Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

undetectable virus opens up cmd to download files


  • This topic is locked This topic is locked
8 replies to this topic

#1 henrik0706

henrik0706

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 December 2017 - 12:15 PM

my computer had some malware installed due to an unfortunate torrent (a lot of files that involve mail.ru malware)

malwarebytes has removed the bigger part of the infection except for my chrome browser randomly opening up commercial tabs (presumably it chooses my default one because it opens even without having chrome running). All the files malwarebytes has removed are commercial related, so there hasn't been a sign of keyloggers but that doesn't mean there aren't

I have also run adwcleaner

every hour or so CMD pops open with some text that it's downloading/copying files which is understandably a source of worry https://imgur.com/GTOwK6h (this is only one example since i have seen some other things popping up on cmd) I ofcourse immediately close the CMD

I did some research and went to Windows PowerShell and typed in this command

Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Select -ExpandProperty RemoteName

which showed me a website called 44dnfindr.com/grdsz0nbk2sz.zip (I removed http:// because i don't want people clicking on it) which I then removed with

Get-BitsTransfer -AllUsers | Remove-BitsTransfer

But the problem still persists

 

 

thanks in advance!


Edited by henrik0706, 30 December 2017 - 12:17 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 30 December 2017 - 12:43 PM

Hi henrik0706 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 henrik0706

henrik0706
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 December 2017 - 01:02 PM

It's in dutch and i can't seem to find an english option, I would've attached the files but since you instructed me to paste them I did so, I hope that's what you meant

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 26-12-2017
Gestart door Henrik (Beheerder) op DESKTOP-4073GER (30-12-2017 18:56:53)
Gestart vanaf C:\Users\Henrik\Downloads
Geladen Profielen: Henrik (Beschikbare Profielen: Henrik)
Platform: Windows 10 Pro Versie 1607 14393.1944 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Discord Inc.) C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(BitTorrent Inc.) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Henrik\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henrik\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8804608 2016-04-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Run: [Spotify Web Helper] => C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-18] (Spotify Ltd)
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\MountPoints2: {b6a3d043-a915-11e6-99d2-4ccc6a00362b} - "D:\startme.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-11-02]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2016-07-22]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe ()
GroupPolicy: Restrictie <==== AANDACHT
GroupPolicy\User: Restrictie <==== AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2a9850a3-ac51-4925-9f3e-8ccf1fd79408}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a8940205-9ea4-4b5f-91e9-229a4822fa30}: [DhcpNameServer] 195.130.130.2 195.130.131.2
 
