• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Chrome zit vol met spam

Status
Niet open voor verdere reacties.

hikmate

Gevestigd lid
Lid geworden
1 apr 2015
Berichten
202
Waarderingsscore
0
Hallo iedereen, ik heb dringend hulp nodig

Ik denk dat ik onlangs een setup van een virus heb geopend. Ik heb het daarna onmiddellijk gesloten maar ik denk dat ik te laat was. Sindsdien zit mijn chrome vol met spams. Mijn adblocker werkt niet meer, de ads blijven maar komen. Soms zie ik een secure search toolbar. Ik word ook vaak omgeleid naar andere sites. Als ik iets opzoek, staan er ook nog een aantal spam sites. Hoe moet ik dit oplossen? Ik heb al de extenties gecontroleerd, tussen de instellingen en de proxy instellingen. Ik heb wel een nieuwe extentie bijgekregen die ik niet kan verwijderen namelijk cookies on/off. Ik heb chrome al verwijderd maar dat werkt niet.
Kunnen jullie me asap helpen aub??

Bedankt!
 
Heb je je virusscanner al een complete scan laten doen?

En kijk eens bij je programma´s om te zien of er vage programma´s bij zitten die je misschien beter kan verwijderen.
 
Hallo Hikmate - sla het vorige bericht maar over.

Mijn naam is Abraham en ik zal je helpen.
Ik verzoek je de fix tot het einde te volgen en niet denkende dat de problemen opgelost zijn, niets meer van je te laten horen.

Download
52063a40e2e64-Farbar_Recovery_Scan_Tool_canned.png
Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen
: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
  • Post de inhoud van beide logbestanden in jouw volgende bericht.
.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?
 
First:
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 29-06-2017
Gestart door hikma (Beheerder) op DESKTOP-9OP5E15 (29-06-2017 13:57:25)
Gestart vanaf C:\Users\hikma\Desktop
Geladen Profielen: hikma (Beschikbare Profielen: hikma)
Platform: Windows 10 Home Versie 1703 (X64) Taal: Dutch (Netherlands)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Register (gefilterd) ====================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (de data item heeft 36 mee tekens).
HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
GroupPolicy: Restrictie - Chrome <==== AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 195.130.131.2 195.130.130.2
Tcpip\..\Interfaces\{1a4286df-61dd-4388-860e-fa1b4acd841f}: [DhcpNameServer] 195.130.131.2 195.130.130.2

