Welkom op ons forum!

Heb je een computerprobleem of een algemene vraag? Registreer een account op het forum, wij helpen je dan graag verder om het probleem vakkundig op te lossen.

Plaats reactie
Gebruikersavatar
Eric
Site Admin
Berichten: 3069
Lid geworden op: 13 apr 2005 15:54
Contacteer: Website

Top dan lijken de infecties weg, verder nog problemen?
****Afbeelding****
Doneren kan hier :wink:
traagheidtips
Dit is geen link, erop klikken is zinloos.
Hitmanpro"Alert"
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Goede middag Eric,

Nee het lijkt erop dat ie wel ietsje sneller is. alleen wat ik wel vreemd vind is dat ik eergisteren een nieuw hotmail-adres had aangemaakt, met een stevig wachtwoord, en dat ik gister wilde inloggen, ik een bericht kreeg van Microsoft dat dat email-adres door hun was geblokkeerd omdat er vanaf dat adres veel spam was verstuurd etc. Via een code naar mijn mobiele nummer kon ik er weer in en een nieuw wachtwoord aanmaken...
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Maar iig heel hartelijk bedankt voor je hulp! Ik zou eigenlijk wel eens een keer mijn hele pc opnieuw willen installeren met de herstel dvd of de herstelpartitie op de D schijf, maar dat wil maar niet lukken omdat ik iedere keer een foutmelding krijg.

Mvg, Willem
Gebruikersavatar
Eric
Site Admin
Berichten: 3069
Lid geworden op: 13 apr 2005 15:54
Contacteer: Website

Je kreeg een bericht van Microsoft ?

Dat is wel heel raar, wil je met onderstaand tooltje nog eens een nieuw logje maken ?
Download OTL naar je Bureaublad
  • Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
  • Zet een vinkje bij Scan All Users.
  • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
    • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
    • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.
****Afbeelding****
Doneren kan hier :wink:
traagheidtips
Dit is geen link, erop klikken is zinloos.
Hitmanpro"Alert"
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Hoi Eric,

Ja het bericht van Microsoft kreeg ik op het moment dat ik dus probeerde in te loggen op hotmail.com (online inloggen)
Zojuist een mailtje verstuurd van mijn vaste ziggo mailaccount ( mozilla thunderbird) en moest ik mijn wachtwoord weer opnieuw invullen :roll:

Maar goed, hierbij de twee logjes van OTL:

OTL logfile created on: 12/4/2017 4:31:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.99 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.56% Memory free
7.98 Gb Paging File | 5.94 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.26 Gb Total Space | 186.59 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive D: | 12.74 Gb Total Space | 4.72 Gb Free Space | 37.04% Space Free | Partition Type: NTFS
Drive E: | 546.00 Gb Total Space | 466.46 Gb Free Space | 85.43% Space Free | Partition Type: NTFS
Drive F: | 551.26 Gb Total Space | 433.40 Gb Free Space | 78.62% Space Free | Partition Type: NTFS