Internet Explorer:
==================
HKU\S-1-5-21-261629105-476541481-405180440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-261629105-476541481-405180440-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/nl-be/?ocid=iehp
SearchScopes: HKU\S-1-5-21-261629105-476541481-405180440-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-25] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-08-03] (Perfect World Entertainment Inc)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-25] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\8O6E5eaD.default [2016-09-11]
FF Extension: (Avira Browser Safety) - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\8O6E5eaD.default\Extensions\abs@avira.com [2016-09-11] [Verouderd]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-08-03] (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [Geen bestand]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-261629105-476541481-405180440-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henrik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-261629105-476541481-405180440-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-14] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406
CHR StartupUrls: Default -> "hxxp://www.google.be/"
CHR Profile: C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
CHR Extension: (Presentaties) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documenten) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-12]
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-12]
CHR Extension: (Adblock Plus) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Tampermonkey) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-12-29]
CHR Extension: (ScriptGate) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2017-12-29]
CHR Extension: (Spreadsheets) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Stylish: Aangepaste thema's voor elke website) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-11-12]
CHR Extension: (Offline Documenten) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-16]
CHR Extension: (WhatFont) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-08-12]
CHR Extension: (Noisli) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\klejemegaoblahjdpcajmpcnjjmkmkkf [2017-09-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-03]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-261629105-476541481-405180440-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-08-03] (Perfect World Entertainment Inc)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122792 2017-12-02] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-08-08] (EasyAntiCheat Ltd)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2017-01-13] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-07-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-07-22] (Disc Soft Ltd)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [542672 2016-05-10] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-30] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_4cc90e2d08e794ec\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43888 2017-05-12] (SteelSeries ApS)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 vhidmini; C:\WINDOWS\System32\drivers\vjoy.sys [15544 2014-06-23] (Headsoft)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 bqwhvipy; \??\C:\WINDOWS\system32\drivers\bqwhvipy.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-12-30 18:56 - 2017-12-30 18:57 - 000023105 _____ C:\Users\Henrik\Downloads\FRST.txt
2017-12-30 18:56 - 2017-12-30 18:56 - 000000000 ____D C:\FRST
2017-12-30 18:55 - 2017-12-30 18:55 - 002391552 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2017-12-30 18:07 - 2017-12-30 18:07 - 000000531 _____ C:\Users\Henrik\Downloads\divinity-original-sin-2-v3_0_160_028_K4SY6B.torrent
2017-12-30 11:37 - 2017-12-30 15:14 - 000000000 ____D C:\AdwCleaner
2017-12-30 11:37 - 2017-12-30 11:37 - 008198432 _____ (Malwarebytes) C:\Users\Henrik\Downloads\adwcleaner_7.0.6.0.exe
2017-12-30 11:36 - 2017-12-30 11:36 - 008172032 _____ (Malwarebytes) C:\Users\Henrik\Downloads\AdwCleaner.exe
2017-12-30 01:21 - 2017-12-30 01:21 - 000694316 _____ C:\WINDOWS\Minidump\123017-26781-01.dmp
2017-12-29 22:51 - 2017-12-30 14:46 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-29 22:51 - 2017-12-30 11:41 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-29 22:51 - 2017-12-30 11:41 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-29 22:51 - 2017-12-29 22:51 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-29 22:51 - 2017-12-29 22:51 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-29 22:51 - 2017-12-29 22:51 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-29 22:51 - 2017-12-29 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-29 22:51 - 2017-12-29 22:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-29 22:51 - 2017-12-29 22:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-29 22:51 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-29 22:50 - 2017-12-29 22:50 - 083316440 _____ (Malwarebytes ) C:\Users\Henrik\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-29 21:01 - 2017-12-29 21:02 - 000671540 _____ C:\WINDOWS\Minidump\122917-29015-01.dmp
2017-12-29 20:51 - 2017-12-29 20:51 - 000000000 ____D C:\Users\Henrik\AppData\LocalLow\HFM Games
2017-12-29 20:13 - 2017-12-29 20:13 - 000000222 _____ C:\Users\Henrik\Desktop\Hand Simulator.url
2017-12-29 18:04 - 2017-12-29 19:15 - 000000000 ____D C:\Users\Henrik\Downloads\Divinity - Original Sin 2 [FitGirl Repack]
2017-12-29 17:48 - 2017-12-29 17:48 - 000000530 _____ C:\Users\Henrik\Downloads\divinity-original-sin-2-v3_0_160_028_5A0KOU.torrent
2017-12-29 17:25 - 2017-12-29 17:26 - 042151072 _____ (Microsoft Corporation) C:\Users\Henrik\Downloads\Windows-KB890830-x64-V5.55.exe
2017-12-29 17:22 - 2017-12-29 17:22 - 000000000 ____D C:\Users\Henrik\AppData\Local\Unity
2017-12-29 17:21 - 2017-12-30 17:45 - 000003368 _____ C:\WINDOWS\System32\Tasks\AyCiYyiPbCQ
2017-12-29 17:21 - 2017-12-30 11:45 - 000003544 _____ C:\WINDOWS\System32\Tasks\iweyJ
2017-12-29 17:21 - 2017-12-29 17:21 - 000003690 _____ C:\WINDOWS\System32\Tasks\SIunY
2017-12-29 17:21 - 2017-12-29 17:21 - 000000001 _____ C:\Users\Henrik\AppData\Local\WMI.ini
2017-12-29 17:21 - 2016-07-16 12:43 - 000001062 _____ C:\WINDOWS\TelI
2017-12-29 17:21 - 2016-07-16 12:43 - 000001038 _____ C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE
2017-12-29 17:21 - 2016-07-16 12:43 - 000000072 ____N C:\Users\Henrik\TYRXFUA
2017-12-29 17:21 - 2016-07-16 12:43 - 000000045 _____ C:\Program Files (x86)\cbytjfm
2017-12-29 17:21 - 2016-07-16 12:42 - 000177152 _____ (Microsoft Corporation) C:\Users\Henrik\AppData\Roaming\oEIOU.exe
2017-12-29 17:21 - 2016-07-16 12:42 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\eEoOwliEq.exe
2017-12-29 17:20 - 2017-12-29 17:20 - 000003714 _____ C:\WINDOWS\System32\Tasks\bltopncomhohoj
2017-12-29 14:46 - 2017-12-29 14:46 - 000101017 _____ C:\Users\Henrik\Downloads\Periphery - Epic Fail (guitar pro).gp5
2017-12-27 23:42 - 2017-12-27 23:42 - 000000222 _____ C:\Users\Henrik\Desktop\Doki Doki Literature Club.url
2017-12-27 15:28 - 2017-12-27 15:28 - 003366697 _____ C:\Users\Henrik\Downloads\saxtonhalerebirth++v2f-8bdmv5bcompat.pk3
2017-12-27 15:27 - 2017-12-27 15:28 - 064116575 _____ C:\Users\Henrik\Downloads\saxtonhalerebirth++musicv2a.pk3
2017-12-27 15:13 - 2017-12-27 15:13 - 000000000 ____D C:\Users\Henrik\AppData\Local\doomseeker
2017-12-27 15:12 - 2017-12-27 15:37 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\.doomseeker
2017-12-27 15:11 - 2017-12-27 15:11 - 007405167 _____ C:\Users\Henrik\Downloads\doomseeker-1.0_windows.zip
2017-12-27 15:11 - 2017-12-27 15:11 - 000000000 ____D C:\Users\Henrik\Downloads\doomseeker-1.0_windows
2017-12-26 23:10 - 2017-12-26 23:57 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\TS3Client
2017-12-26 23:09 - 2017-12-26 23:09 - 000001008 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-12-26 23:09 - 2017-12-26 23:09 - 000000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-12-26 23:09 - 2017-12-26 23:09 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-12-26 23:08 - 2017-12-26 23:09 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Henrik\Downloads\TeamSpeak3-Client-win64-3.1.7.exe
2017-12-26 15:47 - 2017-12-27 15:41 - 000000000 ____D C:\Users\Henrik\Downloads\MM8BDM-v5c
2017-12-26 15:46 - 2017-12-26 15:46 - 125689503 _____ C:\Users\Henrik\Downloads\MM8BDM-v5c.zip
2017-12-26 12:30 - 2017-12-26 12:30 - 085431875 _____ C:\Users\Henrik\Downloads\The_Song_Builder_s_Toolbox.zip
2017-12-25 22:39 - 2017-12-25 22:39 - 003784997 _____ C:\Users\Henrik\Downloads\MCLauncher_64bit (1).zip
2017-12-25 22:39 - 2017-12-25 22:39 - 000000000 ____D C:\Users\Henrik\Downloads\MCLauncher_64bit (1)
2017-12-21 00:11 - 2017-12-21 00:21 - 000000000 ____D C:\Users\Henrik\AppData\Local\UNDERTALE
2017-12-21 00:08 - 2017-12-21 00:08 - 000002154 _____ C:\Users\Henrik\Desktop\UNDERTALE - Snelkoppeling.lnk
2017-12-21 00:07 - 2017-12-21 00:07 - 000000000 ____D C:\Users\Henrik\Downloads\Undertale.v31.08.2017
2017-12-21 00:06 - 2017-12-21 00:06 - 441721453 _____ C:\Users\Henrik\Downloads\Undertale.v31.08.2017.rar
2017-12-20 15:47 - 2017-12-20 15:47 - 000021123 _____ C:\Users\Henrik\Downloads\Issues - Hero (guitar pro).gp5
2017-12-20 15:28 - 2017-12-20 15:28 - 000000222 _____ C:\Users\Henrik\Desktop\Long Live Santa!.url
2017-12-20 14:03 - 2017-12-20 14:04 - 000610190 _____ C:\Users\Henrik\Downloads\Issues-Mad-At-Myself-guitar-pro.pdf
2017-12-20 13:49 - 2017-12-20 13:49 - 000610190 _____ C:\Users\Henrik\Desktop\Issues - Mad At Myself (guitar pro).pdf
2017-12-18 19:18 - 2017-12-18 19:18 - 000035087 _____ C:\Users\Henrik\Downloads\Issues - Mad At Myself (guitar pro) (1).gp5
2017-12-18 16:52 - 2017-12-18 16:52 - 000514172 _____ C:\Users\Henrik\Downloads\openhardwaremonitor-v0.8.0-beta (1).zip
2017-12-18 11:41 - 2017-12-18 11:41 - 000035087 _____ C:\Users\Henrik\Downloads\Issues - Mad At Myself (guitar pro).gp5
2017-12-18 11:31 - 2017-12-18 11:31 - 000019060 _____ C:\Users\Henrik\Downloads\Issues - Coma (guitar pro).gp5
2017-12-16 12:17 - 2017-12-16 12:17 - 000098943 _____ C:\Users\Henrik\Downloads\Animals As Leaders - Physical Education (guitar pro).gp5
2017-12-12 21:31 - 2017-11-30 10:45 - 000982392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-12 21:31 - 2017-11-30 10:33 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-12-12 21:31 - 2017-11-30 10:29 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-12 21:31 - 2017-11-30 10:28 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-12 21:31 - 2017-11-30 10:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-12-12 21:31 - 2017-11-30 10:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 21:31 - 2017-11-30 10:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 21:31 - 2017-11-30 10:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-12-12 21:31 - 2017-11-30 10:25 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-12-12 21:31 - 2017-11-30 10:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 21:31 - 2017-11-30 10:25 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 21:31 - 2017-11-30 10:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-12-12 21:31 - 2017-11-30 10:25 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 21:31 - 2017-11-30 10:24 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-12 21:31 - 2017-11-30 10:24 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 21:31 - 2017-11-30 10:24 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-12-12 21:31 - 2017-11-30 10:24 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll
2017-12-12 21:31 - 2017-11-30 10:23 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-12-12 21:31 - 2017-11-30 10:23 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-12-12 21:31 - 2017-11-30 10:23 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 21:31 - 2017-11-30 10:22 - 019411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 21:31 - 2017-11-30 10:22 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-12 21:31 - 2017-11-30 10:22 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 21:31 - 2017-11-30 10:21 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-12-12 21:31 - 2017-11-30 10:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-12-12 21:31 - 2017-11-30 10:17 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-12-12 21:31 - 2017-11-30 10:16 - 006066688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-12 21:31 - 2017-11-30 10:16 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 21:31 - 2017-11-30 10:16 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 21:31 - 2017-11-30 10:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-12-12 21:31 - 2017-11-30 10:15 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 21:31 - 2017-11-30 10:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-12-12 21:31 - 2017-11-30 10:14 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-12-12 21:31 - 2017-11-30 10:14 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-12-12 21:31 - 2017-11-30 10:14 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 21:31 - 2017-11-30 09:22 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-12 21:31 - 2017-11-30 09:17 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-12 21:31 - 2017-11-30 09:16 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-12 21:31 - 2017-11-30 09:16 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-12-12 21:31 - 2017-11-30 09:16 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-12 21:31 - 2017-11-30 09:15 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-12 21:31 - 2017-11-30 08:53 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-12 21:31 - 2017-11-30 08:50 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-12-12 21:31 - 2017-11-30 08:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-12 21:31 - 2017-11-30 08:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 21:31 - 2017-11-30 08:44 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 21:31 - 2017-11-30 08:42 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-12-12 21:31 - 2017-11-30 08:42 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 21:31 - 2017-11-30 08:41 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-12 21:31 - 2017-11-30 08:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 21:31 - 2017-11-30 08:39 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-12-12 21:31 - 2017-11-30 08:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-12 21:31 - 2017-11-30 08:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 21:31 - 2017-11-30 08:38 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-12 21:31 - 2017-11-30 08:37 - 008118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-12-12 21:31 - 2017-11-30 08:37 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 013108224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-12-12 21:31 - 2017-11-30 08:36 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-12-12 21:31 - 2017-11-30 08:34 - 004739584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 21:31 - 2017-11-30 08:33 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-12-12 21:31 - 2017-11-30 08:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 21:31 - 2017-11-30 08:33 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-12-12 21:31 - 2017-11-30 08:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 21:31 - 2017-11-30 08:32 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 21:31 - 2017-11-30 08:32 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-12-12 21:31 - 2017-03-04 07:19 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-12 21:31 - 2016-09-07 05:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-12-12 18:44 - 2017-12-13 20:36 - 000000422 _____ C:\WINDOWS\Tasks\update-sys.job
2017-12-12 18:44 - 2017-12-13 20:36 - 000000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-261629105-476541481-405180440-1001.job
2017-12-12 18:44 - 2017-12-12 18:44 - 002731152 _____ (Skillbrains ) C:\Users\Henrik\Downloads\setup-lightshot.exe
2017-12-12 18:44 - 2017-12-12 18:44 - 000003408 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-261629105-476541481-405180440-1001
2017-12-12 18:44 - 2017-12-12 18:44 - 000003348 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-12-12 18:44 - 2017-12-12 18:44 - 000000425 _____ C:\Users\Henrik\AppData\Local\UserProducts.xml
2017-12-12 18:44 - 2017-12-12 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-12-12 18:44 - 2017-12-12 18:44 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2017-12-12 17:58 - 2017-12-12 17:58 - 000003331 _____ C:\Users\Henrik\Downloads\reeks08.py
2017-12-12 17:58 - 2017-12-12 17:58 - 000003150 _____ C:\Users\Henrik\Downloads\reeks09.py
2017-12-12 17:57 - 2017-12-12 17:57 - 000003983 _____ C:\Users\Henrik\Downloads\reeks07.py
2017-12-12 17:57 - 2017-12-12 17:57 - 000001292 _____ C:\Users\Henrik\Downloads\reeks06.py
2017-12-12 17:54 - 2017-12-12 17:54 - 000001752 _____ C:\Users\Henrik\Downloads\blabla.py
2017-12-12 17:52 - 2017-12-12 17:53 - 000003013 _____ C:\Users\Henrik\Downloads\Huntington-Hill-methode2.py
2017-12-12 17:50 - 2017-12-12 17:50 - 000003057 _____ C:\Users\Henrik\Downloads\usa.py
2017-12-12 17:16 - 2017-12-12 17:16 - 011065355 _____ C:\Users\Henrik\Downloads\C_M_les2.pptx
2017-12-10 22:28 - 2017-12-10 22:28 - 020713102 _____ C:\Users\Henrik\Downloads\C_M_les1.pptx
2017-12-09 13:24 - 2017-12-09 13:24 - 000000222 _____ C:\Users\Henrik\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
2017-12-08 22:00 - 2017-12-08 22:00 - 000000000 ____D C:\Users\Henrik\AppData\Local\FortniteGame
2017-12-08 21:40 - 2017-12-08 21:40 - 001393837 _____ C:\Users\Henrik\Downloads\Werkcollege_2 (2).pptx
2017-12-08 20:16 - 2017-12-08 20:16 - 000000000 ____D C:\Program Files\Epic Games
2017-12-08 20:10 - 2010-05-26 11:41 - 002401112 ____N (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-12-08 20:09 - 2017-12-08 20:09 - 000000000 ____D C:\Users\Henrik\AppData\Local\UnrealEngineLauncher
2017-12-08 20:09 - 2017-12-08 20:09 - 000000000 ____D C:\Users\Henrik\AppData\Local\EpicGamesLauncher
2017-12-08 20:08 - 2017-12-08 20:08 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-12-08 20:08 - 2017-12-08 20:08 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-08 20:07 - 2017-12-08 20:10 - 000000000 ____D C:\ProgramData\Epic
2017-12-08 20:07 - 2017-12-08 20:07 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-12-08 19:55 - 2017-12-08 19:56 - 032145408 _____ C:\Users\Henrik\Downloads\EpicInstaller-6.10.0-fortnite-e25cc98e0c1540ac8ed0aafa48fa8424 (1).msi
2017-12-08 19:55 - 2017-12-08 19:55 - 032145408 _____ C:\Users\Henrik\Downloads\EpicInstaller-6.10.0-fortnite-e25cc98e0c1540ac8ed0aafa48fa8424.msi
2017-12-01 23:53 - 2017-12-01 23:53 - 000003384 _____ C:\Users\Henrik\Downloads\Scorge120_AmpliTube-Metal_Djent_Preset.atmp
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-12-30 18:56 - 2016-07-15 03:40 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\uTorrent
2017-12-30 18:50 - 2017-07-24 18:49 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-30 18:08 - 2017-08-09 19:07 - 000000000 ____D C:\Users\Henrik\AppData\LocalLow\uTorrent
2017-12-30 17:24 - 2016-07-16 23:13 - 001358950 _____ C:\WINDOWS\system32\perfh013.dat
2017-12-30 17:24 - 2016-07-16 23:13 - 000347832 _____ C:\WINDOWS\system32\perfc013.dat
2017-12-30 17:24 - 2016-07-13 03:14 - 003133998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-30 17:20 - 2016-11-02 12:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-30 11:47 - 2017-11-11 21:23 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-12-30 11:46 - 2017-01-13 23:23 - 000000000 ____D C:\Users\Henrik\AppData\Local\Ubisoft Game Launcher
2017-12-30 11:45 - 2016-11-02 12:36 - 000003484 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2017-12-30 11:45 - 2016-07-22 17:17 - 000000000 ____D C:\Users\Henrik\Documents\temp
2017-12-30 11:41 - 2016-11-02 12:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-30 11:41 - 2016-11-02 12:22 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-30 11:40 - 2016-07-16 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-30 11:28 - 2016-07-13 00:12 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\discord
2017-12-30 11:26 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-30 01:21 - 2017-01-30 17:16 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-30 01:20 - 2017-01-30 17:16 - 1208014895 _____ C:\WINDOWS\MEMORY.DMP
2017-12-30 01:20 - 2016-11-02 12:25 - 000000000 ____D C:\Users\Henrik
2017-12-29 21:07 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-29 21:07 - 2016-07-14 02:58 - 000000000 ____D C:\Users\Henrik\AppData\Local\CrashDumps
2017-12-29 21:01 - 2017-07-28 19:50 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-29 20:13 - 2016-07-12 22:19 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-29 19:14 - 2016-08-18 18:01 - 000000000 ____D C:\Users\Henrik\Documents\Geluidsopnamen
2017-12-29 18:49 - 2017-11-12 12:43 - 000000000 ____D C:\Users\Henrik\Desktop\tools
2017-12-29 17:28 - 2017-10-11 19:34 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-29 17:28 - 2016-07-13 01:07 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-29 17:21 - 2017-03-15 22:40 - 000000544 __RSH C:\ProgramData\ntuser.pol
2017-12-29 00:47 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-26 14:53 - 2017-08-22 17:38 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\steelseries-engine-3-client
2017-12-25 22:41 - 2017-07-28 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-25 22:41 - 2016-11-20 17:45 - 000000000 ____D C:\ProgramData\Oracle
2017-12-25 22:40 - 2017-07-28 19:50 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-12-25 22:34 - 2017-07-28 20:03 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-12-25 22:34 - 2016-11-20 17:42 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\.minecraft
2017-12-23 19:16 - 2017-07-26 00:48 - 000000000 ____D C:\Users\Henrik\AppData\LocalLow\Adobe
2017-12-21 14:51 - 2016-07-12 21:42 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-21 12:59 - 2017-09-27 17:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-20 22:58 - 2016-07-16 12:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-18 22:21 - 2017-08-06 14:28 - 000000000 ____D C:\Users\Henrik\AppData\Local\Spotify
2017-12-18 21:26 - 2017-08-06 14:28 - 000000000 ____D C:\Users\Henrik\AppData\Roaming\Spotify
2017-12-16 15:06 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\rescache
2017-12-15 13:37 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-14 17:17 - 2016-07-12 22:04 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 15:18 - 2017-09-25 14:23 - 000000000 ____D C:\ProgramData\Anaconda3
2017-12-12 23:15 - 2017-06-14 13:52 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-12 21:44 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-12 21:36 - 2016-07-13 01:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 15:37 - 2016-07-13 00:12 - 000000000 ____D C:\Users\Henrik\AppData\Local\Discord
2017-12-10 11:19 - 2017-08-14 22:13 - 000000000 ____D C:\Users\Henrik\AppData\Local\UnrealEngine
2017-12-08 19:48 - 2017-11-04 12:45 - 000000000 ____D C:\Program Files\rempl
2017-12-02 02:06 - 2016-07-16 12:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 02:06 - 2016-07-16 12:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-02 00:00 - 2016-09-11 12:33 - 000000016 _____ C:\Users\Henrik\AppData\Roaming\msregsvv.dll
2017-12-02 00:00 - 2016-09-11 12:33 - 000000016 _____ C:\ProgramData\autobk.inc
2017-12-01 18:59 - 2017-07-26 00:47 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 19:44 - 2016-07-13 03:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-30 19:42 - 2016-11-02 12:20 - 000381432 ____N C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== Bestanden in de root van sommige mappen =======
 
