Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 02.01.2018 Gestart door Marianne (Beheerder) op BOESSENKOOL (04-01-2018 16:50:18) Gestart vanaf C:\Users\Marianne\Downloads Geladen Profielen: Marianne (Beschikbare Profielen: Marianne & Kids & Bennie & Yannick & Sylvan & maria_000) Platform: Windows 10 Home Versie 1607 14393.1944 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Safe Mode (with Networking) Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Users\Marianne\Downloads\HijackThis.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google) C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\SwReporter\24.137.203\software_reporter_tool.exe (Google) C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\SwReporter\24.137.203\software_reporter_tool.exe (Google) C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\SwReporter\24.137.203\software_reporter_tool.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\Marianne\Downloads\AVG_Remover.exe [7986864 2017-12-30] ( ) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== AANDACHT HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe, HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-02] (Google Inc.) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [LinkPointAssist] => C:\Users\Marianne\AppData\Roaming\LinkPoint360\Bin\LinkPointAssist.exe [342568 2016-08-27] (LinkPoint360) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [Google Update] => C:\Users\Marianne\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [Google Photos Backup] => C:\Users\Marianne\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated) HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\RunOnce: [Uninstall C:\Users\Marianne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marianne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C12].tx HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\MountPoints2: M - "M:\setup.exe" HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\MountPoints2: {11fc46b6-752a-11e7-83dc-801f02bcd255} - "G:\startme.exe" HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\...\MountPoints2: {86fb8509-705e-11e3-8279-d43d7eaf2948} - "M:\setup.exe" HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Fliqlo.scr [679936 2017-09-09] (ScreenTime Media) IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk [2014-07-20] ShortcutTarget: Device Monitor 4.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe (PIXELA CORPORATION) Startup: C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-06-28] ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\Marianne\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe () GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1016\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1011\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1010\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1008\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1006\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-2568666036-2492825527-1269742732-1002\User: Restrictie <==== AANDACHT CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT CHR HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation) Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{254da84d-8142-11e6-9b06-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{40336807-bdb1-4ecd-9a87-57e50d5d495e}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{40336807-bdb1-4ecd-9a87-57e50d5d495e}: [DhcpNameServer] 89.101.251.228 89.101.251.229 Tcpip\..\Interfaces\{5ebbb34b-e4d8-480f-92b2-4d9ae31839ff}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{5ebbb34b-e4d8-480f-92b2-4d9ae31839ff}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{96a66f46-4d49-41c6-b833-ea92f8daf805}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{c682c95a-f65d-4d16-bf7a-2274312336c0}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{f2434dbc-4d05-4cd9-a43a-9d62e59217bd}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e23a40d0 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e23a40d0 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2568666036-2492825527-1269742732-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e23a40d0 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e23a40d0&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e23a40d0&q={searchTerms} SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e23a40d0&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e23a40d0&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2568666036-2492825527-1269742732-1002 -> OldSearch URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e23a40d0&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-12-30] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-30] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-30] (Microsoft Corporation) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation) BHO-x32: KESIReaderBHO Class -> {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} -> C:\Program Files (x86)\Kurzweil Educational Systems\Common Files\KESIReaderIE.dll [2015-05-28] (TODO: ) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-30] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2568666036-2492825527-1269742732-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-2568666036-2492825527-1269742732-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-30] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Marianne\AppData\Roaming\TomTom\HOME\Profiles\uqrnfu9n.default [2016-12-21] FF Extension: (Emulator) - C:\Users\Marianne\AppData\Roaming\TomTom\HOME\Profiles\uqrnfu9n.default\Extensions\Navcore.9.510.1234792@tomtom.com [2014-08-15] [Verouderd] [ niet getekend] FF Extension: (Geen Naam) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [niet gevonden] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-18] [Verouderd] [ niet getekend] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFPlgn FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFPlgn [2018-01-04] [Verouderd] [ niet getekend] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-30] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-30] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-30] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2568666036-2492825527-1269742732-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Marianne\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-2568666036-2492825527-1269742732-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Marianne\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-2568666036-2492825527-1269742732-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marianne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: ghifackarapulyfinck CHR Profile: C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Default [2017-12-28] CHR Extension: (AFAS Personal Bijwerk Assistent) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdjnejhhklnclpkbnfmfimijnlmghfk [2017-05-25] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-25] CHR Extension: (Geen Naam) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-18] CHR Extension: (Chrome Media Router) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-25] CHR Profile: C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck [2018-01-04] <==== AANDACHT CHR Extension: (Documenten) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29] CHR Extension: (YouTube) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29] CHR Extension: (Norton Security Toolbar) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-12-30] CHR Extension: (Adobe Acrobat) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26] CHR Extension: (Spreadsheets) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Offline Documenten) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29] CHR Extension: (De ippies.nl Spaarhulp) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\idnomlffdbadkainngpiabkecmapeaad [2017-12-04] CHR Extension: (Norton Identity Safe) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-01-03] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29] CHR Extension: (Chrome Media Router) - C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\ghifackarapulyfinck\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR Profile: C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-02-24] CHR Profile: C:\Users\Marianne\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-24] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2017-12-30] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2017-12-30] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.) S2 appdrvrem01; C:\WINDOWS\System32\appdrvrem01.exe [551896 2015-10-18] (Protection Technology) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation) S2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-14] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-14] (Dropbox, Inc.) S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.) S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4935304 2017-11-22] (SurfRight B.V.) S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-01-18] () [Bestand niet getekend] S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation) S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH) S2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH) S2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [Bestand niet getekend] S2 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-10-30] (Advanced Micro Devices, Inc.) S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S1 appdrv01; C:\WINDOWS\System32\Drivers\appdrv01.sys [3852976 2015-10-18] (Protection Technology) S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-11] (Symantec Corporation) S1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation) S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-06-28] (Disc Soft Ltd) S1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [290528 2017-11-22] (SurfRight B.V.) S3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-11-22] (SurfRight B.V.) S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-11] (Symantec Corporation) S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [Bestand niet getekend] S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171229.008\ENG64.SYS [138880 2017-12-29] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20171229.008\EX64.SYS [2152064 