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2934984055-1632560249-2123969850-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-2934984055-1632560249-2123969850-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-24] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-24] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-24] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-28] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.be/
CHR StartupUrls: Default -> "hxxp://www.google.be/"
CHR Profile: C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Slides) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-28]
CHR Extension: (Google Docs) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-28]
CHR Extension: (Google Drive) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-28]
CHR Extension: (YouTube) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-28]
CHR Extension: (Cookies On-Off) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-28]
CHR Extension: (Gmail Offline) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-06-28]
CHR Extension: (Google Calendar) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-28]
CHR Extension: (Google Sheets) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-28]
CHR Extension: (AdBlock) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-28]
CHR Extension: (Video Downloader Pro) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-28]
CHR Extension: (Gmail) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-28]
CHR Extension: (Chrome Media Router) - C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952 2017-05-14] (Reimage®)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 LeapdroidVMDrv; C:\Program Files\Leapdroid\VM\LeapdroidVMDrv.sys [300952 2017-06-24] (Leapdroid Inc.)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 MpKsle42845c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F85BC33B-79D8-46EF-AFAA-C310293E4416}\MpKsle42845c5.sys [44928 2017-06-29] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 QRDCIO; C:\WINDOWS\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-06-29 13:57 - 2017-06-29 13:58 - 00013745 _____ C:\Users\hikma\Desktop\FRST.txt
2017-06-29 13:57 - 2017-06-29 13:57 - 00000000 ____D C:\FRST
2017-06-29 13:56 - 2017-06-29 13:56 - 02440704 _____ (Farbar) C:\Users\hikma\Downloads\FRST64.exe
2017-06-29 13:56 - 2017-06-29 13:56 - 02440704 _____ (Farbar) C:\Users\hikma\Desktop\FRST64.exe
2017-06-29 10:11 - 2017-06-29 10:11 - 00000000 ___HD C:\OneDriveTemp
2017-06-29 01:02 - 2017-06-29 01:02 - 00003548 _____ C:\WINDOWS\System32\Tasks\Reimage Reminder
2017-06-29 01:01 - 2017-06-29 01:02 - 00000000 ____D C:\rei
2017-06-29 01:01 - 2017-06-29 01:02 - 00000000 ____D C:\ProgramData\Reimage Protector
2017-06-29 01:01 - 2017-06-29 01:01 - 00004352 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-06-29 01:01 - 2017-06-29 01:01 - 00001988 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-06-29 01:01 - 2017-06-29 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-06-29 01:01 - 2017-06-29 01:01 - 00000000 ____D C:\Program Files\Reimage
2017-06-29 01:00 - 2017-06-29 01:02 - 00000140 _____ C:\WINDOWS\Reimage.ini
2017-06-29 01:00 - 2017-06-29 01:00 - 00604928 _____ (Reimage) C:\Users\hikma\Downloads\ReimageRepair.exe
2017-06-29 00:25 - 2017-06-29 00:25 - 00216696 _____ C:\ProgramData\cl.uninstall.1498688601.bdinstall.bin
2017-06-29 00:23 - 2017-06-29 00:23 - 00035978 _____ C:\ProgramData\dm.uninstall.1498688612.bdinstall.bin
2017-06-29 00:20 - 2017-06-29 00:20 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Macromedia
2017-06-28 23:50 - 2017-06-28 23:50 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Bandicam Company
2017-06-28 23:49 - 2017-06-29 00:07 - 00000000 ____D C:\Users\hikma\Documents\Bandicam
2017-06-28 23:49 - 2017-06-28 23:49 - 00001065 _____ C:\Users\Public\Desktop\Bandicam.lnk
2017-06-28 23:49 - 2017-06-28 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-06-28 23:49 - 2017-06-28 23:49 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2017-06-28 23:49 - 2017-06-28 23:49 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-06-28 23:48 - 2017-06-28 23:48 - 17122224 _____ (Bandicam Company) C:\Users\hikma\Downloads\bdcamsetup.exe
2017-06-28 23:20 - 2017-06-28 23:20 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 23:20 - 2017-06-28 23:20 - 00002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 23:18 - 2017-06-28 23:18 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-28 23:18 - 2017-06-28 23:18 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-28 17:48 - 2017-06-28 18:24 - 00008728 _____ C:\Users\hikma\Documents\inkomsten en uitgaven.xlsx
2017-06-28 17:48 - 2017-06-28 17:48 - 00000000 ____D C:\Users\hikma\Documents\Aangepaste Office-sjablonen
2017-06-28 11:10 - 2017-06-28 11:10 - 00000000 ____D C:\Users\hikma\.Origin
2017-06-28 11:09 - 2017-06-28 11:10 - 54864456 _____ (Electronic Arts) C:\Users\hikma\Downloads\OriginThinSetup.exe
2017-06-27 20:33 - 2017-06-27 20:39 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Notepad++
2017-06-27 20:33 - 2017-06-27 20:33 - 03051288 _____ C:\Users\hikma\Downloads\npp.7.4.2.Installer.exe
2017-06-27 20:33 - 2017-06-27 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-06-27 20:33 - 2017-06-27 20:33 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-06-26 08:41 - 2017-06-26 08:41 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2017-06-26 08:32 - 2017-06-29 00:24 - 00002367 _____ C:\bdlog.txt
2017-06-25 21:34 - 2017-06-25 21:34 - 00000262 __RSH C:\ProgramData\ntuser.pol
2017-06-25 21:33 - 2017-06-25 21:33 - 00491994 _____ ( ) C:\Users\hikma\Downloads\Bitdefender_Total_Security_2017_Key_With_Activation_Code_Till_2045.exe
2017-06-25 21:31 - 2017-06-25 21:31 - 00056456 _____ C:\ProgramData\dm.1498419035.bdinstall.bin
2017-06-25 21:30 - 2017-06-25 21:30 - 00466165 _____ C:\ProgramData\cl.1498418602.bdinstall.bin
2017-06-25 21:30 - 2017-06-25 21:30 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-06-25 21:28 - 2017-06-25 21:28 - 00000000 ____D C:\ProgramData\BDLogging
2017-06-25 21:28 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2017-06-25 21:27 - 2017-06-29 00:25 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Bitdefender
2017-06-25 21:23 - 2017-06-29 00:25 - 00000000 ____D C:\ProgramData\Bitdefender
2017-06-25 21:23 - 2017-06-25 21:23 - 00000000 ____D C:\Users\hikma\AppData\Roaming\QuickScan
2017-06-25 21:21 - 2017-06-25 21:21 - 00003798 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-06-25 21:19 - 2017-06-29 13:53 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-25 21:19 - 2017-06-25 21:19 - 09915560 _____ C:\Users\hikma\Downloads\bitdefender_windows_9ec4059b-5f63-4313-ad09-1b2badd34674.exe
2017-06-25 21:19 - 2017-06-25 21:19 - 00049472 _____ C:\ProgramData\agent.1498418359.bdinstall.bin
2017-06-25 21:19 - 2017-06-25 21:19 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-06-25 17:43 - 2017-06-28 11:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 17:43 - 2017-06-25 17:43 - 00001942 _____ C:\Users\hikma\Desktop\BitLord.lnk
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\Documents\BitLord
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\AppData\Roaming\BitLord
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\AppData\Local\BitLord
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\.QtWebEngineProcess
2017-06-25 17:43 - 2017-06-25 17:43 - 00000000 ____D C:\Users\hikma\.BitLord
2017-06-25 17:42 - 2017-06-25 17:43 - 00000000 ____D C:\Program Files (x86)\BitLord
2017-06-25 17:41 - 2017-06-25 17:41 - 01638344 _____ (Temibosafo ) C:\Users\hikma\Downloads\BitlordSetup_V9aL1L.exe
2017-06-25 12:50 - 2017-06-25 12:50 - 00001144 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2017-06-25 12:50 - 2017-06-25 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2017-06-25 12:50 - 2017-06-25 12:50 - 00000000 ____D C:\Program Files (x86)\MacroRecorder
2017-06-25 12:43 - 2017-06-28 16:08 - 00130146 _____ C:\Users\hikma\Desktop\For my Belgish friend.mcr
2017-06-25 11:35 - 2017-06-25 11:35 - 00000000 ____D C:\Users\hikma\AppData\Local\DBG
2017-06-25 11:21 - 2017-06-25 11:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-25 11:21 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-25 11:21 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-25 11:21 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-25 11:21 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-25 11:20 - 2017-06-29 02:17 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-25 11:20 - 2017-05-01 22:52 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-25 10:25 - 2017-06-25 10:25 - 01208320 _____ C:\Users\hikma\Desktop\Fifa 17 (Ver 3.3) refresh.exe
2017-06-24 22:38 - 2017-06-24 23:07 - 00000000 ____D C:\Users\hikma\Documents\Leapdroid
2017-06-24 22:38 - 2017-06-24 22:38 - 00001876 _____ C:\Users\Public\Desktop\Leapdroid VM2.lnk
2017-06-24 22:38 - 2017-06-24 22:38 - 00001876 _____ C:\Users\Public\Desktop\Leapdroid VM1.lnk
2017-06-24 22:38 - 2017-06-24 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapdroidVM
2017-06-24 22:37 - 2017-06-24 22:38 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Leapdroid
2017-06-24 22:37 - 2017-06-24 22:37 - 00000000 ____D C:\Program Files\Leapdroid
2017-06-24 22:36 - 2017-06-24 22:36 - 00000000 ____D C:\Users\hikma\AppData\Roaming\WinRAR
2017-06-24 22:36 - 2017-06-24 22:36 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-24 22:36 - 2017-06-24 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-24 22:36 - 2017-06-24 22:36 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-06-24 22:35 - 2017-06-24 22:35 - 01972424 _____ C:\Users\hikma\Downloads\wrar540.exe
2017-06-24 22:34 - 2017-06-24 22:36 - 284115957 _____ C:\Users\hikma\Downloads\[www.gigapurbalingga.com]_LdVMIF180.rar
2017-06-24 19:47 - 2017-06-24 19:10 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-24 19:43 - 2017-06-24 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-24 19:43 - 2017-06-24 19:43 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-24 19:32 - 2017-06-24 19:32 - 00000000 ____D C:\Users\hikma\AppData\Local\TeamViewer
2017-06-24 18:47 - 2017-06-28 15:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-24 18:47 - 2017-06-24 18:47 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-06-24 18:47 - 2017-06-24 18:47 - 00001108 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-06-24 18:47 - 2017-06-24 18:47 - 00000000 ____D C:\Users\hikma\AppData\Roaming\TeamViewer
2017-06-24 18:46 - 2017-06-24 18:46 - 15507008 _____ (TeamViewer GmbH) C:\Users\hikma\Downloads\TeamViewer_Setup.exe
2017-06-24 18:37 - 2017-06-24 18:37 - 00000000 ____D C:\users1
2017-06-24 18:05 - 2017-06-24 18:05 - 00000000 ____D C:\Users\hikma\AppData\Local\Geckofx
2017-06-24 18:04 - 2017-06-24 18:04 - 00000168 _____ C:\Users\hikma\Desktop\safe.ini
2017-06-24 17:55 - 2017-06-24 17:55 - 00000000 ____D C:\Users\hikma\.android
2017-06-24 17:49 - 2017-06-24 17:49 - 07136794 _____ C:\Users\hikma\Documents\GameGuardian.8_26.5.apk
2017-06-24 17:46 - 2017-06-24 17:46 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Mozilla
2017-06-24 17:41 - 2017-06-28 22:45 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-06-24 17:41 - 2017-06-24 17:41 - 00001648 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-06-24 17:41 - 2017-06-24 17:41 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-06-24 17:40 - 2017-06-24 17:40 - 00107216 _____ C:\Users\hikma\Downloads\gauhar.zip