2016-07-16 12:43 - 2016-07-16 12:43 - 000000072 ____N () C:\Users\Henrik\TYRXFUA.bat
2017-12-29 17:21 - 2016-07-16 12:43 - 000000045 _____ () C:\Program Files (x86)\cbytjfm
2016-07-16 12:43 - 2016-07-16 12:43 - 000000045 _____ () C:\Program Files (x86)\cbytjfm.bat
2016-12-17 22:16 - 2016-12-17 22:16 - 000000033 _____ () C:\Users\Henrik\AppData\Roaming\.pgbias
2016-09-11 12:33 - 2017-12-02 00:00 - 000000016 _____ () C:\Users\Henrik\AppData\Roaming\msregsvv.dll
2017-12-29 17:21 - 2016-07-16 12:42 - 000177152 _____ (Microsoft Corporation) C:\Users\Henrik\AppData\Roaming\oEIOU.exe
2016-07-12 23:06 - 2016-07-12 23:06 - 001065984 _____ () C:\Users\Henrik\AppData\Local\file__0.localstorage
2016-12-03 14:58 - 2016-12-03 14:58 - 000007605 _____ () C:\Users\Henrik\AppData\Local\Resmon.ResmonCfg
2017-12-29 17:21 - 2016-07-16 12:43 - 000001038 _____ () C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE
2016-07-16 12:43 - 2016-07-16 12:43 - 000001038 _____ () C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE.bat
2017-12-12 18:44 - 2017-12-12 18:44 - 000000003 _____ () C:\Users\Henrik\AppData\Local\updater.log
2017-12-12 18:44 - 2017-12-12 18:44 - 000000425 _____ () C:\Users\Henrik\AppData\Local\UserProducts.xml
2017-12-29 17:21 - 2017-12-29 17:21 - 000000001 _____ () C:\Users\Henrik\AppData\Local\WMI.ini
 