2017-12-29] (Symantec Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.) S2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation) S1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2017-12-30] (Symantec Corporation) S1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation) S1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation) R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [51104 2016-08-02] (USBPcap) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-01-04 16:50 - 2018-01-04 16:51 - 000033455 _____ C:\Users\Marianne\Downloads\FRST.txt 2018-01-04 16:50 - 2018-01-04 16:50 - 000000000 ____D C:\FRST 2018-01-04 16:49 - 2018-01-04 16:49 - 002393088 _____ (Farbar) C:\Users\Marianne\Downloads\FRST64.exe 2018-01-04 15:58 - 2018-01-04 15:59 - 000388608 _____ (Trend Micro Inc.) C:\Users\Marianne\Downloads\HijackThis.exe 2018-01-03 19:46 - 2018-01-03 19:46 - 000002233 _____ C:\Users\Public\Desktop\Silhouette Studio.lnk 2018-01-03 19:45 - 2018-01-03 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette America 2017-12-30 15:19 - 2017-12-30 15:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2017-12-30 14:43 - 2017-12-30 14:43 - 000111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2017-12-30 14:43 - 2017-12-30 14:43 - 000008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2017-12-30 14:43 - 2017-12-30 14:43 - 000002421 _____ C:\Users\Public\Desktop\Norton Security.LNK 2017-12-30 14:43 - 2017-12-30 14:43 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2017-12-30 14:42 - 2017-12-30 14:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2017-12-30 14:42 - 2017-12-30 14:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64 2017-12-30 14:42 - 2017-12-30 14:42 - 000000000 ____D C:\Program Files (x86)\Norton Security 2017-12-30 14:24 - 2017-12-30 14:24 - 007986864 _____ ( ) C:\Users\Marianne\Downloads\AVG_Remover.exe 2017-12-30 14:24 - 2017-12-30 14:24 - 000000000 ____D C:\AVG_Remover 2017-12-30 13:48 - 2017-12-30 13:48 - 144845224 _____ (Symantec Corporation) C:\Users\Marianne\Downloads\NS_22.5.2.15_SYMTB_PROMO_4_MRFTT_CC010_13034-NL-NL.exe 2017-12-30 13:48 - 2017-12-30 13:48 - 000000000 ____D C:\Program Files (x86)\NortonInstaller 2017-12-30 13:17 - 2017-12-30 13:18 - 042151072 _____ (Microsoft Corporation) C:\Users\Marianne\Downloads\Windows-KB890830-x64-V5.55.exe 2017-12-30 12:40 - 2017-12-30 13:09 - 000002061 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-30 12:40 - 2017-12-30 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-30 12:39 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-30 12:35 - 2017-12-30 12:35 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-30 12:32 - 2017-12-30 12:33 - 083316440 _____ (Malwarebytes ) C:\Users\Marianne\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-30 12:25 - 2017-12-30 12:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-12-30 12:25 - 2017-12-30 12:25 - 000045704 _____ () C:\WINDOWS\system32\Drivers\staport.sys 2017-12-30 12:25 - 2017-12-30 12:25 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2017-12-30 12:23 - 2017-12-30 12:23 - 006654960 _____ (AVAST Software) C:\Users\Marianne\Downloads\avast_free_antivirus_setup_online_cnet1.exe 2017-12-30 00:27 - 2017-12-30 00:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-12-29 23:57 - 2017-12-30 00:06 - 000000000 ____D C:\Users\TEMP.Boessenkool.000\AppData\Local\ConnectedDevicesPlatform 2017-12-29 23:56 - 2017-12-30 00:06 - 000000000 ____D C:\Users\TEMP.Boessenkool.000 2017-12-29 21:04 - 2017-12-29 21:04 - 000001360 _____ C:\Users\Marianne\Desktop\Roblox Player.lnk 2017-12-29 21:04 - 2017-12-29 21:04 - 000001175 _____ C:\Users\Marianne\Desktop\Roblox Studio.lnk 2017-12-29 21:04 - 2017-12-29 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox 2017-12-29 11:41 - 2017-12-29 11:42 - 006242320 _____ (Microsoft Corporation) C:\Users\Marianne\Downloads\Windows10Upgrade9252 (2).exe 2017-12-29 11:37 - 2017-12-29 11:54 - 000000000 ____D C:\Windows10Upgrade 2017-12-29 11:37 - 2017-12-29 11:37 - 006242320 _____ (Microsoft Corporation) C:\Users\Marianne\Downloads\Windows10Upgrade9252 (1).exe 2017-12-29 11:37 - 2017-12-29 11:37 - 000000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk 2017-12-29 11:37 - 2017-12-29 11:37 - 000000723 _____ C:\Users\Marianne\Desktop\Windows 10 Update Assistant.lnk 2017-12-29 11:37 - 2017-12-29 11:37 - 000000000 ___HD C:\$GetCurrent 2017-12-29 11:36 - 2017-12-29 11:37 - 006242320 _____ (Microsoft Corporation) C:\Users\Marianne\Downloads\Windows10Upgrade9252.exe 2017-12-28 16:57 - 2017-12-28 16:57 - 000000000 ____D C:\Users\Marianne\AppData\Roaming\Panda Security 2017-12-28 16:56 - 2017-12-30 14:56 - 000000000 ____D C:\Program Files (x86)\Panda Security 2017-12-28 16:56 - 2017-12-29 23:59 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk 2017-12-28 16:56 - 2017-12-29 23:59 - 000002245 _____ C:\Users\Public\Desktop\Panda Protection.lnk 2017-12-28 16:56 - 2017-12-28 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection 2017-12-28 16:55 - 2017-12-28 16:55 - 060893616 _____ (Panda Security, S.L.) C:\Users\Marianne\Downloads\FREEAV.exe 2017-12-28 16:53 - 2017-12-30 14:49 - 000000000 ____D C:\ProgramData\Panda Security 