B043B}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{CABA822D-29EC-4CB9-BC15-3DE2D7E17C33}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{C4E6DD78-AF14-40F8-B95E-2DD76317C758}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D2506684-CF2F-4F7A-A84F-94FA6474206E}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{CDC84633-2696-4178-AC08-1CF407061785}] => C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{4F546D45-8B84-451C-B9D5-1B44CC08F80A}] => C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [UDP Query User{45157FB9-C31A-49FA-A89F-E37664BCB3D2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4F3A842E-1D76-481D-A7CB-EB9BE218F1D9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{58642C01-3D28-4697-A829-B4403A9E0B2D}C:\users\johan\desktop\igg-roguelands.v1.0\roguelands.exe] => C:\users\johan\desktop\igg-roguelands.v1.0\roguelands.exe
FirewallRules: [TCP Query User{F4E8F9E1-1756-49DF-A5E6-9E9A223B429C}C:\users\johan\desktop\igg-roguelands.v1.0\roguelands.exe] => C:\users\johan\desktop\igg-roguelands.v1.0\roguelands.exe
FirewallRules: [{28863010-046D-4433-9647-BF76E9AE2896}] => C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{585EF378-FD25-47B8-8F3C-1818128503A6}] => C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [UDP Query User{1299E338-2968-444A-839F-4DA69D7AFA46}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{F1DF3BAF-77E4-4CD6-981B-471B0E3B9C2F}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{793B0043-FA6B-4A6B-B75E-3078643D169B}] => C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B1293D33-8C8F-4F07-A57A-A31B81FFD712}] => C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{5A70FD1B-81CA-4B4C-A150-689A8B6C134D}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{83F9EA28-4CC7-4663-A1C5-89B90BCFE294}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{2AE7B69C-872A-426C-8DCF-3CBF42E025FE}] => C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{52C55B49-B82A-48BA-B20B-761233BCC431}] => C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [UDP Query User{A8F4BB7B-9C57-48D1-AEED-8E1F1D6CE549}C:\users\johan\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe] => C:\users\johan\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe
FirewallRules: [TCP Query User{4A63BB2E-5612-40AB-8ED1-C937EB2FCA6E}C:\users\johan\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe] => C:\users\johan\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe
FirewallRules: [{04D68A81-6029-4A4E-A404-79C58DEC6335}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{01990A10-E847-4E99-8417-7AA2DC16A3FF}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2233E62-4A5E-4493-A1F2-9D98243D2A47}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CFA42B6F-5A47-42F2-AD28-D6F01AE2980A}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E66817E5-121E-4725-8FAB-0CE82BE0BC62}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8ABEC7F0-D67B-43D2-84C8-BBF92D903E86}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8EF6EE9A-ACA0-4874-ACA3-2A9BD0D8BAE2}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0901F377-CB14-47DC-8521-3D3D2223F156}] => C:\Users\Johan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB8C794A-2CEC-404E-BC37-C7C787EDEF97}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C604676B-FD3A-4BEB-92C0-B526C973CF6F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4EA489D-781B-4D3C-9611-4840BF7239EE}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8779B13D-6552-4B5F-8C32-E2FBAFFBC11E}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{46DACE0E-68CE-4334-AB45-A392740CB3FD}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{139C1DB6-B09F-4F86-B082-918D0EF3CE10}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{346F0104-51D6-40E9-9C85-8D1EE8902E78}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{0F896051-1819-4219-BA26-2C1F3B80813D}] => C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BED9D539-6907-4D4A-AB64-BA804B42F01C}] => C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0F82735C-A618-4468-967A-FCED7F2D0261}] => C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{B2B06AD6-737E-4F21-A884-11EF96B4EA00}] => C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{DAE071E5-3E00-4BA0-94DF-6522D228ED5D}] => C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{95152670-44C8-4F8F-B691-61BDD326104D}] => C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{AA29F27C-9695-41C9-90D4-D74C97C73799}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{451A98CB-03C1-42FB-9E22-C5DF4A150DE7}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{0D9384C3-D8F9-416A-ADF9-27B286FFB13F}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1B8505B0-F7D3-4E62-8400-81F54069358B}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{814CC29C-57CD-4286-B7C3-993FF9F60480}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{E3FD38C2-3F53-4422-8546-D6F099D072E1}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{C442086C-A6A6-47A1-A9F9-4F7505D97A00}] => C:\Users\Johan\Desktop\onion\Tor Browser\Browser\firefox.exe
FirewallRules: [{75C22782-88B1-4FE0-A333-6D227FE80017}] => C:\Users\Johan\Desktop\onion\Tor Browser\Browser\firefox.exe
FirewallRules: [{7C89C4FC-B2A0-43A6-BF12-9B7254ED271E}] => C:\Users\Johan\Desktop\onion\Tor Browser\Browser\firefox.exe
FirewallRules: [{E0F9B20B-A5F4-4C66-8C4D-979F2205D137}] => C:\Users\Johan\Desktop\onion\Tor Browser\Browser\firefox.exe
FirewallRules: [{B3A4E464-685E-48B4-BA5D-F3E222BDF703}] => C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{9C549B35-304A-4FF5-87F4-A7A286B0D3DC}] => C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{1F8CEDAA-B53E-42B4-BB38-D730AE41EF1A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{868BE036-B1D6-41A9-B6EF-18D1258F14B2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F5EE54E7-63D3-479F-9C4F-4297849ED296}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{242C2B14-0B52-42AC-A22B-E9786B6648CD}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF35C52A-51DD-4C56-853A-BB8F6EAB9984}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{87765F71-441C-4388-A494-4039DD14559F}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{90C4A3B7-354F-453F-885B-2531F9B001B3}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CDF45E53-2C6A-4F71-A13F-AADD30B2C714}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{B489649E-66FE-4042-A8C4-294F8D2E85AE}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{5670961B-9FBD-407B-992B-8E4C86E06D52}] => C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{96C9321A-731A-49E2-A6FA-D50CD9EC7772}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D58E40E0-B582-4FEB-AA4A-9CDDE26D0B44}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{792BBA18-B231-4E56-A596-79F0D7184727}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{B1A389D5-DA70-453A-A7ED-F460C6AE8890}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{743EA4BD-D100-45B1-90E4-7B8B0FA33FC5}] => C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{813AAD9B-28D8-4B2E-B605-517474CC589A}] => C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{33580F5C-6BD9-47D2-88EF-EA54F018A130}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D5BC6F5A-85FC-4E15-AD81-1AC075FC2578}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D826A0D3-02C9-49A0-95C7-9C68591B0CF0}] => C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{CF9908DA-7A1F-4AC5-A2F1-FB9F1388AB8F}] => C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{6A943954-9D26-43D6-8038-5473CABE0E5C}] => C:\Program Files\KeyShot6\bin\keyshot6.exe
FirewallRules: [{E7B7B089-200D-4B99-8045-11854C6DF7FF}] => C:\Program Files\KeyShot6\bin\keyshot_daemon.exe
FirewallRules: [{1071727E-6F16-466F-AE64-0C72425A04F6}] => C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{39D4F16B-1530-4A6E-9F74-E53B15EAE34F}] => C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{4572D244-BEBC-45B8-9129-038C900B5500}] => C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{3D7CC23D-4022-4F2D-BD5A-BA7F55768D6F}] => C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
 