Sommige bestanden in TEMP:
====================
2017-12-23 13:22 - 2017-12-25 22:51 - 000000000 _____ () C:\Users\Henrik\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-23 13:22 - 2017-12-25 22:51 - 000000016 _____ () C:\Users\Henrik\AppData\Local\Temp\b4946a5510a7a880b4ec6685eeb69c56.dll
2017-12-25 22:40 - 2017-12-25 22:40 - 001856576 _____ (Oracle Corporation) C:\Users\Henrik\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-02-10 15:54 - 2017-04-01 02:36 - 000754168 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\nvSCPAPI.dll
2016-07-28 16:50 - 2017-08-21 23:33 - 000873136 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 15:54 - 2016-12-29 13:43 - 000385928 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\nvStereoApiI.dll
2016-11-15 22:27 - 2017-08-21 23:33 - 000368760 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\nvStInst.exe
2016-10-09 11:11 - 2016-11-17 14:45 - 001135552 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\NvTelemetry.dll
2016-10-09 11:11 - 2016-12-13 00:36 - 000253376 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-09 11:11 - 2016-12-13 00:36 - 000334272 _____ (NVIDIA Corporation) C:\Users\Henrik\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-08-04 15:02 - 2017-08-04 15:02 - 007235264 _____ () C:\Users\Henrik\AppData\Local\Temp\paint.net.4.0.17.install.exe
2017-12-29 17:20 - 2017-12-29 17:20 - 002575544 _____ () C:\Users\Henrik\AppData\Local\Temp\pzcw7p0hdm.exe
2016-12-19 14:33 - 2016-12-19 14:33 - 000673976 _____ (Vitzo Ltd.) C:\Users\Henrik\AppData\Local\Temp\sdh0vl0p.exe
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2017-12-27 16:27
 

 

==================== Eind van FRST.txt ============================
 
 
 
 
 
 
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 26-12-2017
Gestart door Henrik (30-12-2017 18:58:22)
Gestart vanaf C:\Users\Henrik\Downloads
Windows 10 Pro Versie 1607 14393.1944 (X64) (2016-11-02 11:38:21)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-261629105-476541481-405180440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-261629105-476541481-405180440-503 - Limited - Disabled)
Gast (S-1-5-21-261629105-476541481-405180440-501 - Limited - Disabled)
Henrik (S-1-5-21-261629105-476541481-405180440-1001 - Administrator - Enabled) => C:\Users\Henrik
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
µTorrent (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
Any Video Converter 6.0.7 (HKLM-x32\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Uw bedrijfsnaam)
BIAS Plugins Pack (64bit) (HKLM\...\{6964E9EC-6319-49F3-915B-740F79660AB9}) (Version: 1.2.2.1160 - PositiveGrid)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Curse (HKLM-x32\...\{39258ACA-B9D9-418C-ACE2-D874436BD88D}) (Version: 6.0.0.0 - Curse)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Free YouTube Downloader 4.1.591 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Icecream Screen Recorder version 4.57 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.57 - Icecream Apps)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel® Driver Update Utility 2.6 (HKLM-x32\...\{2B710CA5-99F0-4D29-962C-29A7CFF7A989}) (Version: 2.6.0.32 - Intel) Hidden
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.2.3 (HKLM-x32\...\PyCharm Community Edition 2017.2.3) (Version: 172.3968.37 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{31AC3B64-AB6C-4659-BB1A-EEDFBA9B98F7}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes versie 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8201.2213 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft 1.1.2 1.00 (HKLM-x32\...\Minecraft 1.1.2 1.00) (Version:  - )
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Mumble 1.2.16 (HKLM-x32\...\{1AE5FD7C-A780-4540-A9D6-D8A877D674D6}) (Version: 1.2.16 - Thorvald Natvig)
NVIDIA 3D Vision controllerstuurprogramma 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision stuurprogramma 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2213 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
osu! (HKLM-x32\...\{dbb292dc-6e88-4c29-a8fb-07cbe59fa214}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
Popcorn-Time (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.6.1 (Anaconda3 4.4.0 64-bit) (HKLM\...\Python 3.6.1 (Anaconda3 4.4.0 64-bit)) (Version: 4.4.0 - Continuum Analytics, Inc.)
Python 3.6.2 (32-bit) (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7806 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Sniper Elite 4 (HKLM-x32\...\Sniper Elite 4_is1) (Version:  - )
Software voor Intel® Chipset-apparaten (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Spotify (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.7 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.7 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Unity Web Player (HKU\S-1-5-21-261629105-476541481-405180440-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
w3arena.net Launcher 1.9.10 (HKLM-x32\...\{1197C38E-5F74-4141-A58B-FD6936D5D9F3}) (Version: 1.9.10 - w3arena)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.0.5.1 - GIGABYTE Technology Co.,Inc.)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-07-14] (Alexander Roshal)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {03F52C0A-41FD-413F-8E18-035A26751E21} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation)
Task: {0B7AC458-80FA-4319-8054-DA99C0CE749D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
Task: {0DF406EB-BDB3-427F-944C-AE441ED30D14} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {10404EF3-E910-4C40-BA5A-9040B59536CF} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [2016-07-14] (GIGABYTE Technology Co.,Ltd.)
Task: {1A7B4445-E706-46D1-9BBC-001D88AD6BEF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation)
Task: {1DA9CFD4-F876-4511-902E-C289EF0FC07F} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {2AA59CCF-18A9-4DAE-8AF3-15C8E4941914} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== AANDACHT
Task: {34EECCFB-C56F-489E-A0FE-1F69AE18C5F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-02] (Microsoft Corporation)
Task: {39B94BF8-09AE-46C2-9192-72759F5C727E} - System32\Tasks\iweyJ => C:\Users\Henrik\TYRXFUA.bat [2016-07-16] () <==== AANDACHT
Task: {47C54229-2AD7-4549-8AE4-39F123657993} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-20] (Microsoft Corporation)
Task: {4FBDD38F-94BE-41B6-AC25-7484C968A369} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {55716141-838C-433A-A321-396DEFCE4AEF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-27] (NVIDIA Corporation)
Task: {5A9DD535-5CFB-4F9E-B1B3-08B1AEE8181F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {7978AC6C-5969-49BC-81A8-92196757203A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation)
Task: {8BDAA47B-1F59-40EB-8560-4BABF626EEDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-20] (Microsoft Corporation)
Task: {9A24065B-91D3-4199-A67B-73EDADEA1EA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {9A9E1205-9230-436C-A88F-FDA488008243} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-02] (Microsoft Corporation)
Task: {9BF1F38A-78FD-45D0-AE05-CB4A0AD382C0} - System32\Tasks\AyCiYyiPbCQ => C:\Program Files (x86)\cbytjfm.bat [2016-07-16] () <==== AANDACHT
Task: {9D31750A-1405-45F9-880B-C77D23B5692A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {AA58ECFF-1118-4A7A-A5B7-BA1FF6D4F790} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {AB1A13B5-F4A5-4452-B1A3-621168C354D9} - System32\Tasks\update-S-1-5-21-261629105-476541481-405180440-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D2E1E924-69DF-4723-98DC-2A98F1BED01B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-27] (NVIDIA Corporation)
Task: {DA66F1A6-24AC-45B5-BE3C-12DCC0A82ED2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-27] (NVIDIA Corporation)
Task: {DB700F81-0BAA-42C1-864D-8F799B904612} - System32\Tasks\SIunY => C:\WINDOWS\eEoOwliEq.exe [2016-07-16] (Microsoft Corporation)
Task: {DF88A37E-91C9-4F2B-8BF8-B4E2C412AFB3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-20] (Microsoft Corporation)
Task: {DFA074EE-2BFD-4864-9A87-FCD445065435} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {E690D903-6CB6-42C6-BF10-CC07DB1E275C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation)
Task: {EC5E45CA-37AD-4DC0-8D38-2B618C1FDD39} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-11-11] ()
Task: {EED323EE-52D7-464B-9AF5-B60B2294E57F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\WINDOWS\Tasks\update-S-1-5-21-261629105-476541481-405180440-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Snelkoppelingen & WMI ========================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
 