2017-12-28 16:52 - 2017-12-28 16:53 - 001980152 _____ (Panda Security, S.L.) C:\Users\Marianne\Downloads\PANDAFREEAV.exe 2017-12-28 16:50 - 2017-12-28 16:50 - 002376368 _____ (Kaspersky Lab) C:\Users\Marianne\Downloads\kfa18.0.0.405aben_12579.exe 2017-12-28 16:48 - 2017-12-28 16:48 - 002415288 _____ (Kaspersky Lab) C:\Users\Marianne\Downloads\kfa18.0.0.405abnl_fr_13320.exe 2017-12-28 16:41 - 2017-12-28 16:42 - 003449296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Marianne\Downloads\Antivirus_Free_1895.exe 2017-12-28 16:41 - 2017-12-28 16:41 - 008198432 _____ (Malwarebytes) C:\Users\Marianne\Downloads\adwcleaner_7.0.6.0.exe 2017-12-28 16:39 - 2017-12-28 16:41 - 008172032 _____ (Malwarebytes) C:\Users\Marianne\Downloads\AdwCleaner (1).exe 2017-12-22 10:27 - 2017-12-22 10:27 - 038808920 _____ (Microsoft Corporation) C:\Users\Marianne\Downloads\FileFormatConverters.exe 2017-12-20 11:28 - 2017-12-20 11:28 - 000000000 ____D C:\$WINDOWS.~BT 2017-12-20 11:27 - 2017-12-20 11:27 - 000000000 ___HD C:\$SysReset 2017-12-18 15:45 - 2017-12-28 16:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-12-18 15:45 - 2017-12-18 15:45 - 002623496 _____ (Kaspersky Lab) C:\Users\Marianne\Downloads\kss16.0.0.1344mlg_10013.exe 2017-12-18 15:04 - 2017-12-18 15:04 - 008187336 _____ (Malwarebytes) C:\Users\Marianne\Downloads\adwcleaner_7.0.5.0.exe 2017-12-18 13:17 - 2017-12-18 13:17 - 000000000 _____ C:\Recovery.txt 2017-12-16 21:22 - 2017-12-16 21:22 - 000000000 ____D C:\Users\Sylvan\AppData\Roaming\PDF Architect 4 2017-12-15 19:33 - 2017-12-15 19:33 - 000822328 _____ (Roblox Corporation) C:\Users\Sylvan\Downloads\RobloxPlayerLauncher (1).exe 2017-12-15 19:31 - 2017-12-15 19:32 - 000822328 _____ (Roblox Corporation) C:\Users\Sylvan\Downloads\RobloxPlayerLauncher.exe 2017-12-15 16:24 - 2017-12-15 16:24 - 000822328 _____ (Roblox Corporation) C:\Users\Marianne\Downloads\RobloxPlayerLauncher (5).exe 2017-12-15 15:52 - 2017-12-15 15:52 - 000822328 _____ (Roblox Corporation) C:\Users\Marianne\Downloads\RobloxPlayerLauncher (4).exe 2017-12-15 15:52 - 2017-12-15 15:52 - 000822328 _____ (Roblox Corporation) C:\Users\Marianne\Downloads\RobloxPlayerLauncher (3).exe 2017-12-15 15:51 - 2017-12-15 15:52 - 000822328 _____ (Roblox Corporation) C:\Users\Marianne\Downloads\RobloxPlayerLauncher (2).exe 2017-12-15 15:51 - 2017-12-15 15:51 - 000822328 _____ (Roblox Corporation) C:\Users\Marianne\Downloads\RobloxPlayerLauncher (1).exe 2017-12-15 11:26 - 2017-12-15 11:27 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Dropbox 2017-12-15 11:26 - 2017-12-15 11:26 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Roaming\Canon 2017-12-15 11:26 - 2017-12-15 11:26 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Roaming\ATI 2017-12-15 11:26 - 2017-12-15 11:26 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\ATI 2017-12-15 11:26 - 2017-12-15 11:26 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\AMD 2017-12-15 11:25 - 2017-12-30 00:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2017-12-15 11:25 - 2017-12-15 11:25 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Roaming\Apple Computer 2017-12-15 11:25 - 2017-12-15 11:25 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Power2Go8 2017-12-15 11:25 - 2017-12-15 11:25 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Comms 2017-12-15 11:25 - 2017-12-15 11:25 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Adobe 2017-12-15 11:23 - 2017-12-15 11:23 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Publishers 2017-12-15 11:22 - 2017-12-15 11:25 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Packages 2017-12-15 11:22 - 2017-12-15 11:23 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\ConnectedDevicesPlatform 2017-12-15 11:22 - 2017-12-15 11:22 - 000000620 __RSH C:\Users\maria_000.BOESSENKOOL\ntuser.pol 2017-12-15 11:22 - 2017-12-15 11:22 - 000000020 ___SH C:\Users\maria_000.BOESSENKOOL\ntuser.ini 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Sjablonen 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Netwerkprinteromgeving 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Mijn documenten 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Menu Start 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Documents\Mijn video's 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Documents\Mijn muziek 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\Documents\Mijn afbeeldingen 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 _SHDL C:\Users\maria_000.BOESSENKOOL\AppData\Local\Geschiedenis 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Roaming\Adobe 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\VirtualStore 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\TileDataLayer 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Google 2017-12-15 11:22 - 2017-12-15 11:22 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\F-Secure 2017-12-15 11:22 - 2013-12-28 19:52 - 000001825 _____ C:\Users\maria_000.BOESSENKOOL\Desktop\ALDI Foto Service.lnk 2017-12-15 11:22 - 2013-12-28 19:52 - 000001817 _____ C:\Users\maria_000.BOESSENKOOL\Desktop\Welkom bij MEDION.lnk 2017-12-15 11:22 - 2013-12-28 19:52 - 000001803 _____ C:\Users\maria_000.BOESSENKOOL\Desktop\ALDI Talk.lnk 2017-12-15 11:22 - 2013-12-28 19:52 - 000001025 _____ C:\Users\maria_000.BOESSENKOOL\Desktop\Hartelijk welkom bij ALDI.lnk 2017-12-15 11:21 - 2017-12-15 15:33 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL 2017-12-15 11:21 - 2016-09-23 04:29 - 000000000 ____D C:\Users\maria_000.BOESSENKOOL\AppData\Local\Microsoft Help 2017-12-15 11:18 - 2017-12-15 11:18 - 000000017 _____ C:\Users\Marianne\AppData\Local\resmon.resmoncfg 2017-12-13 23:04 - 2017-12-13 23:04 - 000000000 ____D C:\Users\Sylvan\AppData\LocalLow\Temp 2017-12-13 12:43 - 2017-11-30 10:45 - 000982392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-12-13 12:43 - 2017-11-30 10:33 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-12-13 12:43 - 2017-11-30 10:29 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-12-13 12:43 - 2017-11-30 10:28 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-12-13 12:43 - 2017-11-30 10:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2017-12-13 12:43 - 2017-11-30 10:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2017-12-13 12:43 - 2017-11-30 10:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-12-13 12:43 - 2017-11-30 10:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2017-12-13 12:43 - 2017-11-30 10:25 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2017-12-13 12:43 - 2017-11-30 10:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe 2017-12-13 12:43 - 2017-11-30 10:25 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe 2017-12-13 12:43 - 2017-11-30 10:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2017-12-13 12:43 - 2017-11-30 10:25 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx 2017-12-13 12:43 - 2017-11-30 10:24 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-12-13 12:43 - 2017-11-30 10:24 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2017-12-13 12:43 - 2017-11-30 10:24 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2017-12-13 12:43 - 2017-11-30 10:24 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll 2017-12-13 12:43 - 2017-11-30 10:23 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll 2017-12-13 12:43 - 2017-11-30 10:23 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-12-13 12:43 - 2017-11-30 10:23 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll 2017-12-13 12:43 - 2017-11-30 10:22 - 019411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-12-13 12:43 - 2017-11-30 10:22 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-12-13 12:43 - 2017-11-30 10:22 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-12-13 12:43 - 2017-11-30 10:21 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-12-13 12:43 - 2017-11-30 10:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2017-12-13 12:43 - 2017-11-30 10:17 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2017-12-13 12:43 - 2017-11-30 10:16 - 006066688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-12-13 12:43 - 2017-11-30 10:16 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-12-13 12:43 - 2017-11-30 10:16 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-12-13 12:43 - 2017-11-30 10:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2017-12-13 12:43 - 2017-11-30 10:15 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-12-13 12:43 - 2017-11-30 10:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2017-12-13 12:43 - 2017-11-30 10:14 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-12-13 12:43 - 2017-11-30 10:14 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2017-12-13 12:43 - 2017-11-30 10:14 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-12-13 12:43 - 2017-11-30 09:22 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-12-13 12:43 - 2017-11-30 09:15 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-12-13 12:43 - 2017-11-30 08:53 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-12-13 12:43 - 2017-11-30 08:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-12-13 12:43 - 2017-11-30 08:42 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-12-13 12:43 - 2017-11-30 08:42 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe 2017-12-13 12:43 - 2017-11-30 08:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe 2017-12-13 12:43 - 2017-11-30 08:39 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2017-12-13 12:43 - 2017-11-30 08:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-12-13 12:43 - 2017-11-30 08:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll 2017-12-13 12:43 - 2017-11-30 08:38 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-12-13 12:43 - 2017-11-30 08:37 - 008118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2017-12-13 12:43 - 2017-11-30 08:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2017-12-13 12:43 - 2017-11-30 08:36 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-12-13 12:43 - 2017-11-30 08:36 - 013108224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-12-13 12:43 - 2017-11-30 08:36 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2017-12-13 12:43 - 2017-11-30 08:36 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2017-12-13 12:43 - 2017-11-30 08:36 