==================== Herstelpunten =========================
 
04-12-2016 13:46:22 Gepland controlepunt
10-12-2016 19:42:27 Windows Update
11-12-2016 22:07:57 Windows Back-up
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (12/12/2016 12:45:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 13d4
 
Start Time: 01d2546d255a36e6
 
Termination Time: 1
 
Application Path: C:\Users\Johan\Downloads\FRST64.exe
 
Report Id: 76afd4a0-c060-11e6-9f4b-c04a002ada3e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/12/2016 04:50:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
Exception code: 0xc0000005
Fault offset: 0x0000000000023c00
Faulting process id: 0x1e54
Faulting application start time: 0x01d2542375c79924
Faulting application path: C:\WINDOWS\system32\CompatTelRunner.exe
Faulting module path: C:\WINDOWS\system32\devinv.dll
Report Id: d3e733ba-a2da-43fc-af99-bbbc1c5a42b1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/12/2016 12:19:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:43:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:43:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:43:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:07:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:07:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 10:06:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (12/11/2016 12:55:52 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
 
Systeemfouten:
=============
Error: (12/12/2016 08:30:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 12:54:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/10/2016 02:41:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/09/2016 12:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/08/2016 12:52:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 12:59:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (12/07/2016 12:55:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 06:56:36 AM) (Source: DCOM) (EventID: 10010) (User: GEENPC)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (12/06/2016 01:12:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/05/2016 11:10:14 PM) (Source: DCOM) (EventID: 10010) (User: GEENPC)
Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-01 15:14:17.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-11-01 15:14:17.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-11-01 15:14:16.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage geheugen in gebruik: 25%
Totaal fysiek RAM-geheugen: 16325.76 MB
Beschikbaar fysiek RAM-geheugen: 12104.61 MB
Totaal Virtueel geheugen: 18757.76 MB
Beschikbaar Virtual geheugen: 13726.87 MB
 