==================== Geladen Modules (gefilterd) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-15 00:03 - 2017-09-07 07:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-13 23:23 - 2017-01-13 23:23 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-12-29 22:51 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-29 22:51 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-02 12:22 - 2017-10-27 17:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-02 12:15 - 2016-11-02 12:15 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 21:09 - 2017-03-04 07:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 21:10 - 2017-03-04 07:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 21:10 - 2017-03-04 07:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 21:10 - 2017-03-04 07:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-12 21:31 - 2017-11-30 08:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-12 21:31 - 2017-11-30 08:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-01-23 23:19 - 2017-01-23 23:19 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-01-23 23:19 - 2017-01-23 23:19 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-13 20:43 - 2017-12-13 20:43 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-13 20:43 - 2017-12-13 20:43 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-13 20:43 - 2017-12-13 20:43 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-13 20:43 - 2017-12-13 20:43 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-13 20:43 - 2017-12-13 20:43 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000361984 _____ () C:\WINDOWS\SYSTEM32\HrtfApo.dll
2017-12-14 17:17 - 2017-12-06 05:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll
2017-12-14 17:17 - 2017-12-06 05:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll
2016-07-12 22:34 - 2016-06-08 17:12 - 000416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-07-12 22:34 - 2016-06-08 17:18 - 000709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-07-12 22:34 - 2016-06-08 17:15 - 000130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-07-12 22:34 - 2016-06-08 17:16 - 000025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-07-12 22:34 - 2016-06-08 17:16 - 000059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-07-12 22:34 - 2016-06-08 17:16 - 000194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-07-12 22:34 - 2016-06-08 17:17 - 000159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-07-12 22:34 - 2016-06-08 17:17 - 000158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-07-12 22:34 - 2016-06-08 17:16 - 000050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-07-12 22:34 - 2016-06-08 17:15 - 000032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-07-12 22:34 - 2016-06-08 17:07 - 000458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-07-12 22:34 - 2016-06-08 17:17 - 000188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-07-22 17:16 - 2016-05-25 22:05 - 000225792 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll
2017-07-24 18:52 - 2017-11-29 06:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-07-24 18:52 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-07-24 18:52 - 2017-12-15 20:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-07-24 18:52 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-07-24 18:52 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-14 12:22 - 2017-11-04 02:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 12:22 - 2017-11-04 02:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 12:22 - 2017-11-04 02:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 12:22 - 2017-11-04 02:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 12:22 - 2017-11-04 02:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-07-24 18:52 - 2017-12-15 20:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-07-24 18:52 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-07-24 18:53 - 2017-09-07 03:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-07-24 18:53 - 2017-10-31 05:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-24 18:52 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-12-14 16:47 - 2017-08-21 18:44 - 068505088 _____ () C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libcef.dll
2017-12-12 15:37 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 15:37 - 2017-12-12 15:37 - 001886712 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 15:37 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 15:37 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Henrik\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 15:37 - 2017-12-12 15:37 - 009802232 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 15:37 - 2017-12-12 15:37 - 001505784 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 15:37 - 2017-12-12 15:37 - 000513016 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 15:37 - 2017-12-12 15:37 - 002662904 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 15:37 - 2017-12-12 15:37 - 001517048 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 16:37 - 2017-12-12 16:37 - 002749944 _____ () \\?\C:\Users\Henrik\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-07-24 18:53 - 2017-10-31 05:44 - 002020128 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-24 18:53 - 2017-10-31 05:44 - 000114464 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
 