Computer Name: WILLEM-PC | User Name: Willem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2017/12/04 16:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Willem\Desktop\OTL.com
PRC - [2017/12/04 01:02:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2017/11/26 19:46:46 | 000,595,752 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
PRC - [2017/11/26 19:45:40 | 000,334,632 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
PRC - [2017/11/01 09:09:30 | 003,458,504 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017/09/27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2017/08/23 11:51:32 | 002,257,016 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
PRC - [2017/01/24 18:57:40 | 000,354,672 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
PRC - [2017/01/24 18:57:38 | 000,354,672 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
PRC - [2014/12/13 01:13:07 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/12/13 01:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2017/11/01 09:07:08 | 006,234,056 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2017/09/16 18:55:56 | 000,462,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV:64bit: - [2017/03/16 13:18:10 | 000,173,472 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2016/08/22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2014/12/13 01:13:04 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/12/13 01:13:03 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2017/12/04 01:02:24 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2017/11/26 19:45:47 | 000,426,416 | ---- | M] (AO Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe -- (klvssbridge64_18.0.0)
SRV - [2017/11/17 15:15:21 | 000,194,000 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/11/15 13:22:51 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/09/27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017/08/23 11:51:32 | 002,257,016 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2017/07/18 09:35:52 | 000,317,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2017/03/26 19:33:36 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017/01/24 18:57:40 | 000,354,672 | ---- | M] (AO Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe -- (KSDE2.0.0)
SRV - [2017/01/24 18:57:38 | 000,354,672 | ---- | M] (AO Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe -- (AVP18.0.0)
SRV - [2016/02/02 13:45:52 | 001,570,520 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2016/02/02 13:45:52 | 000,837,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2015/07/23 17:25:50 | 000,358,400 | ---- | M] (Disconnect) [On_Demand | Stopped] -- C:\Users\Willem\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe -- (Disconnect Desktop Updater)
SRV - [2014/12/13 01:13:04 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/08/31 07:34:30 | 000,338,944 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Willem\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe -- (disconnect-openvpn)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2006/12/11 21:16:32 | 000,064,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/12/11 21:16:28 | 000,301,816 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2017/12/04 16:28:21 | 000,084,256 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2017/12/04 16:23:16 | 000,110,016 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2017/12/04 16:23:15 | 000,046,008 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2017/12/04 16:23:09 | 000,253,880 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017/12/01 22:44:58 | 000,193,464 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017/11/26 19:45:08 | 001,071,832 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2017/11/26 19:45:08 | 000,350,944 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2017/11/26 19:45:08 | 000,206,040 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2017/11/01 08:54:56 | 000,077,432 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2017/10/15 13:40:42 | 000,199,360 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2017/10/15 13:40:42 | 000,137,200 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:64bit: - [2017/10/15 13:40:42 | 000,091,352 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klbackupflt.sys -- (klbackupflt)
DRV:64bit: - [2017/10/15 13:40:42 | 000,081,904 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2017/10/15 13:40:42 | 000,070,872 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbackupdisk.sys -- (klbackupdisk)
DRV:64bit: - [2017/10/15 13:40:42 | 000,050,672 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2017/10/12 15:45:01 | 000,048,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2017/10/12 15:44:43 | 000,218,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2017/10/12 15:44:14 | 000,420,832 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2017/10/12 15:42:51 | 000,032,840 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETDSMBus.sys -- (ETDSMBus)
DRV:64bit: - [2016/12/26 20:27:10 | 000,247,008 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km.sys -- (cm_km)
DRV:64bit: - [2016/12/23 09:19:30 | 000,057,568 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2016/12/07 09:38:46 | 000,058,592 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2016/10/11 14:14:28 | 000,057,936 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2016/10/01 02:26:00 | 000,554,408 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2016/08/02 00:30:41 | 000,043,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\voxaldriverx64.sys -- (voxaldriver)
DRV:64bit: - [2016/06/07 01:31:06 | 000,052,152 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kltap.sys -- (kltap)
DRV:64bit: - [2016/05/31 23:24:06 | 000,078,216 | ---- | M] (AO Kaspersky Lab) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2016/02/02 13:45:52 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2015/01/26 08:23:56 | 000,037,376 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2015/01/26 08:22:42 | 000,030,720 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2015/01/21 12:59:56 | 000,093,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2014/12/13 01:13:03 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/11/05 14:16:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/03 11:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/12/09 10:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 10:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008/02/22 17:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2007/08/11 05:28:12 | 000,154,296 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/03/13 15:13:54 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/03/13 15:13:44 | 000,137,080 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/03/13 15:13:44 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/03/13 15:13:42 | 000,143,736 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/03/13 15:13:42 | 000,034,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/03/13 15:13:40 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/03/13 15:13:38 | 000,142,200 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/03/13 15:13:38 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/03/12 00:25:30 | 000,123,992 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/02/09 11:34:18 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2007/02/08 19:05:36 | 000,039,160 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/02/08 19:05:36 | 000,015,864 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2006/12/14 01:50:22 | 000,165,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)
DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2006/12/04 10:44:14 | 000,090,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2006/12/04 10:44:14 | 000,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2006/12/02 11:21:14 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RxFilter.sys -- (RxFilter)
DRV - [2017/10/12 12:54:25 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2017/05/14 19:42:04 | 000,507,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/12/02 11:21:14 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/11 01:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\thdudf.sys -- (thdudf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,IE11UpgradePageShownTime = B7 87 68 3D 9A 67 D3 01 [binary data]
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.youtube.com/?hl=nl&gl=NL
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 31 E3 59 18 24 D2 01 [binary data]
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 8A 09 C7 91 54 65 D3 01 [binary data]
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-988884293-481040293-1301920293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.151.2: C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2: C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\jpl.nasa.gov/NASAEyes: C:\Users\Willem\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com: C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 18.0.0\FFEXT\LIGHT_PLUGIN_FIREFOX\ADDON.XPI [2017/11/26 19:45:40 | 000,169,074 | ---- | M] ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017/11/26 19:45:40 | 000,169,074 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: install
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2015/09/18 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\Extensions
[2015/09/18 12:03:23 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Willem\AppData\Roaming\mozilla\Extensions\2.0@disconnect.me
[2017/11/17 15:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\SystemExtensionsDev
[2017/11/26 23:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\Firefox\Profiles\kox33jlm.default-1497482052048-1508069063320\browser-extension-data
[2017/11/26 23:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\Firefox\Profiles\kox33jlm.default-1497482052048-1508069063320\browser-extension-data\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com
[2017/10/19 17:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\Firefox\Profiles\kox33jlm.default-1497482052048-1508069063320\browser-extension-data\screenshots@mozilla.org
[2017/12/02 01:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\Firefox\Profiles\kox33jlm.default-1497482052048-1508069063320\extensions
[2017/11/26 20:32:00 | 000,005,507 | ---- | M] () (No name found) -- C:\Users\Willem\AppData\Roaming\mozilla\firefox\profiles\kox33jlm.default-1497482052048-1508069063320\features\{d89b69b7-78ee-4a44-99a7-58ab32443031}\disable-media-wmf-nv12@mozilla.org.xpi

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1.1_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk\2.0.14_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.23_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\10.2.0.9950_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6217.911.0.5_0\