==================== Schijven ================================
 
Drive c: () (Fixed) (Total:930.73 GB) (Free:400.66 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1283.72 GB) NTFS
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DA819D5E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 64B99DF7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== Eind van Addition.txt ============================


#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 13 December 2016 - 02:05 AM

Hi piemels :)
 
Going over your logs I noticed that you have BitTorrent installed

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs as this is by far the most likely reason you were infected!
  • Files that are downloaded from these website are most likely infected, and even though they may appear to be what you wanted, they may infect your computer at the same time! Do not download files from your p2p client and if you do, always scan the file with your anti-virus before executing them!
  • Websites that contain links to download are also highly likely to try and infect your computer! Please avoid them as much as possible and if pop-up boxes appear, always try and close them by clicking the cross at the top right of the window or terminating the browser!
  • The best way to eliminate the risk of infection from P2P applications are to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove the program and need directions, see this link.
 
If you wish to keep it, please do not use it, and remove all files downloaded from it until your computer is cleaned!
 
Next:

 

Can you tell me if you know what this file is on your desktop?

C:\Users\Johan\Desktop\hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.txt

Next:
 
We need to run a fix with the FRST64 program but we need to make one adjustment first:

  • Open your Downloads folder
  • Right-click FRST64.exe
  • Select Rename
  • Type EnglishFRST64.exe in the box and press the Enter key to confirm the change but do not run the program just yet

Next:
 
Please copy and paste the text below in its entirety into a Notepad window.

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
File: C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

Save the file to your Downloads folder as fixlist.txt. Note: EnglishFRST64 and fixlist.txt must be in the same folder in order for the fix to work.

  • Run EnglishFRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt,and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me

Next:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right click on AdwCleaner.exe and select Run As Administrator  to run the tool
  • The tool will start to update the database if one is required
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply
  • A copy of all logfiles are saved to C:\AdwCleaner
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

In summary I will need from you:

  • Whether or not you uninstalled BitTorrent
  • Do you know what the text file is on your Desktop with the 89 h's in it? :)
  • Fixlog.txt
  • Adwcleaner log
  • How is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#6 piemels

piemels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 13 December 2016 - 07:20 AM

Hello,

So first of all, i didn't uninstall BitTorrent because i haven't used it in like 3 to 4 months and i'm pretty sure that the infected stick caused all of this. 

The hhhhhhhh... file is a personal file and also located on my desktop so i do know what it is.

 

Here is the Fixlog.txt :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Johan (13-12-2016 12:55:57) Run:1
Running from C:\Users\Johan\Downloads
Loaded Profiles: Johan (Available Profiles: Johan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
File: C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
 
========================= File: C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe ========================
 
File not signed
MD5: AAA4BC7C374A759C20AF85488AD64C73
Creation and modification date: 2015-12-22 20:35 - 2016-09-15 21:41
Size: 0009728
Attributes: ----A
Company Name: Hi-Rez Studios
Internal Name: HiPatchService.exe
Original Name: HiPatchService.exe
Product: HiPatchService
Description: HiPatchService
File Version: 5.0.5.5
Product Version: 5.0.5.5
Copyright: Copyright © Hi-Rez Studios 2011
 
====== End of File: ======
 
 
The system needed a reboot.
 
==== End of Fixlog 12:56:43 ====
 
 

 

 

The Adwcleaner log:

 

# AdwCleaner v6.040 - Logbestand aangemaakt 13/12/2016 op 13:06:13
# Bijgewerkt op 02/12/2016 door Malwarebytes
# Database : 2016-12-13.2 [Server]
# Besturingssysteem : Windows 10 Home  (X64)
# Gebruikersnaam : Johan - GEENPC
# Gestart vanuit : C:\Users\Johan\Downloads\AdwCleaner.exe
# Mode: Verwijderen
 
 
 
***** [ Services ] *****
 
 
 
***** [ Mappen ] *****
 
[-] Map verwijderd: C:\Users\Johan\ScreenShot
 
 
***** [ Bestanden ] *****
 
[-] Bestand verwijderd: C:\END
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Snelkoppelingen ] *****
 
 
 
***** [ Geplande Taken ] *****
 
 
 
***** [ Register ] *****
 
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
 
 
***** [ Browsers ] *****
 
 
 
*************************
 
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1618 bytes] - [30/08/2015 16:01:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [1229 bytes] - [13/12/2016 13:06:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [7943 bytes] - [30/08/2015 16:01:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [1647 bytes] - [13/12/2016 13:04:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1448 bytes] ##########
 
 
I do not know how my pc is performing now compared to before the fix as the virus didn't make my pc any slower, it just stole my mastercard account details.