==================== Hosts inhoud: ===============================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-261629105-476541481-405180440-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Henrik\Desktop\black_dark_shadow_9663_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-261629105-476541481-405180440-1001\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [{FCB9219F-9213-4246-BB54-EED1DE187506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awkward Dimensions Redux\Awkward Dimensions Redux.exe
FirewallRules: [{637A4E74-2677-4168-9B54-0FC4A3770F2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awkward Dimensions Redux\Awkward Dimensions Redux.exe
FirewallRules: [{D8DCA2EB-4363-46DB-8D4E-EF783136C0CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{517B62FD-4AB0-492E-847E-D2B87CEBF578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{B2DF183C-0ED9-4F07-89A2-00B23B99C1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{244CD4F5-13D0-457F-9BBC-6D97E99571C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F54EE919-9682-4BEF-8A3F-3B5BFA55BC70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D9437254-C41A-44A6-949D-9CF1B8BB86B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{2141C7D5-81AC-4D2F-A525-FB9A3993ADE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{635CDABE-7782-4A34-B824-FFE44CE760AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{9F83A468-84FF-4844-AD58-2388ABFCC1AA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{43359BA4-D30F-4DE0-89B8-7C7DCE393148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{655B1749-145D-4FC1-B32F-7910795E996C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B7AC525B-9730-4281-849C-C749B5B63A7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{60BD62AA-21E8-45D2-9AAB-B6C6432DE2EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{55FC2BF9-8EE7-4B6D-AE27-691598B591B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A3C99EA8-89BA-47BD-93E2-27DBA1C6A9E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0A1A4C42-65A1-42DB-8292-46005D79B506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{D8D28750-3235-468D-899F-E47CF5851C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{6E15C36C-A6AF-404B-84F4-37F909A1E292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{5F68D2E4-E152-4CEB-9927-A7B723C6DA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{ED3CA46D-D90D-44AA-BCCC-5A89BA762B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{62F881B5-24D3-430D-B672-FDFE75223152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{9AA229E0-A858-49D1-AAA5-E41F62892C18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{F1D1C80C-F669-4229-8EDF-456091C7C893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{64D889EF-5298-40AE-A079-80C744541B22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{E7910B3F-DB2C-4306-B971-A8182C421D60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{73EDAE2A-3079-44A5-BB2C-0CDD06821CB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{BAC7304F-73C6-4A99-83C8-C67C2691F8D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{907A35CB-8561-4764-803E-3B27F4576AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{3D3F218A-59D7-4CDB-80FA-BC8614F9B88F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{79C61C7C-9449-4E4D-BC64-76817FE3C38F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{144500EE-8195-4837-B010-0D211FA1005C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [UDP Query User{6597D9A3-9DF9-47DC-A42C-EC1DD7932AF3}C:\users\henrik\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\henrik\appdata\local\popcorn-time\nw.exe
FirewallRules: [TCP Query User{3C3210BB-1BE4-4558-A6A1-197FF339D643}C:\users\henrik\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\henrik\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{6E3108E2-76F3-4F93-9102-64402FC98934}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{6FE42E51-0CCF-467B-A872-8A57B5C4531E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{41C3BBEC-9F76-4693-BBD0-0EE9CE7BB21F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moirai\Moirai.exe
FirewallRules: [{AC6A6CA6-0FAC-4F8A-8B6F-234B64968752}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moirai\Moirai.exe
FirewallRules: [{246431BB-2A14-4F7B-92EA-D32E7D6930FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clock Simulator\Clock Simulator.exe
FirewallRules: [{0D249FFD-018F-4864-8620-4F3683BAE9A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clock Simulator\Clock Simulator.exe
FirewallRules: [{16523B96-2C93-4DDA-B104-FDB0DEE0BA6F}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{531878B7-2ADD-4EBC-B276-35B48C4AF68E}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9898CD4A-93B7-4515-9C38-7E42A9FC4017}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{199CFAF6-0EB0-4B58-B1A4-E14148DB8031}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E07195B-6771-4266-876B-A1F18DF8CE1E}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169D0E92-194D-414F-9136-DA01300E41C7}] => (Allow) C:\Users\Henrik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E08770CC-F129-412C-8656-81E700ADFE37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{E8ACE142-4D25-4D43-BD8A-C3679B072A53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [UDP Query User{88C087CB-3B46-4B3C-AF04-A2794EF0574C}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{1558014E-009B-4DD4-B038-6DD3899602C0}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{74D8C2F8-1B2C-4083-BA41-C90F3176C7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{67ED44E9-52C5-472D-BEF2-44A5BC96C8B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [UDP Query User{C2E8E678-46C1-424C-8D03-B354A58CD9B1}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{788FB923-3297-4819-8170-E633CD6BFEA6}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{14E8D3F4-CAE9-465A-B1A4-C46D045FBF05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{2C2605E1-99C9-429B-A761-9DB4A67B4B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [UDP Query User{BC8871C8-F977-4246-8762-9180C38C8069}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{40BFB583-63FA-4E7F-A13B-40877F6487FE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{36F6F832-D7C4-4A46-A7FB-A02D158AF80A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{86727B8A-74AA-417A-83D9-E203BA5E603F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{18E8D7E5-A28B-42EB-AAF2-98C674967619}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B100B91F-8E24-4BB6-AC06-F8F318BEDDF1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CF91F3A3-DEA9-4F77-8A99-110FFF9FBB26}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8BEDF23F-0BA4-4BCE-ADBA-54FC661AE5F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{56C43E2B-68A5-4648-BA9D-A3CAAFBEFB43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E1C8AF75-B833-4DB6-A702-28F8C74ABB23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{92F62C11-4917-48F9-8ECB-4B99DDCF2CE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85ACF783-3919-436D-BEE5-D162619EC817}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E9F432B9-F5E6-4341-B1AC-0BF1D286CD13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CB2225BD-B288-4D89-9B27-6F0CC5ABB30A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C75B24C5-F3EC-4A97-8BC6-1F7D00B7012F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{B30E1246-B4B8-41FA-A80C-4E3692BF8625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8A8AB2FF-D8CF-46D7-8BCF-B3F2183FB3DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{0BBEF6EA-EE77-4DF9-9CFB-9F58D98BB398}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{70284058-089B-4714-93F0-D53078C5E875}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{049E3D83-22E3-4C4A-9A22-D590B1377BE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{B134DBCA-E512-4EED-A8DD-396A91E5BCD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{67775A1A-C5A6-4037-A26B-8128FE4D30BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{563EE2B3-8666-4B6A-BED0-40C504579AEE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3BCB6A08-2DCF-4DBC-A032-1BCA49A415DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{DB33B6E0-42FC-40A8-9DA7-8FCFC3FDD75E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{28845FC1-DC06-4707-9DE7-F975B6FDEAE4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{217CE787-5110-4FA8-B7AE-57B5E0CEDD32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{83F1DC1A-4B3D-4A16-9F7A-38BE872DA30F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [TCP Query User{606C1DA4-52A1-4B5E-983C-9849DBA762F5}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{EA2F2D52-50B2-4B86-B7A5-15A3E3CCE5EB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{6C45A775-195D-4B65-A4F5-0F0A81F22BAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{9753BA8A-A71E-43CE-BE62-44F8F057F930}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{31D62781-609B-4350-9A7E-93E22A78A40A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{8210E6C6-5A74-458D-93C8-64D7D3A6A09B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{8005F52E-941D-4F27-B87C-8396C2F5CF06}C:\users\henrik\documents\unturned server organiser\game\unturned.exe] => (Allow) C:\users\henrik\documents\unturned server organiser\game\unturned.exe
FirewallRules: [UDP Query User{ED0724EE-5372-4B35-BB5A-DB8E04F45B51}C:\users\henrik\documents\unturned server organiser\game\unturned.exe] => (Allow) C:\users\henrik\documents\unturned server organiser\game\unturned.exe
FirewallRules: [{B81F173B-608E-44A1-92F9-059159094C15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{4FD5292E-3043-4481-B186-51EFE26F290E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{73D795A5-8963-4AC7-9CCD-D7C7C1BE1811}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{6BC597F8-A910-4A74-855C-A5769283A06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{9E1258E7-67E6-403A-B48B-98B039E84722}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{04CB926A-3CF3-41FF-ABC2-1E595572FB4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7AF84B97-A3AA-4ABB-A062-A486542527FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{650BB033-845F-4B20-9431-FF450AD66545}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86F0DFD3-A359-4089-ABB0-ADD575BC78CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F6FC4EC0-DA9A-48CB-956B-DBFBFAC6E598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{DD009066-8473-491C-80E5-56EE9F76AEE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{57F0B707-0224-4AA0-A116-4A860B2F2D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed 3\AC3MP.exe
FirewallRules: [{3C326CD3-2D1A-4591-8373-8A9FF7A2FEB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed 3\AC3MP.exe
FirewallRules: [{B4102154-7FEB-4CFB-99E5-83ED63CD8A8D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9C0E2B58-3251-4C41-9575-C59C69DE23BC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AA978136-4908-404B-AFCA-F8E6A1DDE3F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6315F447-9745-4AF8-8FFE-692F13E19C13}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AAD2F5B3-0AA4-4B9D-B5CE-0D7D205253E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{53F84A9E-CA29-4AB2-BEB2-85511B68402D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [TCP Query User{6C8FBB9B-80C0-4C96-87B0-A0A6723B02D9}C:\users\henrik\downloads\downloader_warcraft3_reign_of_chaos_engb.exe] => (Allow) C:\users\henrik\downloads\downloader_warcraft3_reign_of_chaos_engb.exe
FirewallRules: [UDP Query User{2E66665B-B01E-4673-8879-05BA71167A53}C:\users\henrik\downloads\downloader_warcraft3_reign_of_chaos_engb.exe] => (Allow) C:\users\henrik\downloads\downloader_warcraft3_reign_of_chaos_engb.exe
FirewallRules: [TCP Query User{A0D7AA15-5802-4D6D-B3F7-9A1B8889DCFE}C:\users\henrik\downloads\downloader_warcraft3_the_frozen_throne_engb.exe] => (Allow) C:\users\henrik\downloads\downloader_warcraft3_the_frozen_throne_engb.exe
FirewallRules: [UDP Query User{B09C7138-0B78-46BB-BC9D-A1B0B76DE235}C:\users\henrik\downloads\downloader_warcraft3_the_frozen_throne_engb.exe] => (Allow) C:\users\henrik\downloads\downloader_warcraft3_the_frozen_throne_engb.exe
FirewallRules: [TCP Query User{5D34E041-8F27-4BE8-8AD3-92A67F41B8F0}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{99E657E5-4FCC-4163-900A-1EB6A3FBEA2E}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{C5D9C25B-D8FD-4CC1-B2C9-B0D5D3607FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{296EB682-3FFE-4FAC-BA4F-61E3B2E881B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E99F107-ED16-4D41-9DC8-ABD5C318ABBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4EFBDDC4-39F1-4A6A-A5EE-6F11B471D3A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{32758D6F-2A2A-4FA9-BF7C-295683D06C3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D33C1D0F-6A66-4EBE-8FDA-0F272B475183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{001067DB-3038-4775-8BC7-6D963A6E523D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AD0F781D-5B19-4E2B-A4E6-9A383977CBF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60DBA592-9A26-42E5-BED0-5EAFA91ED343}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A9163AD-8794-4E40-9D52-EFEF78258273}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2232EC5-08A1-44D8-88B1-8CAC98C0BE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8ED2921E-DC48-4C02-9D64-F10ABC1DB708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1574B1F-9506-46F8-88D9-D4EEE9D76FEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4AD0D41B-5AD3-4770-A4DF-646AAE893156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2541FBF-A7EC-4D10-BF06-0AF245BDD0D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1900591-E2DC-47EA-9908-50FF115064A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{126B0F96-3AA1-4041-9C84-5480BC604FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B33381C2-4B0D-4E21-85E5-2215A05066FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0281E34C-8F24-42A7-9812-8B222DD5DDB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0353BF0-4D3A-4A39-B54E-CE2CA7EA52DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73817B61-B707-4376-A17B-17C7A16A1229}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3502C2FC-AB87-4EB2-A82B-5C8EA67A1793}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17026165-E4D9-4D5E-BDC8-18BD6B203681}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{850E8156-8D02-4256-9160-9C111803EEC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33F6FB45-5691-4F27-A124-A9CD3818E088}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E787B4C-82F2-4626-8005-E7A420E960E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FFD7945-1E2A-4C32-B6FA-E911954E04DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{582109D2-2F2E-4E13-91B5-AEAFD3FCC9A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{BFB8AC7A-DE42-4065-9491-3A40F9619F2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95CAA556-B9D5-467A-B2B2-AB9AAFF9B944}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{157F0E64-62CC-4D3A-98CE-321ABBAA7553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{82CD58FC-8868-4BDA-849A-D9E90E63233D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{946DD09F-B190-48B5-BE57-720F346B342C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75208B47-0D24-480F-8E92-49C9B63A5E8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC251A07-0384-4A76-912B-36E26BCC7CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1DACC90-9366-4E8F-B37A-E474C7EB4C43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12ED1242-7C20-49EE-BE73-55C6B1504211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33556E3A-8C37-4587-B34E-4EA3E4690DAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BCE6938-0ED5-4161-9B74-6499301034BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79E14A48-1921-42B1-A286-DAA91D516D2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7B26B04-5E1B-4062-ABD8-064FFA7DAD31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A78AFC9-5EBF-4813-A02C-736855A76DAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D1C748FE-7C26-4173-A3EB-6666CF7E1274}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12BD2F5D-FF92-41B4-951A-43136D086806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D07F7C2-9610-4CB9-9EDA-DF97979C5135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C9147015-866D-4A13-AD7D-98CA970497A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8BA59CE4-12DD-40BA-88BF-62EC00C873F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{381EA0B8-7FF2-4AB7-9E4E-BA8921FB07A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{1A0ED8F2-283C-4D95-B5A2-2C38D8677A65}C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{F253F073-612A-4713-96E5-98B7C6DB29F1}C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [{ED549A58-B1E1-47C5-8D37-F8653C446AE8}] => (Block) C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [{41E71A2E-C046-45CC-A571-DBEF5DFA2344}] => (Block) C:\users\henrik\downloads\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.15.2.