start CreateRestorePoint: ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Geen bestand ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Geen bestand Task: {3851A7A4-128A-46BB-B0D8-8232E3768143} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT Task: {8D1859EA-E29E-4FAB-B4DA-BD527565B54E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT 2018-11-17 09:57 - 2018-11-17 09:57 - 000113664 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_ctypes.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000080896 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\bz2.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001792512 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_hashlib.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000128512 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32api.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000137728 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\pywintypes27.dll 2018-11-17 09:57 - 2018-11-17 09:57 - 000548864 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\pythoncom27.dll 2018-11-17 09:57 - 2018-11-17 09:57 - 000689664 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\unicodedata.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000438784 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32com.shell.shell.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001489408 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._core_.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001007104 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._gdi_.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001039872 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._windows_.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001325056 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._controls_.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000916992 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._misc_.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 001084416 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\pysqlite2._sqlite.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000149504 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32file.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000136192 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32security.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000007680 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\hashobjs_ext.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000020992 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\thumbnails_ext.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000118784 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\usb_ext.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000047616 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_socket.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 002224640 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_ssl.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000014848 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\common.time34.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000023040 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32event.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000034304 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows.conditional.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000020480 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows.winwrap.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000110080 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows.volumes.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000223232 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32gui.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000173568 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_elementtree.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000169472 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\pyexpat.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000048128 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32inet.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000103424 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\wx._html2.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000046080 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_psutil_windows.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000633272 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows._cacheinvalidation.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000011776 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32crypt.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000301568 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\PIL._imaging.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000032256 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_multiprocessing.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 005752320 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\cello.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000026112 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\_yappi.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000044032 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32process.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000027648 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32pipe.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000010752 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\select.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000029696 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32pdh.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000038400 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows.connectivity.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000073216 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\windows.device_monitor.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000020480 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32profile.pyd 2018-11-17 09:57 - 2018-11-17 09:57 - 000026624 _____ () C:\Users\Rudi\AppData\Local\Temp\_MEI101642\win32ts.pyd FirewallRules: [{F98E4AEE-3279-4514-AF77-20693AC26945}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{5C31EB80-05FC-4804-8369-7F3A6F931CF6}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\Popcorn Time (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe HKU\S-1-5-21-1110841881-1274814628-13942943-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-1110841881-1274814628-13942943-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1004730&geo=BE&ver=22.11.0.41&locale=nl_BE&guid=D2057D4B-90B8-491B-9A7E-689E5BA8F538&doi=2016-09-01&gct=kwd&qsrc=2869 CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908 CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2017-10-17] (Popcorn Time) [Bestand niet getekend] EmptyTemp: end