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2017-12-13 12:43 - 2017-11-30 08:34 - 004739584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-12-13 12:43 - 2017-11-30 08:33 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-12-13 12:43 - 2017-11-30 08:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-12-13 12:43 - 2017-11-30 08:33 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2017-12-13 12:43 - 2017-11-30 08:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-12-13 12:43 - 2017-11-30 08:32 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-12-13 12:43 - 2017-11-30 08:32 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2017-12-13 12:43 - 2017-03-04 07:19 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-12-13 12:43 - 2016-09-07 05:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2017-12-13 12:42 - 2017-11-30 09:17 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-12-13 12:42 - 2017-11-30 09:16 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-12-13 12:42 - 2017-11-30 09:16 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-12-13 12:42 - 2017-11-30 09:16 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-12-13 12:42 - 2017-11-30 08:50 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-12-13 12:42 - 2017-11-30 08:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-12-13 12:42 - 2017-11-30 08:44 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2017-12-13 12:42 - 2017-11-30 08:41 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-12-13 12:42 - 2017-11-30 08:37 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll 2017-12-13 12:42 - 2017-11-30 08:36 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-12-06 20:28 - 2017-12-06 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-01-04 16:27 - 2016-09-23 04:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-01-04 15:55 - 2017-04-12 13:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-01-04 15:52 - 2014-07-11 11:27 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-01-04 15:49 - 2016-09-23 05:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-04 15:47 - 2017-04-12 17:43 - 000000000 ____D C:\ProgramData\HitmanPro.Alert 2018-01-04 13:49 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-01-03 20:18 - 2016-07-16 07:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2018-01-03 20:16 - 2016-09-23 04:10 - 000000000 ____D C:\Users\Marianne 2018-01-03 19:47 - 2016-05-08 09:17 - 000000000 ____D C:\Users\Marianne\AppData\Roaming\com.silhouettesoftware 2018-01-03 19:46 - 2017-09-01 12:54 - 000009620 _____ C:\Users\Marianne\Documents\Silhouette Studio Permissions Debug 2018-01-03 19:45 - 2016-09-04 12:36 - 000000000 ____D C:\Program Files (x86)\Silhouette America 2018-01-03 19:44 - 2014-12-30 16:23 - 000000000 ____D C:\Users\Marianne\AppData\Roaming\Silhouette America 2018-01-03 13:16 - 2015-10-10 16:39 - 000000000 ____D C:\Program Files (x86)\MXGP 2017-12-30 15:17 - 2016-07-16 07:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-12-30 15:17 - 2015-01-13 20:06 - 000000000 ____D C:\ProgramData\Norton 2017-12-30 14:56 - 2015-02-18 11:18 - 000000000 ____D C:\ProgramData\AVAST Software 2017-12-30 14:43 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2017-12-30 14:43 - 2015-01-13 20:06 - 000000000 ____D C:\ProgramData\NortonInstaller 2017-12-30 14:25 - 2014-09-02 18:35 - 000000000 ____D C:\Program Files (x86)\AVG 2017-12-30 14:25 - 2013-12-29 11:51 - 000000000 ____D C:\ProgramData\AVG 2017-12-30 13:18 - 2017-10-11 11:38 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-12-30 13:18 - 2014-01-02 11:02 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-12-30 12:29 - 2017-01-18 16:46 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-30 09:55 - 2016-11-03 17:45 - 000000000 ____D C:\WINDOWS\Panther 2017-12-30 00:30 - 2017-09-29 18:24 - 000000000 ____D C:\Program Files\rempl 2017-12-30 00:28 - 2016-07-16 12:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-30 00:27 - 2016-07-16 12:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-12-30 00:18 - 2016-10-05 13:32 - 000002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2017-12-30 00:18 - 2016-10-05 13:21 - 000000000 ____D C:\Program Files\Microsoft Office 2017-12-30 00:18 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF 2017-12-30 00:06 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-29 23:18 - 2014-01-08 14:38 - 000000000 ____D C:\Users\Marianne\AppData\Local\ElevatedDiagnostics 2017-12-29 23:05 - 2017-04-12 15:00 - 000000000 ____D C:\WINDOWS\pss 2017-12-29 21:04 - 2017-05-05 11:26 - 000000252 _____ C:\Users\Marianne\AppData\LocalLow\rbxcsettings.rbx 2017-12-29 15:00 - 2017-01-18 15:50 - 000000000 ____D C:\Users\Marianne\Downloads\Re-Loader 2017-12-29 14:49 - 2013-12-28 20:18 - 000000000 ____D C:\Users\Marianne\Downloads\Film kinder 2017-12-29 14:48 - 2017-04-12 06:59 - 000000000 ____D C:\Users\Marianne\AppData\Roaming\spfc 2017-12-28 17:17 - 2016-09-23 04:00 - 000617112 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-12-28 17:06 - 2014-06-25 14:37 - 000000000 ____D C:\Users\Marianne\Zero G Registry 2017-12-28 17:06 - 2014-02-22 10:41 - 000000016 _____ C:\Users\Marianne\persistent_state 2017-12-28 16:57 