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [{C1174329-E3E5-4801-9FA0-24E08B9015EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18D8829A-399B-42F7-872D-3884F1D86303}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2B76CBC9-A15C-4A64-AB2E-4054EE22C453}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{60BC3568-14C9-4427-90B8-4208E2246D09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{42B6263B-F73E-4B45-BED3-066B264F40ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4198DD5C-AB6E-4190-AD37-A84D96F70588}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{51BA0996-BFD1-41E2-9D22-86488C1FBE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6CEF4B40-8CDC-4092-A9C1-1B325E096BEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{531A13B8-2F2F-4655-B864-DEA2E344C323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{250602FC-EB83-4B8F-891B-1BA4EB26B5C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D44EF7D-4FAE-4325-9DB1-C17F32D38708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{FC9925C7-936B-4447-883D-8F95B5CC9FE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{DCF75CF8-1B28-4FBD-8C4D-83704D90F57C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{70E77A10-16A4-4662-B926-175B6704206B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{25A0B929-E94F-4533-9700-BDB56E6F8394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{F25CADFE-3198-492E-AFE4-46EF168364A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{E0AAF8E7-39C3-479F-A949-5137C8F026BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1BE75024-8FE9-4C26-AC60-A3DD0E0202CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF24E9B0-C95A-48DF-974E-F5AF449F6AC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0EF597F7-A3F7-4A46-84FC-2951D5A4BE65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11E69B4C-B71F-4637-B33D-4A7CFD46EE75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8236A56-9441-420C-B695-5C92238D15FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D3757F5-4B4E-4570-8016-9C9AD338119D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D343499-4A94-486E-9A94-2822A715D5C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0C164B3-3EE5-4BEE-8F4C-B2BF527289FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17A4EA79-870A-4C19-A9E8-7B06D8935E37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A11554EB-6179-406A-9397-EB5871F57AA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{55F86E2F-ADF0-4276-935F-B977984F226C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{5BDA09C5-D8D0-4123-8334-B55F1D4BDAA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BCC807C9-D958-46AA-AE31-993361FF131A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{177BBECA-78B7-4A84-B93F-0EDCA2C91387}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83683C56-0746-4BBC-A346-E0DECCDC6837}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF71216E-00CF-4920-A2BB-BBCAE0C24519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B6D8BA2-8BD7-4672-B256-29059DC554A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9A1294F-05E6-4AFD-8EDE-550C2E564CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B0A1F2EF-1BF9-41A2-8FB8-431F4F5EFB9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFC39DE3-D737-4BAC-981F-3BDD36E8C912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE7C1C07-19B1-4CF7-B1FC-3BBD69296CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CF7EAD4-F1EF-422F-8544-7C9C66F19F93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E685AC0-7ECF-4498-A18A-D9BCA338625B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9137C063-23A6-47B1-B1CC-705BA92F5A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41AD4BCD-1640-4974-99D5-3E3B5BCC6C0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{653ED091-1EAD-45DF-9A6D-04B092BACD57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BCD9F9B0-BB03-457B-A049-60C351EABEEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C0E5DE4-B281-4F69-A187-EBF438EAA9AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{1483D078-258A-4808-A881-54CCCBCC8272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{AC052DD6-012B-4F53-9EF1-6158BBF21F82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3757D68C-5F4A-4950-BEF1-D65E3613CAE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{ECF0583C-5E7A-4279-A122-CACAD9EF9346}C:\users\henrik\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\henrik\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{6054AA5E-E335-406F-B32B-5948CA9E8278}C:\users\henrik\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\henrik\appdata\local\popcorn-time\nw.exe
FirewallRules: [{E3036D62-48D4-4628-AB0B-CC34F92D9851}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BF1A1356-E817-4CB3-B021-F10988508C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8221FF56-16E2-40BD-846F-7F3176320238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{82412BCA-32C8-4BEA-BA86-F96622BB9EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C51D2B6F-70D5-4DD4-9C82-FFAD2B7DEBC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70EADB35-09F9-4936-BAF5-07B4DA02C6EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A42233F-D0B5-44EE-9836-D4D8C24EE89E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{964BD1E7-292B-4937-A309-BDEFC15866B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA8D30F6-D28D-43C2-988F-CE4A432B4298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{8B8D1D97-0B29-4A7B-8790-4F603104FE00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{11ECD22B-F09A-4F6A-B476-5C769FF95DB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8BA0214F-FC10-434B-ADC9-5A5D48FE0033}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A832F0EA-F8DB-40E6-8415-3A2EFAA85523}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2E24E78E-B393-418A-8E29-4FFE6725A04B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{092432E1-C431-466C-9178-EC947A44B9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{0B07F79B-572E-4FE7-8846-CA4FA6CEB6F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{8FBE0A36-8EB0-4211-A54E-795D45090FFF}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{5866BFA1-FEE0-4C16-A619-E4C56B9F974E}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{5E9B28EA-8FBE-49F2-A756-3433B4934289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9897C612-C272-4291-9750-10E96C899B89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{7DD26550-BAC3-4947-97A6-7D89B72A0370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{07B19EC2-FB40-47D3-93B1-4EFC4B2BD197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{103C451B-E658-403F-9389-6CCFAF217EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5E6BFD07-F1BB-4B0D-BA6B-0491732F9EAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{0D14A172-A553-4D33-884C-95A2F4A2FCB8}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{99C3E015-3DDF-4E9D-AC3F-019D59686773}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{37A9C468-7709-436A-AB2B-E86CAB0EED8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{A2DC019B-1668-4898-BD45-D51A1006A468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{CB3DF2A3-AAA7-4FC3-8961-6626674B76DC}C:\users\henrik\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6E332A30-AB1A-4705-BED3-59088C74288B}C:\users\henrik\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [{434EA28D-9BF7-4359-8D98-D88D15DD1EE3}] => (Block) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2B843054-4591-41D5-94C1-01D5EFED741C}] => (Block) C:\users\henrik\appdata\roaming\spotify\spotify.exe
FirewallRules: [{50C7E984-6D0E-4B13-990B-34D3E4BE4697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [{849BB0DF-7914-40EE-9B52-AD1690CD6A93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gigantic\ArcSteamHelper.exe
FirewallRules: [TCP Query User{49F96996-5083-4188-8620-D12C9F7C649D}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{FB64DEBD-C0CB-45E4-84B0-F1B8FC66AD28}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{23BC03EE-E7B2-43D9-BB03-AA65D1319E07}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{E5B6017B-1B20-4D31-B6AB-177148C08448}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{FBA5E974-CCC0-4F95-A4DE-301C23DC922F}C:\program files (x86)\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [UDP Query User{04E5E157-EC3A-4A43-9A43-4E0D38A25288}C:\program files (x86)\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [{E6BFF7AA-6977-45F4-8A31-C2B870079639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{70D80AA8-848F-4E94-A06A-9F42B5407BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{82A0F8A8-FBEF-4DA1-B71D-271168699C2A}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{247E7342-9142-43F3-BBFD-1D4399802481}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6871A8C9-1B3F-4EA8-BEC3-791B233763C6}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{F8F522DA-5B6B-4E23-BB21-B2D424D8B64A}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{89B27A53-1443-4972-AA1E-A718C6743110}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{962545E7-B79D-4CD5-B3E3-7CB7CF952F28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{371AB186-FC77-4A54-A06F-A2569DB8B716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB9442E9-0FFF-4577-98B3-02958804F3D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D7236C1-B940-426C-B097-1CAF477B428B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{7488E2E0-68B2-4E9D-9E0D-77850A2A374B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{0C5258AB-1810-4F31-A195-80922CF1323B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{F025A7E8-FFB1-4D13-9223-80FE94DEFE8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{DD82902E-4928-480D-9A3B-F6F8A37812AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{828A0D9E-5CA1-4489-B06A-93BFB7A62039}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5841F1F7-860C-491C-985F-0C2DB4748526}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D9069BA1-40E2-47BF-B22D-A5258F5CE393}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [TCP Query User{646715F6-75FB-4AEC-8682-D668B33FB7DF}C:\program files\jetbrains\pycharm community edition 2017.2.3\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2017.2.3\bin\pycharm64.exe
FirewallRules: [UDP Query User{05267225-326E-41D2-ABE2-2347476E01E4}C:\program files\jetbrains\pycharm community edition 2017.2.3\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2017.2.3\bin\pycharm64.exe
FirewallRules: [{1E10B3C9-AF4B-49C6-9793-B0608AC16995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{21C9B7D2-553C-4335-828E-5EBB2AAF17DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{25A6285E-8D28-4B6D-877D-DEEFDB55B1CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{94CDBB4A-20B4-4307-97D1-70D825641A81}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C0C9B582-627E-4EB3-BA1B-B808C43EC275}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C2BAB21D-4909-4B82-9CC8-4AF284048169}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B17A687C-2487-45A5-A44C-694B93A75AA1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{44E26C73-A268-4458-AEED-1A9F06B3C431}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{1510D448-34E2-40CC-800E-AC49C13A9DB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [TCP Query User{FFCA9BC8-A992-42C6-8840-1316DE6CA51C}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [UDP Query User{7A396059-C765-47F5-A0EB-BDB16B0FA76A}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [{271440A2-AC93-40B2-9F45-E6BD11E62589}] => (Block) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [{74D92AE1-96AB-46E4-ABE3-ED21080F9E46}] => (Block) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [{20FFDD03-E45F-40C1-B5F2-AFDC919D2F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{42A3B06B-7CE1-4A96-827B-7DBC81D55B6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E9F56C7D-007E-40A8-B4EE-70DE9251580A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{A0266078-2817-4C4A-B754-469B0CBF2C4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{B41F3C80-2C26-45E9-BA26-A55095E50AB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{083F1BF9-ACDB-4519-B180-8633EDD3EBFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{E31CE370-8A80-4D7C-9DA9-D2FE92F6F369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{ACC2EC29-1B1E-4D91-AFE8-1B9D5467EB66}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{36738D5F-6C2E-4941-B926-94E9C3823444}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{80477241-CCD6-4312-AAFD-5E8F3B86614C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{EB9ADDDB-01E2-40CC-BF76-70C36AA45055}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{2C404F8C-5F9B-4E13-92C4-3D5D7D90A7B8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{D43F9E6C-76EA-4A94-8877-C79BADD823B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{70D8527E-D09A-4D9B-8533-CC77B0A08F7B}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{9F526821-8E51-45A8-A27B-3BB1D8E218B9}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{F7CD110F-01FE-413A-9553-3AA154F3535D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{79660BA4-5B89-4CEC-9843-BED246CA9CB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{0E61FC8E-34C5-49B3-886D-58A796001338}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B8BFF09D-EC01-47DC-A370-325FA66311BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A6416907-9ACE-4067-8133-48302A674609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{506B67F5-1CCB-4A1A-8988-D8662F52226B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Long Live Santa\Long Live Santa.exe
FirewallRules: [{2000E73D-9671-43B0-8D02-FA0249E41519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Long Live Santa\Long Live Santa.exe
FirewallRules: [TCP Query User{C40EE430-CAC5-44B9-99D3-0DB88EFDFC95}C:\users\henrik\downloads\mm8bdm-v5c\zandronum.exe] => (Allow) C:\users\henrik\downloads\mm8bdm-v5c\zandronum.exe
FirewallRules: [UDP Query User{189CE1E8-D8A4-4FFD-94A7-636244B57925}C:\users\henrik\downloads\mm8bdm-v5c\zandronum.exe] => (Allow) C:\users\henrik\downloads\mm8bdm-v5c\zandronum.exe
FirewallRules: [{0002C537-5DBE-4105-AC6B-EDB8A303099F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{B5475837-1777-434E-8AE8-8A696E5296D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{12051BD4-D0F3-4954-B0E4-E0F80E9DB5E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe
FirewallRules: [{F3E0DD97-46D1-4C7E-A95A-550FB8F73B2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe
 