O1 HOSTS File: ([2017/11/25 01:51:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Kaspersky Protection) - {0E2877D3-2641-4970-B794-A553E295428D} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ieext\ie_plugin.dll (AO Kaspersky Lab)
O2:64bit: - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Eyeo GmbH)
O2 - BHO: (Kaspersky Protection) - {0E2877D3-2641-4970-B794-A553E295428D} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\ieext\ie_plugin.dll (AO Kaspersky Lab)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Kaspersky Protection Toolbar) - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ieext\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Kaspersky Protection Toolbar) - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\ieext\ie_plugin.dll (AO Kaspersky Lab)
O3:64bit: - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\Toolbar\WebBrowser: (Kaspersky Protection Toolbar) - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ieext\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..\Toolbar\WebBrowser: (Kaspersky Protection Toolbar) - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\ieext\ie_plugin.dll (AO Kaspersky Lab)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-988884293-481040293-1301920293-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-21-988884293-481040293-1301920293-1000\..Trusted Domains: localhost ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 11.151.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Java Plug-in 11.151.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.116.46.20 84.116.46.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B633C9D7-346C-4211-A5E7-505F751300C3}: DhcpNameServer = 84.116.46.20 84.116.46.21
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2068/04/24 20:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\0000000000000.0x0
[2061/11/19 01:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0000000000000.0x0
[2017/12/04 16:29:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Willem\Desktop\OTL.com
[2017/12/04 12:22:01 | 000,084,256 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017/12/03 14:07:05 | 000,000,000 | ---D | C] -- C:\Users\Willem\Documents\BFBC2
[2017/12/03 13:05:44 | 000,000,000 | ---D | C] -- C:\Users\Willem\Desktop\Nieuwe map
[2017/12/03 01:34:42 | 000,110,016 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017/12/02 08:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2017/12/02 07:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2017/12/01 21:26:30 | 000,193,464 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2017/12/01 21:26:23 | 000,046,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/12/01 21:26:20 | 000,253,880 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2017/12/01 19:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2017/12/01 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2017/11/30 00:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/11/30 00:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/11/29 15:11:40 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2017/11/29 13:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2017/11/27 15:52:15 | 000,000,000 | ---D | C] -- C:\FRST
[2017/11/26 22:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2017/11/26 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Willem\AppData\Local\Kaspersky Lab
[2017/11/26 19:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[2017/11/26 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017/11/26 19:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
[2017/11/26 19:45:47 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2017/11/26 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2017/11/26 19:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2017/11/26 19:45:08 | 001,071,832 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2017/11/26 19:45:08 | 000,350,944 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klhk.sys
[2017/11/26 19:45:08 | 000,206,040 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2017/11/26 19:45:08 | 000,149,304 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\klhkum.dll
[2017/11/26 19:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2017/11/26 13:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2017/11/26 12:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender Agent
[2017/11/25 01:58:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2017/11/25 01:56:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/11/25 00:55:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2017/11/25 00:55:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2017/11/25 00:55:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2017/11/25 00:54:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2017/11/25 00:52:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2017/11/16 00:21:11 | 000,000,000 | ---D | C] -- C:\Users\Willem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015/02/20 14:35:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Willem\AppData\Roaming\pcouffin.sys
[8 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017/12/04 16:31:22 | 000,027,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/12/04 16:31:22 | 000,027,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/12/04 16:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Willem\Desktop\OTL.com
[2017/12/04 16:28:21 | 000,084,256 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017/12/04 16:25:56 | 001,694,480 | ---- | M] () -- C:\Users\Willem\Desktop\Unive_Collectief_0725277622_2017_12_04_15_27_03_[1].3gp
[2017/12/04 16:23:16 | 000,110,016 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017/12/04 16:23:15 | 000,046,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/12/04 16:23:09 | 000,253,880 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2017/12/04 16:22:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/12/04 02:16:30 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-988884293-481040293-1301920293-1000UA.job
[2017/12/04 01:02:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2017/12/04 01:02:16 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2017/12/04 01:02:16 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2017/12/03 13:33:26 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2017/12/03 13:32:36 | 000,000,232 | ---- | M] () -- C:\Users\Willem\Desktop\Battlefield Bad Company™ 2.lnk
[2017/12/03 13:16:02 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-988884293-481040293-1301920293-1000Core.job
[2017/12/01 22:44:58 | 000,193,464 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2017/12/01 21:23:06 | 000,024,576 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2017/12/01 20:24:02 | 001,671,088 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/12/01 20:24:02 | 000,745,794 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2017/12/01 20:24:02 | 000,654,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/12/01 20:24:02 | 000,153,746 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2017/12/01 20:24:02 | 000,122,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/11/28 15:54:44 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2017/11/27 17:19:32 | 000,001,432 | ---- | M] () -- C:\Users\Willem\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/11/26 19:45:08 | 001,071,832 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2017/11/26 19:45:08 | 000,350,944 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klhk.sys
[2017/11/26 19:45:08 | 000,206,040 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2017/11/26 19:45:08 | 000,149,304 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\klhkum.dll
[2017/11/26 19:39:41 | 000,030,402 | ---- | M] () -- C:\ProgramData\agent.uninstall.1511721578.bdinstall.bin