2017-06-24 17:40 - 2017-06-24 17:40 - 00000000 ____D C:\Users\hikma\AppData\Local\Bluestacks
2017-06-24 17:39 - 2017-06-24 17:41 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-06-24 17:39 - 2017-05-24 08:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-06-24 17:36 - 2017-06-24 17:38 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\hikma\Downloads\BlueStacks2_native_fa8c12cef084437061f07176c64d9c6f.exe
2017-06-24 17:36 - 2017-06-24 17:36 - 00000000 ____D C:\Users\hikma\Documents\iPhone gegevens
2017-06-24 17:36 - 2017-06-24 17:36 - 00000000 ____D C:\Users\hikma\Documents\Codes
2017-06-24 17:32 - 2017-06-24 17:34 - 00000000 ____D C:\Users\hikma\AppData\Local\MSfree Inc
2017-06-24 17:23 - 2017-06-24 17:23 - 00002546 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype voor Bedrijven 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-hulpprogramma's
2017-06-24 17:20 - 2017-06-25 10:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-24 17:20 - 2017-06-24 17:20 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-24 17:18 - 2017-06-24 17:19 - 00000000 ___RD C:\Users\hikma\Documents\School
2017-06-24 17:18 - 2017-06-24 17:18 - 00000000 ____D C:\Users\hikma\Desktop\Root Bluestacks
2017-06-24 17:18 - 2017-05-19 22:28 - 00000081 _____ C:\Users\hikma\Documents\fifa mobile acc.txt
2017-06-24 17:18 - 2017-05-17 19:52 - 00000084 _____ C:\Users\hikma\Documents\keyloggerv.txt
2017-06-24 17:18 - 2017-05-16 21:18 - 00000156 _____ C:\Users\hikma\Documents\gmail.txt
2017-06-24 17:18 - 2017-05-12 16:07 - 00000113 _____ C:\Users\hikma\Documents\elhajhikmat codes.txt
2017-06-24 17:18 - 2017-05-11 16:01 - 00000153 _____ C:\Users\hikma\Documents\links roblox.txt
2017-06-24 17:18 - 2017-05-07 12:18 - 00000020 _____ C:\Users\hikma\Documents\code website.txt
2017-06-24 17:18 - 2017-05-01 13:09 - 00000350 _____ C:\Users\hikma\Documents\Keylogger hacks.txt
2017-06-24 17:18 - 2017-04-28 19:16 - 00000753 _____ C:\Users\hikma\Documents\filter.txt
2017-06-24 17:18 - 2017-04-07 23:31 - 00000216 _____ C:\Users\hikma\Documents\5 euro.txt
2017-06-24 17:18 - 2017-03-04 14:19 - 00000101 _____ C:\Users\hikma\Documents\fifamobile.txt
2017-06-24 17:17 - 2017-06-24 17:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-24 17:17 - 2017-06-24 17:17 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Google
2017-06-24 17:11 - 2017-06-29 10:11 - 00000000 ___RD C:\Users\hikma\OneDrive
2017-06-24 17:11 - 2017-06-29 00:58 - 00000000 ____D C:\Users\hikma\AppData\Local\Google
2017-06-24 17:11 - 2017-06-28 23:20 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-24 17:11 - 2017-06-24 17:12 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-24 17:11 - 2017-06-24 17:12 - 00002391 _____ C:\Users\hikma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-24 17:11 - 2017-06-24 17:11 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-24 17:11 - 2017-06-24 17:11 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Skype
2017-06-24 17:10 - 2017-06-24 17:10 - 00000000 ____D C:\Users\hikma\AppData\Local\MicrosoftEdge
2017-06-24 17:10 - 2017-06-24 17:10 - 00000000 ____D C:\Users\hikma\AppData\Local\Comms
2017-06-24 17:09 - 2017-06-24 17:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-24 17:07 - 2017-06-29 10:10 - 00000000 __SHD C:\Users\hikma\IntelGraphicsProfiles
2017-06-24 17:07 - 2017-06-25 18:02 - 00000000 ____D C:\Users\hikma\AppData\Local\Packages
2017-06-24 17:07 - 2017-06-25 17:12 - 00000000 ____D C:\Users\hikma\AppData\Local\Publishers
2017-06-24 17:07 - 2017-06-24 22:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-24 17:07 - 2017-06-24 17:08 - 00000000 ____D C:\Users\hikma\AppData\Local\ConnectedDevicesPlatform
2017-06-24 17:07 - 2017-06-24 17:07 - 00000000 ____D C:\Users\hikma\AppData\Roaming\Adobe
2017-06-24 17:07 - 2017-06-24 17:07 - 00000000 ____D C:\Users\hikma\AppData\Local\VirtualStore
2017-06-24 17:07 - 2017-06-24 17:07 - 00000000 ____D C:\Users\hikma\AppData\Local\TileDataLayer
2017-06-24 17:06 - 2017-06-28 11:10 - 00000000 ____D C:\Users\hikma
2017-06-24 17:06 - 2017-06-24 17:06 - 00000020 ___SH C:\Users\hikma\ntuser.ini
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Sjablonen
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Netwerkprinteromgeving
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Mijn documenten
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Menu Start
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Documents\Mijn video's
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Documents\Mijn muziek
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\Documents\Mijn afbeeldingen
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2017-06-24 17:06 - 2017-06-24 17:06 - 00000000 _SHDL C:\Users\hikma\AppData\Local\Geschiedenis
2017-06-24 14:08 - 2017-06-29 00:52 - 02209188 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-24 14:06 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Public\Documents\Mijn video's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Public\Documents\Mijn muziek
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Public\Documents\Mijn afbeeldingen
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Sjablonen
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Netwerkprinteromgeving
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Mijn documenten
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Menu Start
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Documents\Mijn video's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Documents\Mijn muziek
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\Documents\Mijn afbeeldingen
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default\AppData\Local\Geschiedenis
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User\Documents\Mijn video's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User\Documents\Mijn muziek
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User\Documents\Mijn afbeeldingen
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Geschiedenis
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\Default User
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Users\All Users
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\ProgramData\Sjablonen
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programma's
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\ProgramData\Menu Start
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\ProgramData\Documenten
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\ProgramData\Bureaublad
2017-06-24 14:03 - 2017-06-24 14:03 - 00000000 _SHDL C:\Documents and Settings
2017-06-24 14:01 - 2017-06-24 14:01 - 00000000 ____D C:\ProgramData\USOShared
2017-06-24 13:56 - 2017-06-24 13:56 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-06-24 13:56 - 2017-05-01 22:51 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-24 13:56 - 2017-05-01 22:51 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-24 13:56 - 2017-04-25 23:11 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-24 13:55 - 2017-06-29 10:10 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-24 13:55 - 2017-06-25 11:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-24 13:55 - 2017-06-25 11:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-24 13:55 - 2017-06-24 14:06 - 00000000 ____D C:\Intel
2017-06-24 13:55 - 2017-06-24 13:55 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-24 13:55 - 2017-06-24 13:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-24 13:55 - 2017-06-24 13:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-24 13:55 - 2017-06-24 13:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-24 13:55 - 2017-06-24 13:55 - 00000000 ____D C:\Program Files\Realtek
2017-06-24 13:55 - 2017-06-24 13:55 - 00000000 ____D C:\Program Files\Intel
2017-06-24 13:55 - 2017-05-18 07:56 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-24 13:55 - 2017-05-18 07:56 - 00427608 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-24 13:54 - 2017-06-24 13:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-06-24 13:50 - 2017-06-29 00:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-24 13:49 - 2017-06-29 13:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-24 13:49 - 2017-06-24 22:53 - 00384216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-24 13:49 - 2017-06-24 13:50 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-24 13:01 - 2017-06-24 13:01 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-06-24 13:00 - 2017-06-24 13:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-24 12:59 - 2017-06-24 12:59 - 00000000 ____D C:\Program Files\Elantech
2017-06-24 12:58 - 2017-06-24 12:58 - 00000000 ____D C:\WINDOWS\Setup
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\OCR
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\Program Files\MSBuild
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-24 12:56 - 2017-06-24 12:56 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-24 12:55 - 2017-06-29 00:52 - 01005492 _____ C:\WINDOWS\system32\perfh013.dat
2017-06-24 12:55 - 2017-06-29 00:52 - 00214188 _____ C:\WINDOWS\system32\perfc013.dat
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-06-24 12:55 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\nl
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\system32\nl
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\system32\0409
2017-06-24 12:55 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-06-24 12:55 - 2017-06-24 12:54 - 00347800 _____ C:\WINDOWS\system32\perfi013.dat
2017-06-24 12:55 - 2017-06-24 12:54 - 00045450 _____ C:\WINDOWS\system32\perfd013.dat
2017-06-24 12:52 - 2017-04-29 03:05 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-24 12:52 - 2017-04-29 03:05 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-24 12:50 - 2017-06-24 13:00 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-24 12:50 - 2017-06-24 12:47 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-06-24 12:50 - 2017-06-24 12:47 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-06-24 12:50 - 2017-06-24 12:47 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-06-24 12:50 - 2017-06-24 12:47 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-06-24 12:50 - 2017-06-24 12:47 - 00017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-06-24 12:50 - 2017-06-24 12:47 - 00015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-06-24 12:50 - 2017-06-24 12:47 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-06-24 12:50 - 2017-06-24 12:47 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-06-24 12:50 - 2017-06-24 12:47 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-06-24 12:50 - 2017-06-24 12:47 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-06-24 12:50 - 2017-06-24 12:47 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-06-24 12:50 - 2017-06-24 12:47 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-06-24 12:50 - 2017-06-24 12:47 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-06-24 12:49 - 2017-06-29 11:39 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-24 12:49 - 2017-06-29 10:14 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-24 12:49 - 2017-06-29 10:14 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-24 12:49 - 2017-06-29 00:26 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-06-24 12:49 - 2017-06-28 16:15 - 00000000 ____D C:\WINDOWS\rescache