#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 15 December 2016 - 03:49 PM

Hi piemels :)
 
We need to run another fix with EnglishFRST64.

  • Please copy and paste the one line of text below into a Notepad window. 
emptytemp:
  • Save the file to your Downloads folder as fixlist.txt. Note: EnglishFRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run EnglishFRST64
  • Click on Fix
  • Depending on how many temporary files you have, it could take a few minutes for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt,and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me

Next:
 
Before you insert and scan your infected USB drive, we need to use Panda USB Vaccine to neutralize any program that wants to automatically run as soon as it is plugged into your computer.

  • Please download USBVaccineSetup.exe from Panda Software to your Download folder. Note: The download mirror is called MajorGeeks and the download should start automatically. Please do not click on any advertisements.
  • Double-click on the zip file you just downloaded and extract the usbvaccine.exe file to your Desktop (or other folder of your choosing)
  • Double-click usbvaccine.exe to launch the setup program
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure Launch Panda USB Vaccine is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm the Computer is vaccinated.
  • Hold down the Shift key and insert your external, infected, USB drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the drive in the computer

Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. Once USB drives have been vaccinated, they cannot be reversed except with a format, meaning you will have to manually attempt to run something from the USB device rather than it running on its own simply by inserting the device. If you need to reformat the USB device to reverse this protection be sure to back up your data files first or they will be lost during the formatting process.
 
Next:
 
With your infected USB drive still in the machine:

  • Run the Malwarebytes Anti-Malware program that is already installed on your computer
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Configure Scan
  • Place a check mark next to the drive letter that corresponds to your USB drive plus any additional drives you would like to scan
  • Click Scan now

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Hold down the Windows flag key and tap the letter S. This will open a search box. Tyep mbam in the box.
Double-click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log into your next reply to me.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt into your next reply to me

Next:

I'd like us to scan your machine with ESET OnlineScan with your USB drive still plugged in..This process may may take several hours and that is normal.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK <- Very important!
  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

In summary I will need from you:

  • Fixlog.txt
  • Malwarebyte Anti-Malware log
  • ESET log if any detections were found
  • How is your computer performing now?

Let me know if you have any questions.

 

polskamachina



#8 piemels

piemels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 16 December 2016 - 10:27 AM

I might have a problem here,
 
So i ran the usbvaccine program and i ''vaccinated'' my pc. After vaccinating my pc you told me to ''Hold down the Shift key and insert your external, infected, USB drive''. So i held down the shift key during the whole process of me inserting the USB drive into my pc while my pc was vaccinated. 
The problem though is that the name of the drive didn't appear. All i got was a notification from windows defender saying that the drive contained malware. I left the drive in my pc for a good minute before unplugging it, while still holding the shift key, but nothing appeared on the usb vaccine program.
 
Atleast the FRST64 fix worked, so here is the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Johan (16-12-2016 14:26:28) Run:2
Running from C:\Users\Johan\Downloads
Loaded Profiles: Johan (Available Profiles: Johan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
emptytemp:
 
*****************
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 77709105 B
Java, Flash, Steam htmlcache => 554210088 B
Windows/system/drivers => 3366365 B
Edge => 1656994 B
Chrome => 761224271 B
Firefox => 2332436 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8032 B
Johan => 2684497283 B
 
RecycleBin => 1726185075 B
EmptyTemp: => 5.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:27:07 ====

Edited by piemels, 16 December 2016 - 10:29 AM.


#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 17 December 2016 - 07:15 PM

Hi piemels,

 

I am working on a fix for you. Please be patient. :busy:

 

Thank you.

 

polskamachina



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 18 December 2016 - 08:45 PM

Hi piemels,

Sorry you were having trouble completing the tasks in my last post. Let's find another way to get this job done. Please read all the directions below carefully before proceeding and make sure you don't skip any of the steps! :)

I would like you to disable the Windows AutoPlay function for your removable (USB) drive before you perform the vaccination and upcoming malware scan. The complete directions follow:

Before you insert your USB drive, please do the following:

  • .Open Control Panel > AutoPlay
  • You will see the following window:

configure-autoplay.jpg
Here you will be able to configure your AutoPlay settings for each media.

In the settings for Removable drive, click the down arrow and choose the selection, Take no action.

Next:

We're going to try the vaccination again. Do not press the Shift key this time. If the procedure fails, I'm hoping at least a drive letter will be assigned to it and then it can be scanned for malware.