[2017/11/26 12:54:48 | 000,030,898 | ---- | M] () -- C:\ProgramData\agent.update.1511697280.bdinstall.bin
[2017/11/26 12:40:50 | 000,049,678 | ---- | M] () -- C:\ProgramData\agent.1511696440.bdinstall.bin
[2017/11/25 02:02:49 | 000,001,771 | ---- | M] () -- C:\Users\Public\Desktop\Stellarium.lnk
[2017/11/25 01:51:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2017/11/24 23:17:43 | 000,453,746 | R--- | M] () -- C:\Windows\hosts.20171124-231807.backup
[2017/11/18 01:03:34 | 000,618,672 | ---- | M] () -- C:\Users\Willem\AppData\Local\rx_image.Cache
[2017/11/18 01:03:33 | 000,042,160 | ---- | M] () -- C:\Users\Willem\AppData\Local\rx_audio.Cache
[2017/11/15 13:11:47 | 000,353,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/12/04 16:25:51 | 001,694,480 | ---- | C] () -- C:\Users\Willem\Desktop\Unive_Collectief_0725277622_2017_12_04_15_27_03_[1].3gp
[2017/12/03 13:32:36 | 000,000,232 | ---- | C] () -- C:\Users\Willem\Desktop\Battlefield Bad Company™ 2.lnk
[2017/11/30 00:29:12 | 000,077,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017/11/29 13:54:05 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017/11/27 17:19:31 | 000,001,404 | ---- | C] () -- C:\Users\Willem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2017/11/26 19:39:41 | 000,030,402 | ---- | C] () -- C:\ProgramData\agent.uninstall.1511721578.bdinstall.bin
[2017/11/26 12:54:48 | 000,030,898 | ---- | C] () -- C:\ProgramData\agent.update.1511697280.bdinstall.bin
[2017/11/26 12:40:50 | 000,049,678 | ---- | C] () -- C:\ProgramData\agent.1511696440.bdinstall.bin
[2017/11/25 00:55:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2017/11/25 00:55:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2017/11/25 00:55:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2017/11/25 00:55:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2017/11/25 00:55:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2017/11/24 23:18:07 | 000,453,746 | R--- | C] () -- C:\Windows\hosts.20171124-231807.backup
[2017/11/18 01:03:23 | 000,618,672 | ---- | C] () -- C:\Users\Willem\AppData\Local\rx_image.Cache
[2017/10/31 00:04:08 | 000,001,413 | ---- | C] () -- C:\Users\Willem\.bordermaker.cfg
[2017/10/12 13:09:35 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2017/08/09 11:51:35 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2016/12/01 00:46:28 | 000,000,000 | ---- | C] () -- C:\Users\Willem\AppData\Local\{9DA7DD74-5B0E-4CAA-B44C-D0904BDCC425}
[2016/09/15 00:46:52 | 000,042,160 | ---- | C] () -- C:\Users\Willem\AppData\Local\rx_audio.Cache
[2016/08/25 21:46:29 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/04/29 00:43:06 | 000,000,259 | ---- | C] () -- C:\Windows\SysWow64\drivers\vwifikerneldrv.sys
[2016/04/29 00:43:06 | 000,000,259 | ---- | C] () -- C:\ProgramData\fontcacheev1.dat
[2015/11/26 23:35:42 | 000,001,075 | ---- | C] () -- C:\Users\Willem\Documenten - Snelkoppeling.lnk
[2015/02/20 14:35:13 | 000,007,859 | ---- | C] () -- C:\Users\Willem\AppData\Roaming\pcouffin.cat
[2015/02/20 14:35:13 | 000,001,167 | ---- | C] () -- C:\Users\Willem\AppData\Roaming\pcouffin.inf
[2015/01/03 00:36:05 | 000,000,000 | ---- | C] () -- C:\Users\Willem\AppData\Local\{4C845A54-6BF9-4737-8576-E2E7BCDA2224}
[2014/10/22 23:34:53 | 000,009,728 | ---- | C] () -- C:\Users\Willem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/21 23:46:01 | 000,007,648 | ---- | C] () -- C:\Users\Willem\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/15 16:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/15 16:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/04/29 00:07:59 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\abelhadigital.com
[2014/12/10 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Anthropics
[2015/05/15 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Anvsoft
[2016/09/15 00:50:51 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Apowersoft
[2014/12/04 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Ashampoo
[2015/08/05 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\AVG
[2017/06/27 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Azureus
[2017/10/01 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Belastingdienst
[2014/10/24 18:46:16 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\calibre
[2015/03/20 02:18:19 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Configuration
[2015/09/18 12:03:17 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Disconnect
[2017/10/19 18:05:19 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\discord
[2015/02/18 03:04:40 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\dlg
[2014/11/12 15:10:41 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Downloaded Installations
[2017/11/16 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Dropbox
[2017/06/16 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\DVDVideoSoft
[2017/08/20 02:07:00 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Easypano Panoweaver
[2014/12/14 15:04:20 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\EncryptDrop
[2015/09/24 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\EncryptStick
[2016/07/07 02:07:35 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\EPSON
[2017/10/08 02:23:46 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Fighters
[2015/10/04 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\I2P
[2017/11/25 01:21:35 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\IObit
[2017/09/02 23:33:25 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\JAM Software
[2016/08/15 00:08:27 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\JPL-NASA-Caltech
[2015/06/19 01:57:24 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\KLS Soft
[2014/10/23 02:30:37 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\LG Electronics
[2016/04/29 00:32:51 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\MediaMonkey
[2017/10/10 12:18:17 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Millisecond Software
[2017/10/15 22:09:09 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\MPC-HC
[2014/10/22 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\OpenOffice
[2015/06/02 00:12:49 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Opera Software
[2014/10/28 00:46:49 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\PowerISO
[2017/12/03 03:39:01 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\qBittorrent
[2016/12/19 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\QuickScan
[2015/02/01 21:43:12 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\raidcall
[2014/10/20 09:23:01 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\SampleView
[2017/11/24 23:02:42 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Stellarium
[2017/05/14 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\TeamViewer
[2017/04/01 00:49:57 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Thunderbird
[2014/10/31 02:46:53 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Ulead Systems
[2014/12/21 13:52:42 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\uTorrent
[2015/09/05 00:00:46 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\VoipConnect
[2017/03/16 12:44:09 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Vso
[2014/10/20 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\Willem\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Documents\BFBC2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Desktop\Unive_Collectief_0725277622_2017_12_04_15_27_03_[1].3gp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Desktop\Onderhoud en Beveiliging:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Desktop\Nieuwe map:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Desktop\Fotografie en Video:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Willem\Desktop\.picasaoriginals:Roxio EMC Stream
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:58D8F144