2017-06-24 12:49 - 2017-06-28 11:15 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-24 12:49 - 2017-06-26 18:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-24 12:49 - 2017-06-26 04:43 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-24 12:49 - 2017-06-25 21:34 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-24 12:49 - 2017-06-25 21:34 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-24 12:49 - 2017-06-25 11:17 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-24 12:49 - 2017-06-25 10:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-24 12:49 - 2017-06-24 22:49 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-24 12:49 - 2017-06-24 22:49 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-24 12:49 - 2017-06-24 22:49 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-24 12:49 - 2017-06-24 22:49 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-24 12:49 - 2017-06-24 22:49 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-24 12:49 - 2017-06-24 22:48 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-24 12:49 - 2017-06-24 22:48 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-24 12:49 - 2017-06-24 17:41 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-24 12:49 - 2017-06-24 17:06 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-24 12:49 - 2017-06-24 14:06 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-24 12:49 - 2017-06-24 14:06 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-24 12:49 - 2017-06-24 14:03 - 00000000 ____D C:\Program Files\Windows NT
2017-06-24 12:49 - 2017-06-24 14:01 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-24 12:49 - 2017-06-24 14:00 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-24 12:49 - 2017-06-24 13:57 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-24 12:49 - 2017-06-24 13:57 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-06-24 12:49 - 2017-06-24 13:57 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-24 12:49 - 2017-06-24 13:56 - 00000000 ____D C:\WINDOWS\Help
2017-06-24 12:49 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-06-24 12:49 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\SystemApps
2017-06-24 12:49 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-06-24 12:49 - 2017-06-24 12:56 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\system32\setup
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\system32\Com
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\WINDOWS\IME
2017-06-24 12:49 - 2017-06-24 12:55 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 __RSD C:\WINDOWS\Media
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\ias
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\Registration
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-06-24 12:49 - 2017-06-24 12:50 - 00000000 ____D C:\WINDOWS\Cursors
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Web
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Vss
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\tracing
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SystemResources
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\ras
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\Hydrogen
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\System
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SKB
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\security
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\schemas
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\SchCache
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Resources
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\PLA
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Performance
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Globalization
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\Branding
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\addins
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files\Windows Security
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files\Common Files\Services
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-06-24 12:49 - 2017-06-24 12:49 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-06-24 12:49 - 2017-06-24 12:47 - 00000219 _____ C:\WINDOWS\system.ini
2017-06-24 12:49 - 2017-06-24 12:47 - 00000092 _____ C:\WINDOWS\win.ini
2017-06-24 12:48 - 2017-06-29 00:25 - 00000000 ____D C:\WINDOWS\INF
2017-06-24 12:41 - 2017-06-25 23:09 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-24 12:36 - 2017-06-29 00:45 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-24 12:36 - 2017-06-25 11:17 - 00000000 ____D C:\WINDOWS\servicing
2017-06-24 12:36 - 2017-06-24 14:05 - 00000000 ____D C:\WINDOWS\Panther
2017-06-24 12:36 - 2017-06-24 13:51 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-24 12:36 - 2017-06-24 12:49 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-06-24 11:20 - 2017-06-24 13:04 - 00000000 ___HD C:\$SysReset
2017-06-14 13:38 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 13:38 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 13:38 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 13:38 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 13:38 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 13:38 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 13:38 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 13:38 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 13:38 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 13:38 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 13:38 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 13:38 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 13:38 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 13:38 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 13:38 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 13:38 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 13:38 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 13:38 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 13:38 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 13:38 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 13:38 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 13:38 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 13:38 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 13:38 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 13:38 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 13:38 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 13:38 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 13:38 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 13:38 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 13:38 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 13:38 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 13:38 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 13:38 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 13:38 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 13:38 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 13:38 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 13:38 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 13:38 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 13:38 - 2017-05-20 11:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 13:38 - 2017-05-20 10:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 13:38 - 2017-05-20 10:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 13:38 - 2017-05-20 10:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 13:38 - 2017-05-20 10:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 13:38 - 2017-05-20 10:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 13:38 - 2017-05-20 10:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 13:38 - 2017-05-20 10:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 13:38 - 2017-05-20 10:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 13:38 - 2017-05-20 10:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 13:38 - 2017-05-20 10:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 13:38 - 2017-05-20 10:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 13:38 - 2017-05-20 10:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 13:38 - 2017-05-20 10:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 13:38 - 2017-05-20 10:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 13:38 - 2017-05-20 10:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 13:38 - 2017-05-20 10:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 13:38 - 2017-05-20 10:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 13:38 - 2017-05-20 10:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 13:38 - 2017-05-20 10:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 13:38 - 2017-05-20 10:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 13:38 - 2017-05-20 10:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 13:38 - 2017-05-20 10:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 13:38 - 2017-05-20 10:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 13:38 - 2017-05-20 10:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 13:38 - 2017-05-20 10:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 13:38 - 2017-05-20 10:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 13:38 - 2017-05-20 10:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 13:38 - 2017-05-20 10:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 13:38 - 2017-05-20 10:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 13:38 - 2017-05-20 10:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 13:38 - 2017-05-20 10:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 13:38 - 2017-05-20 10:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-06-14 13:38 - 2017-05-20 10:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 13:38 - 2017-05-20 10:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 13:38 - 2017-05-20 10:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 13:38 - 2017-05-20 10:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 13:38 - 2017-05-20 10:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 13:38 - 2017-05-20 10:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 13:38 - 2017-05-20 10:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 13:38 - 2017-05-20 10:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 13:38 - 2017-05-20 10:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 13:38 - 2017-05-20 10:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 13:38 - 2017-05-20 10:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 13:38 - 2017-05-20 10:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 13:38 - 2017-05-20 10:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 13:38 - 2017-05-20 10:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 13:38 - 2017-05-20 10:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 13:38 - 2017-05-20 10:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 13:38 - 2017-05-20 10:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 13:38 - 2017-05-20 10:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 13:38 - 2017-05-20 10:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 13:38 - 2017-05-20 09:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 13:38 - 2017-05-20 08:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 13:38 - 2017-05-20 08:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-14 13:38 - 2017-05-20 08:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-14 13:38 - 2017-05-20 08:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-14 13:38 - 2017-05-20 08:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-14 13:38 - 2017-05-20 08:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-14 13:38 - 2017-05-20 08:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-14 13:38 - 2017-05-20 08:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-14 13:37 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 13:37 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 13:37 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 13:37 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 13:37 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 13:37 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 13:37 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 13:37 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 13:37 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 13:37 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 13:37 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 13:37 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 13:37 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 13:37 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 13:37 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 13:37 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 13:37 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 13:37 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 13:37 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 13:37 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 13:37 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 13:37 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 13:37 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 13:37 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 13:37 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 13:37 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 13:37 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 13:37 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 13:37 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 13:37 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 13:37 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 13:37 - 2017-05-20 09:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 13:37 - 2017-05-20 08:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 13:37 - 2017-05-20 08:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 13:37 - 2017-05-20 08:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 13:37 - 2017-05-20 08:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 13:37 - 2017-05-20 08:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-14 13:37 - 2017-05-20 08:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 13:37 - 2017-05-20 08:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-14 13:37 - 2017-05-20 08:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 13:37 - 2017-05-20 08:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 13:37 - 2017-05-20 08:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-14 13:37 - 2017-05-20 08:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-14 13:37 - 2017-05-20 08:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-14 13:37 - 2017-05-20 08:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-14 13:37 - 2017-05-20 08:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-14 13:37 - 2017-05-20 08:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-14 13:37 - 2017-05-20 08:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-14 13:37 - 2017-05-20 08:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 13:37 - 2017-05-20 08:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 13:37 - 2017-05-20 08:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-06-14 13:37 - 2017-05-20 08:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-14 13:37 - 2017-05-20 08:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-14 13:37 - 2017-05-20 08:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-14 13:37 - 2017-05-20 07:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-14 13:37 - 2017-05-20 07:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 13:37 - 2017-05-20 07:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 13:37 - 2017-05-20 07:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-14 13:37 - 2017-05-20 07:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-14 13:37 - 2017-05-20 07:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 13:37 - 2017-05-20 07:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 13:37 - 2017-05-20 07:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 13:37 - 2017-05-20 07:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-14 13:37 - 2017-05-20 07:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-14 13:37 - 2017-05-20 07:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-14 13:37 - 2017-05-20 07:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-14 13:36 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 13:36 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 13:36 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 13:36 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 13:36 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 13:36 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 13:36 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 13:36 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 13:36 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 13:36 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 13:36 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 13:36 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 13:36 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 13:36 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 13:36 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 13:36 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 13:36 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 13:36 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 13:36 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 13:36 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 13:36 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 13:36 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 13:36 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 13:36 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 13:36 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 13:36 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 13:36 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 13:36 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 13:36 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 13:36 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 13:36 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 13:36 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 13:36 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 13:36 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 13:36 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 13:36 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 13:36 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 13:36 - 2017-05-20 10:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 13:36 - 2017-05-20 09:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-14 13:36 - 2017-05-20 09:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 13:36 - 2017-05-20 08:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-14 13:36 - 2017-05-20 08:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 13:36 - 2017-05-20 08:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-14 13:36 - 2017-05-20 08:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-14 13:36 - 2017-05-20 08:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-14 13:36 - 2017-05-20 08:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 13:36 - 2017-05-20 08:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-14 13:36 - 2017-05-20 08:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-14 13:36 - 2017-05-20 08:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-14 13:36 - 2017-05-20 08:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-14 13:36 - 2017-05-20 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-14 13:36 - 2017-05-20 08:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-14 13:36 - 2017-05-20 08:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-14 13:36 - 2017-05-20 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-14 13:36 - 2017-05-20 08:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 13:36 - 2017-05-20 08:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 13:36 - 2017-05-20 08:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-14 13:36 - 2017-05-20 08:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-14 13:36 - 2017-05-20 08:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-14 13:36 - 2017-05-20 08:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-14 13:36 - 2017-05-20 08:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 13:36 - 2017-05-20 08:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-14 13:36 - 2017-05-20 08:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-14 13:36 - 2017-05-20 08:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-14 13:36 - 2017-05-20 08:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-14 13:36 - 2017-05-20 08:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-14 13:36 - 2017-05-20 08:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-14 13:36 - 2017-05-20 08:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-14 13:36 - 2017-05-20 08:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-14 13:36 - 2017-05-20 08:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-14 13:36 - 2017-05-20 08:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-14 13:36 - 2017-05-20 08:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-14 13:36 - 2017-05-20 07:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-14 13:36 - 2017-05-20 07:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 13:36 - 2017-05-20 07:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-14 13:36 - 2017-05-20 07:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-14 13:36 - 2017-05-20 07:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 13:36 - 2017-05-20 07:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-14 13:36 - 2017-05-20 07:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 13:36 - 2017-05-20 07:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 13:36 - 2017-05-20 07:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-14 13:36 - 2017-05-20 07:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 13:36 - 2017-05-20 07:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 13:36 - 2017-05-20 07:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-14 13:36 - 2017-05-20 07:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-14 13:36 - 2017-05-20 07:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-14 13:36 - 2017-05-20 07:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-14 13:36 - 2017-05-20 07:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-14 13:36 - 2017-05-20 07:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 13:36 - 2017-05-20 07:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-14 13:36 - 2017-05-20 07:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-14 13:36 - 2017-05-20 07:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