  • Launch Panda USB Vaccine (not the setup program, the application)
  • The green checkmark button should already appear and confirm the Computer is vaccinated.
  • Insert your USB drive into the computer
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the drive in the computer

Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. Once USB drives have been vaccinated, they cannot be reversed except with a format, meaning you will have to manually attempt to run something from the USB device rather than it running on its own simply by inserting the device. If you need to reformat the USB device to reverse this protection be sure to back up your data files first or they will be lost during the formatting process.

Next:

  • Type Windows Defender in the cortana search box and click on Windows Defender in the search results.

175AB70E37DF.png

  • I would like you to perform a manual scan on your USB drive.
  • Check the option for Custom scan.

98AF6FF59F26.png


  • Select the drive letter of your USB drive Note: If the drive letter of the USB drive does not appear as a selection, change the selection to Full and click on Scan now.
  • Click on OK button to start the scan.

    8672DE37C640.png

When the scan has completed, let me know in detail if anything is detected. Unfortunately, there is no simple way that I have found to copy and paste a scan log. Therefore if the detected item list is rather short, please manually copy the Quarantined items list and the All detected items list into your next reply to me. If the list is lengthy, then take two screenshot of the Quarantined items and All detected items and paste it into your next reply to me.

F445A4D2ED47.png

  • Quarantines items: These are items that are detected harmful, and are prevented from running on your computer. These are not removed from your computer.
  • Allowed items: These are items that are detected suspicious, but you have manually selected them to be safe and allowed to be run on computer.
  • All detected items: This is list of all detected malicious items on your computer.

In summary I will need from you:

  • Whether or not your USB drive was recognized and assigned a drive letter
  • The results of vaccinating your USB drive
  • Results of the Windows Defender scan including Quarantined items and All detected items
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#11 piemels

piemels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 19 December 2016 - 07:15 AM

Hi,

I disabled autoplay, i didn't hold the shift key this time while plugging the usb drive in my pc and still nothing appeared. Windows defender however did give me a warning about malware again, so i went over to the usb drive itself and found this hidden folder called Recycler which contained an .exe file.

I also noticed that the last couple of days my pc has been getting slower. I was playing Dota yesterday and my pc got so slow that it crashed. It could be due to a big update to the game, but i doubt it, as everything else is going much slower as well.



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 December 2016 - 03:16 PM

Hi piemens :)
 
Let me try to deconstruct what's going on here.
 
Please answer the following:

  • When you ran the Panda vaccination software and inserted the USB drive, were you able to vaccinate the USB drive?
  • You said:

    I disabled autoplay, i didn't hold the shift key this time while plugging the usb drive in my pc and still nothing appeared

    Are you saying that you couldn't complete the instruction below because the drive didn't appear in the dialog box?

    When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).

  • You said:

    I went over to the usb drive itself and found this hidden folder called Recycler which contained an .exe file.

  • How did you go over to the USB drive to examine it?
  • Was the USB drive ever assigned a drive letter?
  • Were you able to run a custom or full Defender scan and view the quarantined or detected files in the History window?

In summary I will need from you:

  • Answers to the above six questions.

Let me know if you have any questions.
 
polskamachina



#13 piemels

piemels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 20 December 2016 - 10:56 AM

Hello again,

I can not vaccinate the USB drive because the USB drive doesn't appear in the dialog box, as i already told you, no matter if i press shift or not. To examine the USB drive i simply went over to ''This PC''.

Here is a screenshot of the USB drive (F:) https://i.gyazo.com/67404eac0643d2371a5c72b6d2cd4c7d.png

I also did not scan anything as we haven't gotten any further than the vaccinating program for the past couple of days.


Edited by piemels, 20 December 2016 - 11:08 AM.


#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 20 December 2016 - 07:13 PM

HI pimels :)
 
Thanks for explaining your situation. I think my directions weren't precise enough and thus the confusion. I wanted you to scan your USB drive regardless of the vaccination outcome.
 
I do have one question before we get started. The screenshot you posted of your USB drive shows a capacity of 1.8 TB. You had said you ordered a 1 TB drive online. Is there anything printed on the drive itself showing the storage capacity of the drive? Could it be a 2 TB drive? I just want to make sure we're testing the correct USB drive. :thumbup2:
 
Next:
 
Please do the following without attempting to run the Panda vaccination program:

  • Insert your USB drive into the computer Note: If you get any Defender popup malware warnings, acknowledge the message and continue to the next step
  • Open the Windows Defender program as you did last time
  • Click Custom in the Scan options
  • Select the options for Local Disk (C:) AND  Removable drive (F:)
  • Click OK to start the scan
  • Let me know the results either with a screen shot of the Quarantine and detected items or a manually typed list.

Let me know if you have any questions
 
polskamachina



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 23 December 2016 - 11:02 PM

Hi piemels :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users