< End of report >
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

OTL Extras logfile created on: 12/4/2017 4:31:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.99 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.56% Memory free
7.98 Gb Paging File | 5.94 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.26 Gb Total Space | 186.59 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive D: | 12.74 Gb Total Space | 4.72 Gb Free Space | 37.04% Space Free | Partition Type: NTFS
Drive E: | 546.00 Gb Total Space | 466.46 Gb Free Space | 85.43% Space Free | Partition Type: NTFS
Drive F: | 551.26 Gb Total Space | 433.40 Gb Free Space | 78.62% Space Free | Partition Type: NTFS

Computer Name: WILLEM-PC | User Name: Willem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" (FastStone Soft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Pro X5] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" (FastStone Soft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Pro X5] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A5E1984-56EF-460C-94E2-67067AA44614}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{AF063F48-965B-471A-9506-BAEF1C0E68E7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029FFA48-D3C4-4D36-A4A6-8C944A717DCC}" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"{2E61CB97-3315-4CB5-8CE8-F538688E5255}" = dir=out | app=c:\program files (x86)\iobit\driver booster\5.0.3\dbdownloader.exe |
"{348230DD-D42C-43A4-BBDB-E2AB6658F0BC}" = dir=in | app=c:\program files (x86)\iobit\driver booster\5.0.3\driverbooster.exe |
"{439D58B0-9D8E-4A2A-BBD8-1C3C0C6177B5}" = dir=in | app=c:\program files (x86)\iobit\driver booster\5.0.3\dbdownloader.exe |
"{43F4B7BC-B430-4569-91FE-582910C6B9F3}" = dir=out | app=c:\program files (x86)\iobit\driver booster\5.0.3\driverbooster.exe |
"{476A56C1-913E-4EF4-9749-04D612821420}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{47B0B9F5-9A61-4E8E-9FA8-9F1B86D91CFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{53881284-2E5A-4FFA-B5ED-A68F4377D5FB}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{6E37031C-C209-40E1-9423-BDB2EF06C61D}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{6F84CFA1-AACE-4FF8-AB89-7024D1DAAA24}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7570DDBA-2CEF-4DAF-BB5D-347FCE32595C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78E8F2C3-7BE6-407E-A051-7D7F63E88F5D}" = dir=in | app=c:\program files (x86)\iobit\driver booster\5.0.3\autoupdate.exe |
"{7AB6C177-0A23-4DAC-8005-DAF34A2570EF}" = dir=out | app=c:\program files (x86)\apowersoft\apowersoft free screen recorder\apowersoft free screen recorder.exe |
"{916DD370-06E1-48C8-AF0F-AD29B0117679}" = dir=in | app=c:\program files (x86)\apowersoft\apowersoft free screen recorder\apowersoft free screen recorder.exe |
"{A1B5F8A4-1273-4924-B150-090307F82A00}" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe |
"{C6BF0B94-FA0F-467A-BD28-E5D756E94D02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C84FC286-7873-4EE2-9ECA-62EBD654838A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EF8B8085-CE86-42FC-9D7C-EFDC7B7667BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F85FEF4F-E443-48C3-ACC5-22C6EE1D766A}" = dir=out | app=c:\program files (x86)\iobit\driver booster\5.0.3\autoupdate.exe |
"TCP Query User{1F5A4C7B-8F9E-4BD6-820A-AF297B185E3B}C:\program files (x86)\lg electronics\lg pc suite\smartsharera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lg electronics\lg pc suite\smartsharera.exe |
"TCP Query User{2D1523AF-43A7-4CB6-8F87-0D847D33CB48}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{3A28498A-B055-44B9-8F0A-3F4A2126406D}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{A78FCF63-3249-48C6-890C-0126CE58B8A6}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe |
"TCP Query User{C076DAA0-87B2-4CA4-B7EB-07F875004166}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{D87C8760-098A-4006-BC23-540610FD51B5}C:\users\willem\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\willem\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1232A394-2B1D-4DD7-A4D5-F48468EF6470}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{45716D34-25A1-412A-9412-8EE5FCF87CAE}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{92E785AC-92E9-4F5F-94F3-26A98768E1BE}C:\users\willem\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\willem\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C37E30F6-C685-4C14-9AD0-DFE8F7630A4E}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe |
"UDP Query User{C38C4979-C488-494A-AF20-3DA373BCE19C}C:\program files (x86)\lg electronics\lg pc suite\smartsharera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lg electronics\lg pc suite\smartsharera.exe |
"UDP Query User{D5A944C2-6056-46C8-86FE-A51D1F753594}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.6
"{1035F889-15FF-4BC0-942E-750D8D67DC9C}" = Eraser 6.2.0.2960
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{1C7AF7AC-821B-456B-9698-EB0A11A02252}" = Google Analytics Opt-out Browser Add-on
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{2B2310B1-FBC0-4933-8C73-1CBAD0D7CA28}" = Adblock Plus voor IE (32-bit en 64-bit)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes versie 3.3.1.2183
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{77AABD3D-21CB-4693-9531-4F1F28A9B94B}" = calibre 64bit
"{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89BDEF91-C2C1-382A-91EA-4EE2BDCCCD97}" = Microsoft .NET Framework 4.6.1 (FRA)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}" = Image Composite Editor
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AAC5C889-B75D-3368-BC63-CB660DE44C66}" = Microsoft .NET Framework 4.6.1 (DEU)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 385.69
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision controllerstuurprogramma 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio-stuurprogramma 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C0BBE7A6-585C-34DA-88BB-4B39633EB9FD}" = Microsoft .NET Framework 4.6.1 (NLD)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"8461-7759-5462-8226" = Vuze
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-printersoftware
"Mozilla Firefox 57.0 (x64 nl)" = Mozilla Firefox 57.0 (x64 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recuva" = Recuva
"SmartPhotoEditor1_is1" = Smart Photo Editor
"Speccy" = Speccy