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-12-28 16:57 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2017-12-28 16:53 - 2014-05-07 19:41 - 000000000 ____D C:\ProgramData\Freemake 2017-12-28 16:46 - 2014-01-07 20:14 - 000000000 ____D C:\AdwCleaner 2017-12-28 16:43 - 2015-11-03 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2017-12-28 16:43 - 2014-05-07 19:41 - 000000000 ____D C:\Program Files (x86)\Freemake 2017-12-28 16:42 - 2014-09-02 22:08 - 000000000 ____D C:\Users\Marianne\AppData\Local\AVG 2017-12-18 15:06 - 2016-01-03 21:30 - 000000000 ____D C:\ProgramData\F-Secure 2017-12-18 11:25 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\Registration 2017-12-18 11:23 - 2016-09-23 05:12 - 000057153 _____ C:\WINDOWS\diagwrn.xml 2017-12-18 11:23 - 2016-09-23 05:12 - 000057153 _____ C:\WINDOWS\diagerr.xml 2017-12-17 20:05 - 2016-09-23 04:10 - 000000000 ____D C:\Users\Sylvan 2017-12-15 19:38 - 2017-05-06 08:28 - 000000154 _____ C:\Users\Sylvan\AppData\LocalLow\rbxcsettings.rbx 2017-12-15 19:33 - 2017-05-06 08:28 - 000000000 ____D C:\Users\Sylvan\AppData\Local\Roblox 2017-12-15 11:29 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-15 11:22 - 2013-12-28 16:39 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-12-15 10:50 - 2013-12-29 10:24 - 000000000 ____D C:\Users\Marianne\AppData\Local\Adobe 2017-12-14 22:18 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\rescache 2017-12-14 18:55 - 2017-06-16 19:12 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-12-14 17:17 - 2014-01-24 09:26 - 000000000 ____D C:\Users\Sylvan\AppData\Local\CrashDumps 2017-12-14 17:04 - 2014-09-05 15:52 - 000000000 ____D C:\Users\Sylvan\AppData\Local\Google 2017-12-14 16:54 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-14 16:42 - 2016-01-30 23:46 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-14 16:42 - 2016-01-30 23:46 - 000002301 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-12-13 20:14 - 2017-05-06 08:28 - 000000000 ____D C:\Users\Sylvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-12-13 18:55 - 2016-09-23 04:10 - 000000000 ____D C:\Users\Kids 2017-12-13 18:55 - 2016-09-23 04:10 - 000000000 ____D C:\Users\Bennie 2017-12-13 12:49 - 2014-01-02 11:02 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-12-12 18:35 - 2016-09-23 04:10 - 000000000 ____D C:\Users\Yannick 2017-12-08 09:36 - 2016-11-18 11:54 - 000000000 ____D C:\Users\Marianne\AppData\Local\SnelStart 2017-12-08 09:34 - 2016-02-27 08:24 - 000000000 ____D C:\Users\Marianne\AppData\Local\SquirrelTemp 2017-12-06 20:30 - 2017-04-14 13:03 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-12-05 18:31 - 2014-01-04 11:29 - 000000000 ____D C:\Users\Marianne\AppData\Local\CrashDumps 2017-12-05 18:03 - 2015-12-21 22:07 - 000002435 _____ C:\Users\Sylvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-12-05 18:03 - 2015-12-21 22:07 - 000000000 ___RD C:\Users\Sylvan\OneDrive ==================== Bestanden in de root van sommige mappen ======= 1998-07-25 14:42 - 1998-07-25 14:42 - 000069632 _____ () C:\Program Files (x86)\3dfx_win.bdd 1998-10-18 16:24 - 1998-10-18 16:24 - 000101376 _____ () C:\Program Files (x86)\carma2.exe 1999-01-02 19:22 - 1999-01-02 19:22 - 002679808 _____ () C:\Program Files (x86)\CARMA2_HW.EXE 1998-12-04 16:05 - 1998-12-04 16:05 - 002679808 _____ () C:\Program Files (x86)\CARMA2_HW.icd 1999-01-02 20:00 - 1999-01-02 20:00 - 002656768 _____ () C:\Program Files (x86)\CARMA2_SW.EXE 1998-12-04 16:05 - 1998-12-04 16:05 - 002656768 _____ () C:\Program Files (x86)\CARMA2_SW.icd 1998-12-04 16:05 - 1998-12-04 16:05 - 000006592 _____ () C:\Program Files (x86)\clcd16.dll 1998-12-04 16:05 - 1998-12-04 16:05 - 000027648 _____ () C:\Program Files (x86)\clcd32.dll 1998-12-04 16:05 - 1998-12-04 16:05 - 000173568 _____ (C-Dilla Ltd) C:\Program Files (x86)\clokspl.exe 1998-12-04 13:24 - 1998-12-04 13:24 - 000120320 _____ () C:\Program Files (x86)\d3d.bdd 1998-06-13 08:49 - 1998-06-13 08:49 - 000017920 _____ () C:\Program Files (x86)\DDRAW.BDD 2009-01-24 16:35 - 2005-10-02 22:44 - 000003750 _____ () C:\Program Files (x86)\DGVESA.COM 2009-01-24 16:35 - 2005-10-02 23:06 - 000045056 _____ (SuckSoftware) C:\Program Files (x86)\dgVoodoo.exe 2009-01-24 16:35 - 2005-06-26 16:31 - 000012401 _____ () C:\Program Files (x86)\dgVoodoo.vxd 2009-01-24 16:35 - 2005-10-03 00:02 - 000139264 _____ (SuckSoftware) C:\Program Files (x86)\dgVoodooSetup.exe 1998-12-04 16:05 - 1998-12-04 16:05 - 000115712 _____ () C:\Program Files (x86)\dplayerx.dll 2009-01-24 16:35 - 2005-10-05 02:36 - 000188416 _____ (SuckSoftware) C:\Program Files (x86)\Glide.dll 2009-01-24 16:35 - 2005-10-02 22:41 - 000029412 _____ () C:\Program Files (x86)\glide2x.ovl 1998-07-24 18:48 - 1998-07-24 18:48 - 000069632 _____ () C:\Program Files (x86)\hardware_3dfx.bdd 1998-07-21 17:12 - 1998-07-21 17:12 - 000236544 _____ () C:\Program Files (x86)\hardware_d3d.bdd 2000-11-15 20:25 - 2000-11-15 20:25 - 000000766 _____ () C:\Program Files (x86)\Icon.ico 1997-10-03 11:26 - 1997-10-03 11:26 - 000075264 _____ () C:\Program Files (x86)\IFORCE2.dll 1998-06-13 08:47 - 1998-06-13 08:47 - 000008704 _____ () C:\Program Files (x86)\MCGA.BDD 2011-02-19 01:40 - 