==================== Herstelpunten =========================
 
20-12-2017 17:02:24 Gepland controlepunt
 
==================== Defecte Apparaatbeheer Apparaten =============
 
Name: Intel® Ethernet Connection (2) I219-V
Description: Intel® Ethernet Connection (2) I219-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1dexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (12/29/2017 09:07:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 8721567a-18e0-4e2b-b9ec-1dd8227661f0
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 894791b1-925b-42d9-9ec7-e06074a0276c
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 89044449-6fbe-4969-ae87-597aea83581e
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: bc9406f7-5b30-4fc3-ac2a-a685d3ffedd2
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: f7d0d226-e68a-4d86-b7a1-c25808cc3b11
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 4e9468aa-8d95-4173-988d-0b21fc7d362f
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 30ae057b-d853-47aa-920d-52ee0e523dc5
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 74e8a9f3-dbf9-4e43-be10-6403b47c0de7
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: f2dd4cc6-d472-48cb-a0b5-9abe9c388829
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (12/29/2017 09:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 507120902.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e66
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x2028
Starttijd van toepassing met fout: 0x01d380e08ca2220a
Pad naar toepassing met fout: C:\Users\Henrik\AppData\Local\Temp\is-0DA2B.tmp\507120902.exe
Pad naar module met fout: unknown
Rapport-id: 7b24b6d6-7bf5-40db-9202-dbfdbbd3e032
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
 
Systeemfouten:
=============
Error: (12/30/2017 05:20:57 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Er is een onbekende fout in de lokale Bluetooth-adapter opgetreden en deze wordt niet gebruikt. Het stuurprogramma wordt verwijderd.
 
Error: (12/30/2017 11:46:04 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4073GER)
Description: In de machtigingsinstellingen standaard voor deze computer wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 en APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 aan de gebruiker DESKTOP-4073GER\Henrik SID (S-1-5-21-261629105-476541481-405180440-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:44:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Service Platform voor verbonden apparaten-service is gestopt met de volgende foutcode: 
Niet nader omschreven fout
.
 
Error: (12/30/2017 11:41:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 en APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:41:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:41:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:41:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:41:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:40:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (12/30/2017 11:40:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Modules Installer-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-29 22:51:23.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-09-02 17:02:51.006
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-19 23:48:24.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-17 23:28:29.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-17 23:28:26.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-08 13:17:35.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-08 13:17:32.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-05 00:28:17.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-04 19:14:50.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-04 19:14:47.134
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage geheugen in gebruik: 32%
Totaal fysiek RAM-geheugen: 16345.02 MB
Beschikbaar fysiek RAM-geheugen: 11092.04 MB
Totaal Virtueel geheugen: 18777.02 MB
Beschikbaar Virtual geheugen: 13281.74 MB
 
==================== Schijven ================================
 
Drive c: () (Fixed) (Total:931.02 GB) (Free:372.15 GB) NTFS
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FF9971B6)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== Eind van Addition.txt ============================

Edited by henrik0706, 30 December 2017 - 01:09 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 30 December 2017 - 01:41 PM

Here, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 henrik0706

henrik0706
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 December 2017 - 02:40 PM

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 26-12-2017
Gestart door Henrik (30-12-2017 20:30:55) Run:2
Gestart vanaf C:\Users\Henrik\Desktop
Geladen Profielen: Henrik (Beschikbare Profielen: Henrik)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
CloseProcesses:
CreateRestorePoint:
 
GroupPolicy: Restrictie <==== AANDACHT
GroupPolicy\User: Restrictie <==== AANDACHT
 
CHR HomePage: Default -> hxxp://www.searchnu.com/406
 
S1 bqwhvipy; \??\C:\WINDOWS\system32\drivers\bqwhvipy.sys [X]
 
Task: {2AA59CCF-18A9-4DAE-8AF3-15C8E4941914} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" bltopn.com/hohoj <==== AANDACHT
Task: {39B94BF8-09AE-46C2-9192-72759F5C727E} - System32\Tasks\iweyJ => C:\Users\Henrik\TYRXFUA.bat [2016-07-16] () <==== AANDACHT
Task: {9BF1F38A-78FD-45D0-AE05-CB4A0AD382C0} - System32\Tasks\AyCiYyiPbCQ => C:\Program Files (x86)\cbytjfm.bat [2016-07-16] () <==== AANDACHT
Task: {DB700F81-0BAA-42C1-864D-8F799B904612} - System32\Tasks\SIunY => C:\WINDOWS\eEoOwliEq.exe [2016-07-16] (Microsoft Corporation)
 
C:\Program Files (x86)\cbytjfm
C:\Program Files (x86)\cbytjfm.bat
C:\Users\Henrik\TYRXFUA
C:\Users\Henrik\TYRXFUA.bat
C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE
C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE.bat
C:\Users\Henrik\AppData\Local\updater.log
C:\Users\Henrik\AppData\Local\UserProducts.xml
C:\Users\Henrik\AppData\Local\WMI.ini
C:\Users\Henrik\AppData\Roaming\oEIOU.exe
C:\Users\Henrik\AppData\Roaming\.pgbias
C:\Users\Henrik\AppData\Roaming\msregsvv.dll
C:\WINDOWS\eEoOwliEq.exe
 
EmptyTemp:
*****************
 
Proces succesvol afgesloten.
Herstelpunt is succesvol gemaakt.
C:\WINDOWS\system32\GroupPolicy\Machine => is succesvol verplaatst
C:\WINDOWS\system32\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\WINDOWS\system32\GroupPolicy\User => is succesvol verplaatst
"Chrome HomePage" => is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\bqwhvipy" => is succesvol verwijderd
bqwhvipy => dienst is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AA59CCF-18A9-4DAE-8AF3-15C8E4941914} => kon niet worden verwijderd sleutel. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AA59CCF-18A9-4DAE-8AF3-15C8E4941914}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\bltopncomhohoj => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bltopncomhohoj" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B94BF8-09AE-46C2-9192-72759F5C727E}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B94BF8-09AE-46C2-9192-72759F5C727E}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\iweyJ => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iweyJ" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BF1F38A-78FD-45D0-AE05-CB4A0AD382C0}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BF1F38A-78FD-45D0-AE05-CB4A0AD382C0}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\AyCiYyiPbCQ => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AyCiYyiPbCQ" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB700F81-0BAA-42C1-864D-8F799B904612}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB700F81-0BAA-42C1-864D-8F799B904612}" => is succesvol verwijderd
C:\WINDOWS\System32\Tasks\SIunY => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SIunY" => is succesvol verwijderd
C:\Program Files (x86)\cbytjfm => is succesvol verplaatst
C:\Program Files (x86)\cbytjfm.bat => is succesvol verplaatst
C:\Users\Henrik\TYRXFUA => is succesvol verplaatst
C:\Users\Henrik\TYRXFUA.bat => is succesvol verplaatst
C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE => is succesvol verplaatst
C:\Users\Henrik\AppData\Local\UBZCeGoQAEyE.bat => is succesvol verplaatst
C:\Users\Henrik\AppData\Local\updater.log => is succesvol verplaatst
C:\Users\Henrik\AppData\Local\UserProducts.xml => is succesvol verplaatst
C:\Users\Henrik\AppData\Local\WMI.ini => is succesvol verplaatst
C:\Users\Henrik\AppData\Roaming\oEIOU.exe => is succesvol verplaatst
C:\Users\Henrik\AppData\Roaming\.pgbias => is succesvol verplaatst
C:\Users\Henrik\AppData\Roaming\msregsvv.dll => is succesvol verplaatst
C:\WINDOWS\eEoOwliEq.exe => is succesvol verplaatst
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 2222187 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 160655526 B
Java, Flash, Steam htmlcache => 488384651 B
Windows/system/drivers => 47865679 B
Edge => 9644444 B
Chrome => 516737326 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 3352 B
LocalService => 4846 B
NetworkService => 71402 B
Henrik => 3705118229 B
 
RecycleBin => 2012666285 B
EmptyTemp: => 6.5 GB tijdelijke gegevens verwijderd.
 
================================
 
 
Het systeem moest herstart worden.
 
==== Eind van Fixlog 20:32:55 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 31 December 2017 - 10:29 AM

Now, if you restart your computer, do you still get the command prompt on startup?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 henrik0706

henrik0706
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 01 January 2018 - 10:03 AM

Now, if you restart your computer, do you still get the command prompt on startup?

I stopped getting ads and cmd pop ups, thank you very much for your kind assistance!



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 02 January 2018 - 01:37 PM

No problem henrik0706, you're welcome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 04 January 2018 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users