"Stellarium_is1" = Stellarium 0.15.0
"WinRAR archiver" = WinRAR 5.50 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8}" = Windows 7 Upgrade Advisor
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B905A9B-EB74-4C70-B81B-5F446C178566}" = Windows Live Essentials
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24a5c90b-5128-4fc9-91f5-113d64087118}_is1" = Apowersoft Gratis Schermrecorder versie 3.0.8
"{25A60C59-0FDC-4D73-81F4-D4A6D4E0CB92}" = Adobe AIR
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.8
"{26A24AE4-039D-4CA4-87B4-2F32180151F0}" = Java 8 Update 151
"{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}" = Windows Live UX Platform Language Pack
"{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3706BA4B-3197-49D0-8159-40585BF853FB}" = OpenOffice 4.1.1 Language Pack (Dutch)
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}" = Skype™ 7.40
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = PC Angel (tm) Recovery Installer
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5339EADE-2D0C-4F66-95CE-0502F8DE2BEF}" = Disconnect Desktop
"{59DB38EB-F864-4E10-841D-38CFBCF864B0}" = Intel(R) Driver Update Utility 2.0
"{5AAE61FF-858E-453E-B8F3-944618149975}" = Kaspersky Total Security
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{683100FE-EDF8-403B-A234-B3EBEAF7BC82}" = Roxio Creator 9 XE
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}" = Adobe Lightroom
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8409c4f7-2340-4933-a304-5d37db4fb48b}" = Intel® Driver Update Utility
"{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}" = Skype Click to Call
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
"{90850413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.14.5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-00AF-0413-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A20BB10-551A-4D13-AB25-3A67EE3F600C}" = OpenOffice 4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A42E862-190F-4F05-ABFB-CC7D6718426D}" = floaters v2.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824245926}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1043-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Nederlands
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C3538BF4-735B-45F3-B09E-C541A007E4E8}" = Photo Common
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918
"{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}" = Movie Maker
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{E2D8F773-2E59-45CA-B0EA-CFFA5354A9E7}" = Adobe Photoshop Elements 15
"{ECF2E224-42F5-4E50-B58E-94CA70E85697}" = Google Earth Pro
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F33C0717-8E04-4EB5-90C8-47221287DB4F}" = Kaspersky Secure Connection
"{F4DEB840-B638-4BCE-AC6B-057EF31E0012}" = Photo Gallery
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 27 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 27 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 27 PPAPI
"Any Video Converter_is1" = Any Video Converter 5.7.9
"AV Stumpfl Wings (V 5.20.4)" = AV Stumpfl Wings
"BorderMaker" = BorderMaker
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Driver Booster_is1" = Driver Booster 5
"DVD Shrink_is1" = DVD Shrink 3.2
"Dynamic-Photo HDR 5_is1" = Dynamic-Photo HDR 5
"EncryptDrop_Free_is1" = EncryptDrop Free Edition
"EPSON Scanner" = EPSON Scan
"FastStone Image Viewer" = FastStone Image Viewer 5.2
"FastStone Photo Resizer" = FastStone Photo Resizer 3.6
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}" = Kaspersky Total Security
"InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}" = Kaspersky Secure Connection
"IsoBuster_is1" = IsoBuster 3.8
"LG PC Suite" = LG PC Suite
"Light Artist_is1" = Light Artist 1.5
"MAGIX Photo Clinic 4.5 US" = MAGIX Photo Clinic 4.5 (US)
"Mozilla Thunderbird 52.5.0 (x86 nl)" = Mozilla Thunderbird 52.5.0 (x86 nl)
"Nik Collection" = Nik Collection
"Picasa 3" = Picasa 3
"PortraitProfessional11_is1" = Portrait Professional 11.2
"PowerISO" = PowerISO
"PrivaZer" = PrivaZer
"PunkBusterSvc" = PunkBuster Services
"qBittorrent" = qBittorrent 3.3.16
"Secunia PSI" = Secunia PSI (3.0.0.11005)
"SightSpeed" = SightSpeed (remove only)
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz BW Effects 2" = Topaz B&W Effects
"Topaz Clarity" = Topaz Clarity
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 3" = Topaz Detail 3
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz InFocus" = Topaz InFocus
"Topaz Lens Effects" = Topaz Lens Effects
"Topaz ReMask 4" = Topaz ReMask 4
"Topaz ReStyle" = Topaz ReStyle
"Topaz Simplify 4" = Topaz Simplify 4
"Topaz Star Effects" = Topaz Star Effects
"VLC media player" = VLC media player
"VoipConnect_is1" = VoipConnect
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Editor_is1" = Wondershare Video Editor(Build 4.8.0)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-988884293-481040293-1301920293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Disconnect Desktop 2.0.5" = Disconnect Desktop
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2017 8:34:25 AM | Computer Name = Willem-PC | Source = SideBySide | ID = 16842832
Description = Kan activeringscontext voor C:\Program Files (x86)\LG Electronics\LG
PC Suite\LGPCSuite.exe niet maken. Fout in manifest of beleidsbestand op regel
. Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere
onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1:
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Onderdeel
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error - 12/3/2017 6:53:21 PM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 12/3/2017 6:53:21 PM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 12/3/2017 7:06:15 PM | Computer Name = Willem-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 12/3/2017 7:06:22 PM | Computer Name = Willem-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 12/3/2017 8:27:23 PM | Computer Name = Willem-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.23537,
tijdstempel: 0x57c44efe Naam van module met fout: SHELL32.dll, versie: 6.1.7601.23893,
tijdstempel: 0x5993136a Uitzonderingscode: 0xc0000005 Foutoffset: 0x00000000003f5b16
Id
van proces met fout: 0x884 Starttijd van toepassing met fout: 0x01d36c8976dbf59a
Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\SHELL32.dll
Rapport-id:
e539e9e4-d889-11e7-9561-001cc0fa6abf