2011-02-19 01:40 - 000773968 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr100.dll 2009-01-24 16:35 - 2005-10-03 00:01 - 000042615 _____ () C:\Program Files (x86)\readme_eng.txt 2009-01-24 16:35 - 2005-10-03 00:17 - 000048492 _____ () C:\Program Files (x86)\readme_hun.txt 1998-06-13 08:48 - 1998-06-13 08:48 - 000137216 _____ () C:\Program Files (x86)\SFTIZFBF.BDD 1998-06-09 10:21 - 1998-06-09 10:21 - 000096256 _____ () C:\Program Files (x86)\SMACKW32.DLL 2009-01-31 02:48 - 2009-01-31 04:33 - 000003576 _____ () C:\Program Files (x86)\SoD Definitive Edition Readme.txt 1998-06-13 08:48 - 1998-06-13 08:48 - 000018432 _____ () C:\Program Files (x86)\SOFTB.BDD 1998-06-13 08:48 - 1998-06-13 08:48 - 000139776 _____ () C:\Program Files (x86)\SOFTD.BDD 1998-06-13 08:48 - 1998-06-13 08:48 - 000053248 _____ () C:\Program Files (x86)\SOFTHF.BDD 1998-06-13 08:48 - 1998-06-13 08:48 - 000100864 _____ () C:\Program Files (x86)\SOFTHZF.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000012288 _____ () C:\Program Files (x86)\SOFTI.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000103424 _____ () C:\Program Files (x86)\SOFTIF.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000013312 _____ () C:\Program Files (x86)\SOFTIZ.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000135168 _____ () C:\Program Files (x86)\SOFTIZBF.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000173568 _____ () C:\Program Files (x86)\SOFTIZF.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000142848 _____ () C:\Program Files (x86)\SOFTIZFF.BDD 1998-06-13 08:47 - 1998-06-13 08:47 - 000108544 _____ () C:\Program Files (x86)\SOFTPRMF.BDD 1998-06-13 08:48 - 1998-06-13 08:48 - 000031232 _____ () C:\Program Files (x86)\SOFTT.BDD 1998-06-13 08:48 - 1998-06-13 08:48 - 000034304 _____ () C:\Program Files (x86)\SOFTTZ.BDD 1999-08-17 15:33 - 1999-08-17 15:33 - 000441269 _____ () C:\Program Files (x86)\Uninst.isu 2014-08-17 09:48 - 2014-08-17 09:50 - 000419387 _____ () C:\Program Files (x86)\Uninstal.exe 1998-06-13 08:47 - 1998-06-13 08:47 - 000023552 _____ () C:\Program Files (x86)\VESA.BDD 2016-01-30 23:16 - 2016-06-06 19:31 - 000000034 _____ () C:\Users\Marianne\AppData\Roaming\AdobeWLCMCache.dat 2017-04-21 10:43 - 2017-04-21 10:43 - 000000872 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte2.xml 2017-07-20 20:52 - 2017-07-20 20:52 - 000000874 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte3.xml 2017-10-25 15:37 - 2017-10-25 15:37 - 000000873 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte4.xml 2016-07-31 16:33 - 2016-07-31 16:33 - 000001036 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte53.xml 2016-10-07 14:26 - 2016-10-07 14:26 - 000000968 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte54.xml 2017-01-31 21:37 - 2017-01-31 21:37 - 000001040 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte55.xml 2017-04-30 22:03 - 2017-04-30 22:03 - 000001071 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte56.xml 2017-07-31 13:33 - 2017-07-31 13:33 - 000000972 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte58.xml 2017-10-31 23:27 - 2017-10-31 23:27 - 000000966 _____ () C:\Users\Marianne\AppData\Roaming\BtwAangifte60.xml 2017-09-01 13:01 - 2017-09-01 13:01 - 000000008 _____ () C:\Users\Marianne\AppData\Roaming\com.silhouettesoftware.id 2016-02-21 20:47 - 2016-02-21 20:47 - 000022408 _____ () C:\Users\Marianne\AppData\Roaming\Door komma's gescheiden waarden.ADR 2014-02-18 15:16 - 2014-02-18 22:06 - 000099384 _____ () C:\Users\Marianne\AppData\Roaming\inst.exe 2014-02-18 15:16 - 2014-02-18 22:06 - 000007859 _____ () C:\Users\Marianne\AppData\Roaming\pcouffin.cat 2014-02-18 15:16 - 2014-02-18 22:06 - 000001167 _____ () C:\Users\Marianne\AppData\Roaming\pcouffin.inf 2014-02-18 15:16 - 2014-02-18 22:06 - 000000055 _____ () C:\Users\Marianne\AppData\Roaming\pcouffin.log 2014-02-18 15:16 - 2014-02-18 22:06 - 000082816 _____ (VSO Software) C:\Users\Marianne\AppData\Roaming\pcouffin.sys 2014-08-15 12:42 - 2014-08-07 17:06 - 000632235 _____ () C:\Users\Marianne\AppData\Local\meta.txt 2016-06-14 08:42 - 2016-06-14 08:42 - 000000775 _____ () C:\Users\Marianne\AppData\Local\recently-used.xbel 2017-12-15 11:18 - 2017-12-15 11:18 - 000000017 _____ () C:\Users\Marianne\AppData\Local\resmon.resmoncfg 2017-02-07 20:43 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\Marianne\AppData\Local\TroubleshooterConfig.json 2016-11-21 08:45 - 2016-11-21 08:45 - 000000000 _____ () C:\Users\Marianne\AppData\Local\{845AF893-682C-431D-AB57-B2631F188235} Sommige bestanden in TEMP: ==================== 2017-04-18 16:12 - 2017-04-18 16:12 - 011583584 _____ (SurfRight B.V.) C:\Users\Marianne\AppData\Local\Temp\HitmanPro_x64.exe 2017-12-18 15:46 - 2017-12-18 15:46 - 002455584 _____ (Kaspersky Lab) C:\Users\Marianne\AppData\Local\Temp\kis_setup.exe 2017-07-12 08:47 - 2017-07-30 17:54 - 007786496 _____ () C:\Users\Marianne\AppData\Local\Temp\vlc-2.2.6-win32.exe 2017-07-30 18:39 - 2017-07-30 18:39 - 049533288 _____ (Sony) C:\Users\Marianne\AppData\Local\Temp\xcs5C52.tmp.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-12-02 09:42 ==================== Eind van FRST.txt ============================