==================== Bestanden in de root van sommige mappen =======

2017-06-25 21:19 - 2017-06-25 21:19 - 0049472 _____ () C:\ProgramData\agent.1498418359.bdinstall.bin
2017-06-25 21:30 - 2017-06-25 21:30 - 0466165 _____ () C:\ProgramData\cl.1498418602.bdinstall.bin
2017-06-29 00:25 - 2017-06-29 00:25 - 0216696 _____ () C:\ProgramData\cl.uninstall.1498688601.bdinstall.bin
2017-06-25 21:31 - 2017-06-25 21:31 - 0056456 _____ () C:\ProgramData\dm.1498419035.bdinstall.bin
2017-06-29 00:23 - 2017-06-29 00:23 - 0035978 _____ () C:\ProgramData\dm.uninstall.1498688612.bdinstall.bin
2017-06-24 17:11 - 2017-06-24 17:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Sommige bestanden in TEMP:
====================
2017-01-26 09:26 - 2017-01-26 09:26 - 4297200 _____ (Bandicam Company) C:\Users\hikma\AppData\Local\Temp\bdfilters.dll
2017-06-29 01:01 - 2017-06-29 01:01 - 13460656 _____ (Reimage) C:\Users\hikma\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2017-06-24 13:49

==================== Eind van FRST.txt ============================
 
En dan addition:

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 29-06-2017
Gestart door hikma (29-06-2017 13:58:44)
Gestart vanaf C:\Users\hikma\Desktop
Windows 10 Home Versie 1703 (X64) (2017-06-24 12:05:35)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2934984055-1632560249-2123969850-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2934984055-1632560249-2123969850-503 - Limited - Disabled)
Gast (S-1-5-21-2934984055-1632560249-2123969850-501 - Limited - Disabled)
hikma (S-1-5-21-2934984055-1632560249-2123969850-1001 - Administrator - Enabled) => C:\Users\hikma

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.2.1258 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.49 - Bitdefender)
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
LeapdroidVM (HKLM-x32\...\LeapdroidVM) (Version: - LeapdroidVM)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA Grafisch stuurprogramma 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.5.8 - Reimage) <==== AANDACHT
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {0DDF1DE9-4466-4102-9CB0-0D9288497ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {233F159D-986B-42E4-A4E4-5D07BA239772} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {3BEEDC84-31EF-4254-949A-D45897B0BA7B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {3F49DAB4-5AB8-43B3-901C-26DAF6A9D269} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-24] ()
Task: {5686EB66-5A9D-4BFE-829F-EC8D8D267BA5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-24] (Microsoft Corporation)
Task: {618C61EF-5E30-4A5E-ACDE-634FB0DD1175} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-24] ()
Task: {7D8CDCD4-AA3A-4FD9-AD01-53AC383D6036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-28] (Google Inc.)
Task: {80B2B552-347C-4658-857D-A917C64EBE88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {C705AA35-6DBC-4622-99DA-29A96CFFD493} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-05-10] (Reimage ltd.) <==== AANDACHT
Task: {ECBE2E5B-4991-4368-AC02-3A4C1DA811FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-24] (Microsoft Corporation)
Task: {F0261781-A49B-4C49-838A-F2156717F382} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage®) <==== AANDACHT

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)


==================== Snelkoppelingen & WMI ========================

(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)


==================== Geladen Modules (gefilterd) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-09-30 20:39 - 2015-09-30 20:39 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-24 17:44 - 2017-06-24 17:45 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-24 17:44 - 2017-06-24 17:45 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-24 17:44 - 2017-06-24 17:45 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-24 17:44 - 2017-06-24 17:45 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

AlternateDataStreams: C:\Users\hikma\Downloads\bdcamsetup.exe:BDU [0]
AlternateDataStreams: C:\Users\hikma\Downloads\npp.7.4.2.Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\hikma\Downloads\OriginThinSetup.exe:BDU [0]

==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


==================== Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2017-06-24 12:50 - 2017-06-28 23:32 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hikma\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{6c70eef1-b905-4405-8128-698aa8c82cd6}.jpeg
DNS Servers: 195.130.131.2 - 195.130.130.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [{ABFBEDD8-6582-42D6-9355-B62356B520D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0C0CDBC0-FA9F-41DC-88BB-6E12727AE75F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{99B30518-D2C3-40EB-B3B6-7C2EBF29AB24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{481FC855-6198-40F2-8D96-44D4C73CECBE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{045DB622-389E-4DB5-89E0-02926146D48A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49AF966B-631A-45C2-BF87-F6B822522326}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51D75D5D-B5FB-428F-ACB5-E1E17A1F59C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{47FF7A3D-FD1E-407C-8358-A92320050C48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CD382711-147F-4F6B-B52F-538C761B8E36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E0161A78-2075-41E7-83A2-43F4C020FB6A}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{075D3BAD-A03D-48A6-B5FB-87D3ECF58190}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{3D7C3490-85B2-4277-912F-CB829EF837BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Herstelpunten =========================