Error - 12/3/2017 8:27:32 PM | Computer Name = Willem-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.23537,
tijdstempel: 0x57c44efe Naam van module met fout: SHELL32.dll, versie: 6.1.7601.23893,
tijdstempel: 0x5993136a Uitzonderingscode: 0xc000041d Foutoffset: 0x00000000003f5b16
Id
van proces met fout: 0x884 Starttijd van toepassing met fout: 0x01d36c8976dbf59a
Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\SHELL32.dll
Rapport-id:
ea98f636-d889-11e7-9561-001cc0fa6abf

Error - 12/4/2017 7:18:16 AM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 12/4/2017 7:18:16 AM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 12/4/2017 11:22:42 AM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

Error - 12/4/2017 11:22:42 AM | Computer Name = Willem-PC | Source = NvStreamSvc | ID = 133073
Description =

[ System Events ]
Error - 12/3/2017 6:52:32 PM | Computer Name = Willem-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\thdudf.sys kan niet worden geladen vanwege
incompatibiliteit met dit systeem. Vraag de leverancier van de software om een
compatibele versie van het stuurprogramma.

Error - 12/3/2017 6:52:32 PM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7000
Description = De TOSHIBA UDF2.5 Reader File System Driver-service kan vanwege de
volgende fout niet worden gestart: %%1275

Error - 12/3/2017 6:53:35 PM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: RxFilter

Error - 12/4/2017 7:17:54 AM | Computer Name = Willem-PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 2:54:12 op ?4-?12-?2017 is
onverwacht gebeurd.

Error - 12/4/2017 7:17:53 AM | Computer Name = Willem-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\thdudf.sys kan niet worden geladen vanwege
incompatibiliteit met dit systeem. Vraag de leverancier van de software om een
compatibele versie van het stuurprogramma.

Error - 12/4/2017 7:17:53 AM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7000
Description = De TOSHIBA UDF2.5 Reader File System Driver-service kan vanwege de
volgende fout niet worden gestart: %%1275

Error - 12/4/2017 7:18:56 AM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: RxFilter

Error - 12/4/2017 11:22:30 AM | Computer Name = Willem-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\thdudf.sys kan niet worden geladen vanwege
incompatibiliteit met dit systeem. Vraag de leverancier van de software om een
compatibele versie van het stuurprogramma.

Error - 12/4/2017 11:22:30 AM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7000
Description = De TOSHIBA UDF2.5 Reader File System Driver-service kan vanwege de
volgende fout niet worden gestart: %%1275

Error - 12/4/2017 11:22:47 AM | Computer Name = Willem-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: RxFilter


< End of report >
Gebruikersavatar
Eric
Site Admin
Berichten: 3069
Lid geworden op: 13 apr 2005 15:54
Contacteer: Website

Kopieer onderstaande hele code in de codebox in een leeg kladblok venster:

Code: Selecteer alles

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
Sla deze op als fixreg.reg en geef als type "Alle bestanden"
Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
Afbeelding

Klik met je rechtermuisknop op fixreg.reg en kies voor 'Uitvoeren als Administrator'
Sta eventuele toepassing van UAC toe.
Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg Ja/Ok
****Afbeelding****
Doneren kan hier :wink:
traagheidtips
Dit is geen link, erop klikken is zinloos.
Hitmanpro"Alert"
Gebruikersavatar
Eric
Site Admin
Berichten: 3069
Lid geworden op: 13 apr 2005 15:54
Contacteer: Website

Start OTL
  • Plak het volgende onder Custom Scans/Fixes

    :Commands
    [createrestorepoint]

    :OTL
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]

    [reboot]
  • Klik daarna bovenaan op de knop Run Fix
  • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.
****Afbeelding****
Doneren kan hier :wink:
traagheidtips
Dit is geen link, erop klikken is zinloos.
Hitmanpro"Alert"
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Goede middag Eric,


fixreg.reg uitvoeren als admin lukte niet, ik klikte met rechtermuis op het icoon, maar de keuze "uitvoeren als administrator stond niet in het lijstje... Toen heb ik met linkermuisklik dubbelgeklikt en leek het goed te gaan: ik kreeg bericht dat er een nieuwe regel was toegevoegd aan het register.

Hierna OTL gestart en run fix uitgevoerd.

waarvan hier het rapport:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 314760 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Willem
->Temp folder emptied: 174381428 bytes
->Temporary Internet Files folder emptied: 201980488 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15859170 bytes
->Google Chrome cache emptied: 239545659 bytes
->Flash cache emptied: 317024 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 259 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26266564 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50495 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 745 bytes
RecycleBin emptied: 163727 bytes

Total Files Cleaned = 628.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Willem
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052017_132547

Files\Folders moved on Reboot...
C:\Users\Willem\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\adobegc.log scheduled to be moved on reboot.
C:\Windows\temp\JET194A.tmp moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Gebruikersavatar
Eric
Site Admin
Berichten: 3069
Lid geworden op: 13 apr 2005 15:54
Contacteer: Website

ok en hoe gaat het nu?
****Afbeelding****
Doneren kan hier :wink:
traagheidtips
Dit is geen link, erop klikken is zinloos.
Hitmanpro"Alert"
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Het lijkt allemaal wel goed te gaan, er was ook niet zo veel te merken verder aan mijn pc, behalve dat ik dan meldingen kreeg over mail.

Waar mijn pc trouwens al heel lang last van heeft, en wat misschien ook wel de oorzaak is (?) dat ik niet mijn pc opnieuw kan installeren:

wanneer ik de computer opnieuw moet opstarten, om wat voor reden dan ook, kan dit nooit normaal... Ik bedoel, als de pc dan opnieuw opstart krijg ik in beeld wat te zien is op foto1. Ik kan dan klikken en doen wat ik wil, maar er gebeurd verder niks, tot ie dan op een gegeven moment donker beeld geeft met de tekst zoals te zien is op foto2. Maar ook daarna gebeurt er verder niks. Ik kan de pc dan alleen nog opnieuw starten, door handmatig op de grote startknop op de pc te drukken. Hier staan de 3 foto's als collage: https://www.mupload.nl/img/z2iznbgx9dcqe.jpg

Wanneer ik een herstel dvd in de lade stop, en de pc opnieuw start zou het normaal gesproken zo moeten zijn dat hij na de reboot mij de keuze geeft om de pc vanaf schijf te starten, helaas lukt dit niet. Er staat ook een herstel partitie (pc-angel) op de D schijf, ook deze krijg ik niet aan de praat om Windows opnieuw te installeren. Heb jij toevallig in een van de logjes hier een mogelijke oorzaak van kunnen zien?

Grt, Willem
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Ik zie dat die fotolink niet werkt, daarom hier een nieuwe:
https://static.afbeeldinguploaden.nl/17 ... aVPXPo.jpg
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Hallo Eric,

Zoals ik al eerder vertelde, heb ik een paar mailadressen...
Ik kreeg zojuist weer een bericht binnen van Microsoft om mijn account te bevestigen...
Het lijkt een slechte grap te worden, maar dat ik het helaas niet.

https://www.imgdumper.nl/uploads9/5a275 ... -alarm.JPG
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

...Ehm, zit me net te bedenken, dat die laatste waarschuwing, die ik via de mail kreeg wel eens eigen schuld zou kunnen zijn:
heb sinds kort Kaspersky totaal security op mijn pc, (proefversie) en daar zit ook de ogelijkheid bij om via een vpn server te internetten.

Dat heb ik dus even geprobeerd, en daar zal dan ook waarschijnlijk de melding vandaan gekomen zijn dat er getracht is om vanuit het buitenland in te loggen.
Gebruikersavatar
wollemNH
Lid
Berichten: 18
Lid geworden op: 26 nov 2017 21:00

Eric, ben je er nog?
Plaats reactie

Terug naar “Virus- en malwarebestrijding logfile-sectie”