==================== Defecte Apparaatbeheer Apparaten =============


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (06/29/2017 10:11:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/29/2017 10:11:25 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/29/2017 10:11:25 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2017 10:11:25 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/29/2017 10:11:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/29/2017 10:11:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/29/2017 10:11:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/29/2017 02:15:47 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2017 01:02:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2017 12:48:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Systeemfouten:
=============
Error: (06/29/2017 01:53:16 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/29/2017 01:53:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 01:25:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 01:25:55 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/29/2017 11:32:23 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/29/2017 11:32:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 10:41:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 10:41:29 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/29/2017 10:10:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2017 10:10:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The toepassingsspecifiek permission settings do not grant Lokaal Activeren permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Niet beschikbaar SID (Niet beschikbaar). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-06-27 13:47:09.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-26 08:41:47.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-25 21:28:52.349
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-25 16:57:03.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-24 22:52:07.009
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Leapdroid\VM\LeapdroidVMDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 22:38:19.644
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Leapdroid\VM\LeapdroidVMDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Geheugen info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage geheugen in gebruik: 49%
Totaal fysiek RAM-geheugen: 5800.27 MB
Beschikbaar fysiek RAM-geheugen: 2923.59 MB
Totaal Virtueel geheugen: 6760.27 MB
Beschikbaar Virtual geheugen: 3489.7 MB

==================== Schijven ================================

Drive c: (Acer) (Fixed) (Total:448.18 GB) (Free:414.53 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F71E763A)

Partition: GPT.

==================== Eind van Addition.txt ============================
 
Heb jij zelf Reimage geïnstalleerd?
In ieder geval - dat is volkomen ongewenste software.
Twee dagen geleden heb jij BitDefender geïnstalleerd - of Bitdefender is nog niet compatibel of er is bij de installatie iets verkeerds gegaan.
FRST geeft aan dat Windows Defender de hoofdantivirus is.

Verder heb jij een nVidia grafische kaart, waarom zit dan Vulkan RT van AMD in jouw Windows?
Het is namelijk speciaal ontworpen voor AMD grafische kaarten!


Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster in het lege kladblokvenster.

Code:
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restrictie - Chrome
C:\Program Files\Reimage
Task: {C705AA35-6DBC-4622-99DA-29A96CFFD493} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-05-10] (Reimage ltd.)
Task: {F0261781-A49B-4C49-838A-F2156717F382} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage®)

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
Ik zag ergens dat reimage mijn pc kon helpen dus heb ik dat geprobeerd. Je moest ervoor betalen.

Ik heb bitdefender geinstalleerd en daarna verwijderd. Ik zocht naar een gratis licence en daardoor heb ik ook het virus gedownload :(

Vulkan RT zit op mijn laptop om een probleem op te lossen. Bluestacks blokkeerde steeds na een aantal minuten en een vriend met bijna dezelfde laptop als mij had hetzelfde probleem en hij heeft mijn probleem met teamviewer kunnen oplossen
 
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 29-06-2017
Gestart door hikma (29-06-2017 23:20:22) Run:1
Gestart vanaf C:\Users\hikma\Desktop
Geladen Profielen: hikma (Beschikbare Profielen: hikma)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restrictie - Chrome
C:\Program Files\Reimage
Task: {C705AA35-6DBC-4622-99DA-29A96CFFD493} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-05-10] (Reimage ltd.)
Task: {F0261781-A49B-4C49-838A-F2156717F382} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage�)

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
C:\WINDOWS\system32\GroupPolicy\Machine => is succesvol verplaatst
C:\WINDOWS\system32\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst
C:\Program Files\Reimage => is succesvol verplaatst
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C705AA35-6DBC-4622-99DA-29A96CFFD493} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C705AA35-6DBC-4622-99DA-29A96CFFD493} => sleutel is succesvol verwijderd
C:\WINDOWS\System32\Tasks\Reimage Reminder => is succesvol verplaatst
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0261781-A49B-4C49-838A-F2156717F382} => sleutel is succesvol verwijderd
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0261781-A49B-4C49-838A-F2156717F382} => sleutel is succesvol verwijderd
C:\WINDOWS\System32\Tasks\ReimageUpdater => is succesvol verplaatst
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => sleutel is succesvol verwijderd

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= Eind van CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71759494 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 4572448 B
Edge => 9111734 B
Chrome => 198801563 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 8974 B
NetworkService => 8486 B
hikma => 905633750 B

RecycleBin => 10768615 B
EmptyTemp: => 1.1 GB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 23:21:55 ====
 
Ik denk dat het opgelost is! Bedankt!!!!!!!!!!!!!!!!!!!!!!!!
Kan ik weten hoe dit gekomen is?
Bedankt voor de hulp, als het toch niet gemaakt is laat ik je wel iets wete,n
 
Je denkt dus dat het probleem is opgelost.
Echter ook dat vieze ReimagePlus zit dieper in Windows dan jij denkt.

Download
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware.

  • Windows 2000 en Windows XP: dubbelklik op mbam-setup.exe.
  • Windows Vista, Windows 7, Windows 8: en Windows 10: via rechtsklik op mbam-setup.exe en kies voor "Als Administrator uitvoeren".
  • Klik in het menu van Malwarebytes ANTI-MALWARE op Instellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".
  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  • Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.

  • Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
  • Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
  • Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
  • Klik op de nieuwste Scan Log.
  • Klik op "Exporteer" en kies de optie "Tekstbestand (*.txt)".
    5557b93ba94ab-Malwarebytes_Exporteer_ScanLog.png
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
    532aab157609a-MBAM-Scan.png

MBAM-Log posten:
  • Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.


Indien jij MBAM meteen als gratis versie wil gebruiken in plaatst van de veertien dagen durende demo met al zijn toeters en bellen te gebruiken, kijk dan hier
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/30/17
Scan Time: 3:28 PM
Log File: tekst.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2262
License: Trial

-System Information-
OS: Windows 10 (Build 15063.413)
CPU: x64
File System: NTFS
User: DESKTOP-9OP5E15\hikma

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364023
Threats Detected: 81
Threats Quarantined: 81
Time Elapsed: 10 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 29
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1088], [332494],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1088], [327205],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1088], [327206],1.0.2262
PUP.Optional.Reimage, HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\SOFTWARE\Reimage, Quarantined, [1088], [357494],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1088], [327193],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarantined, [1088], [327200],1.0.2262
PUP.Optional.Reimage, HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1088], [327203],1.0.2262
PUP.Optional.Reimage, HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1088], [327204],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reimage Repair, Quarantined, [1088], [327201],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarantined, [1088], [327200],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Quarantined, [1088], [332504],1.0.2262
PUP.Optional.Reimage, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReimageRealTimeProtector, Quarantined, [1088], [327202],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1088], [336077],1.0.2262

Registry Value: 4
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, Quarantined, [1088], [327200],1.0.2262
PUP.Optional.Reimage, HKU\S-1-5-21-2934984055-1632560249-2123969850-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1088], [327204],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, Quarantined, [1088], [327200],1.0.2262
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Quarantined, [1088], [332504],1.0.2262

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REIMAGE REPAIR, Quarantined, [1088], [327185],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Temp\20170629_0102\DownloaderTemp, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Temp\20170629_0102, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Temp, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\REI, Quarantined, [1088], [327187],1.0.2262

File: 36
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR\CFL.REI, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\active_protection.txt, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\scan_agent_result_log.txt, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\url_setting_definitions.txt, Quarantined, [1088], [327186],1.0.2262
PUP.Optional.Reimage, C:\USERS\PUBLIC\DESKTOP\PC SCAN & REPAIR BY REIMAGE.LNK, Quarantined, [1088], [327183],1.0.2262
PUP.Optional.BundleInstaller, C:\USERS\HIKMA\DOWNLOADS\BITLORDSETUP_V9AL1L.EXE, Quarantined, [25], [409383],1.0.2262
PUP.Optional.Reimage, C:\USERS\HIKMA\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1088], [331559],1.0.2262
PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, Quarantined, [1188], [329423],1.0.2262
PUP.Optional.Reimage, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REIMAGE REPAIR\REIMAGE REPAIR.LNK, Quarantined, [1088], [327185],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair\Help & Support.lnk, Quarantined, [1088], [327185],1.0.2262
PUP.Optional.Reimage, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair\Run in safe mode.lnk, Quarantined, [1088], [327185],1.0.2262
PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\avupdate.conf, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\savapi3_restart.exe, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\savapi3_start.exe, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\AV\savapi3_stop.exe, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\debug-repair-2.log, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\debug-repair.log, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\Info_EnvironmentVars.res, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\Info_Installed.rec, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\JunkScanRes.xml, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\out.log, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\RegistryScanRes.xml, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170629_0102\StabilityScanRes.xml, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\Temp\20170629_0102\ApplicationList.ini, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\About.txt, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\cfl.rei, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\rei1858nvt.ini, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\reimage.qsr, Quarantined, [1088], [327187],1.0.2262
PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Quarantined, [1088], [327187],1.0.2262

Physical Sector: 0
(No malicious items detected)


(end)
 
We gaan door.


Graag de twee logs in één keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap •1•
Download
51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg
Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
  • Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
  • Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.
Junkware Removal Tool by Thisisu opstarten:
  • Windows 2000 en Windows XP: dubbelklik op JRT.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
  • JRT.exe zal daarna Windows gaan scannen.
  • Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
  • Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
  • Post de inhoud van dit log in je volgende bericht.

Stap •2•
Download
52186926180a1-adwcleaner_nieuw.png
AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
AdwCleaner opstarten:
  • Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".
AdwCleaner is opgestart:
  • Klik op de knop Scan
  • Is de scan gereed, klik dan op de knop Verwijderen
  • Klik bij AdwCleaner – Afsluiting van de programma's op OK
  • Klik bij AdwCleaner – Herstarten noodzakelijk op OK
AdwCleaner logbestand:
  • Nadat de PC opnieuw is opgestart, opent een logfile.
  • Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
  • Post vervolgens de inhoud van dit log in je volgende bericht.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by hikma (Administrator) on Fri 06/30/2017 at 18:26:50.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/30/2017 at 18:30:42.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





# AdwCleaner v6.047 - Logbestand aangemaakt 30/06/2017 op 20:11:29
# Bijgewerkt op 19/05/2017 door Malwarebytes
# Database : 2017-06-29.3 [Server]
# Besturingssysteem : Windows 10 Home (X64)
# Gebruikersnaam : hikma - DESKTOP-9OP5E15
# Gestart vanuit : C:\Users\hikma\Desktop\adwcleaner_6.047.exe
# Mode: Scannen
# Ondersteuning : Customer Support & Help Center



***** [ Services ] *****

Geen kwaadaardige services gevonden.


***** [ Mappen ] *****

Geen kwaadaardige mappen gevonden.


***** [ Bestanden ] *****

Geen kwaadaardige bestanden gevonden.


***** [ DLL ] *****

Geen kwaadaardige DLLs gevonden.


***** [ WMI ] *****

Geen kwaadaardige sleutels gevonden.


***** [ Snelkoppelingen ] *****

Geen geïnfecteerde snelkoppeling gevonden.


***** [ Geplande Taken ] *****

Geen kwaadaardige taak gevonden.


***** [ Register ] *****

Sleutel gevonden: [x64] HKLM\SOFTWARE\Reimage
Sleutel gevonden: HKLM\SOFTWARE\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik


***** [ Internetbrowsers ] *****

Geen kwaadaardige op Firefox gebaseerde browser items gevonden.
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Web data] - mpc safe search
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bdblcahgpgoandbbidibfjnlfkmpccaf
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - iinglghmhcgdgjjlafobajghjamdchik
Chromium pref gevonden: [C:\Users\hikma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kjpifmjicccpbkfjdkehimhgklfkbanh

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: Fix problems with Chrome sync - Android - Google Chrome Help [!]


*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2166 bytes] - [30/06/2017 20:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2239 bytes] ##########
 
Vertel eens, heb jij de Google Sync geactiveerd?
Indien ja, dan kan de malware binnen een mum van tijd weer teruggezet worden!
 
Ik heb google sync niet geactiveerd. Ik weet pas nu dat het bestaat
 
Prima.

Dan wil ik nu graag dat jij de Eset Online Scanner op de juiste wijze gaat gebruiken:

Zie daarvoor: Handleiding Eset Online scanner
Aansluitend graag het log ervan in jouw volgende antwoord posten.
 
C:\Users\hikma\Downloads\Bitdefender_Total_Security_2017_Key_With_Activation_Code_Till_2045.exe een variant van Win32/Adware.YoBrowser.W programma
C:\Users\hikma\OneDrive\Openbaar\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe een variant van MSIL/HackKMS.I potentieel onveilige toepassing
 
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster in het lege kladblokvenster.

Code:
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Users\hikma\Downloads\Bitdefender_Total_Security_2017_Key_With_Activation_Code_Till_2045.exe

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 29-06-2017
Gestart door hikma (02-07-2017 12:37:03) Run:2
Gestart vanaf C:\Users\hikma\Desktop
Geladen Profielen: hikma (Beschikbare Profielen: hikma)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Users\hikma\Downloads\Bitdefender_Total_Security_2017_Key_With_Activation_Code_Till_2045.exe

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
C:\Users\hikma\Downloads\Bitdefender_Total_Security_2017_Key_With_Activation_Code_Till_2045.exe => is succesvol verplaatst

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= Eind van CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48351520 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1957738 B
Edge => 838472 B
Chrome => 189494553 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4804 B
hikma => 92621596 B

RecycleBin => 109585710 B
EmptyTemp: => 429.9 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 12:38:49 ====
 
Gaat alles weer zoals jij het wenst?
Het valt me alleen op dat er al weer meer dan 400 MB aan rommel is verwijderd.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan