woepi
11 September 2016, 11:10
Denk dat mijn vrouw haar Facebook is gehackt, worden berichten gestuurd die zij niet aanmaakt.
En internet is zeer traag sindsdien.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 11/09/2016
Scantijd: 9:56
Logboekbestand:
Beheerder: Ja
Versie: 2.2.1.1043
Malware-database: v2016.09.11.04
Rootkit-database: v2016.08.15.01
Licentie: Proef
Malware-bescherming: Ingeschakeld
Bescherming tegen kwaadaardige websites: Ingeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Hugo
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 315966
Verstreken tijd: 3 min, 35 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-09-11 10:50:05
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c SAMSUNG_MZ7LF128HCHP-00000 rev.FXT0101Q 119,24GB
Running: hj3rusqr.exe; Driver: C:\Users\Hugo\AppData\Local\Temp\fwedapow.sys
---- User code sections - GMER 2.2 ----
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Ext ractEmailAddress + 4 000000005af10632 2 bytes JMP 120d0026
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!OAu th2 + 4 000000005af10642 2 bytes JMP 120d0046
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Get Token + 4 000000005af10652 2 bytes JMP 120d0066
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Dec odeBase64 + 4 000000005af10662 2 bytes JMP 120d0086
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!WCG etChoise + 4 000000005af10672 2 bytes JMP 120d00a6
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!WCG etToken + 4 000000005af10682 2 bytes JMP 120d00c6
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [576:636] fffff96140d14030
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1247922525
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5348
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 15036
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 80
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 820
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 10865
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 46
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 86
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 356
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 10998
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 187
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 157
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 13
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 11686
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 11708
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 14372
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 11703
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 15033
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 15004
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 19
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 17906
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1916
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 7
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 633
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 31
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 498367
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xF8 0x09 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 36875
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x51 0x41 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 56
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 409
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 124
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 161
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 20
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 124
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 9
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 294
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 8317
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x44 0x68 0x47 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Pa rameters\Isatap\{46D3AFD2-FC90-4782-A7EA-ACEBB9FF2C5C}@DefunctTimestamp 0x00 0xFC 0xD4 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Te redo\PreviousState\5c-35-3b-7a-76-7c@AddressCreationTimestamp 0x69 0x8D 0xE5 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch@Epoch 38755
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch2@Epoch 5547
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules@{716EA47 5-1836-4C32-A142-CC6FCE55607A} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=58| ICMP6=128:*|App=System|Name=@IpHlpSvc.dll,-502|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules@{B42760A 9-4218-447B-B6A2-920DBC1F397D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=58 |ICMP6=128:*|Name=@IpHlpSvc.dll,-503|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000|
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@LeaseObtainedTime 1473581102
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@T1 1473582684
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@T2 1473584034
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@LeaseTerminatesTime 1473584702
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Para meters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@Dhcpv6InformationObtainedTime 1473576036
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeConfidence 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeEstimated 0xA5 0x6D 0x97 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeHigh 0xA5 0xD5 0x5B 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeLow 0xA5 0x05 0xD3 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeTickCount 0x5B 0x4E 0x60 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw Mask 0x64 0x62 0x03 0x00 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 4
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Sea rch@JumpListChangedAppIds Chrome?
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.545
Run by Hugo at 10:52:11 on 2016-09-11
Microsoft Windows 10 Home 10.0.10586.0.1252.32.1043.18.8129.5000 [GMT 2:00]
.
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
C:\WINDOWS\system32\sihost.exe
C:\Windows\System32\RuntimeBroker.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722. 10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\N IS_Delta_Patch.exe
C:\WINDOWS\system32\MpSigStub.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\One Drive.exe" /background
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Hugo\AppData\Local\Temp\{84AC93D5-431F-42C0-ABF6-2FC82792D583}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-Explorer: ConfirmFileDelete = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 195.130.130.3 195.130.131.3
TCP: Interfaces\{668f750d-9918-4831-90db-41528105942a} : DHCPNameServer = 195.130.130.3 195.130.131.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Inst aller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Corel Update Helper] "d:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe" /t
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSyst emStart
x64-mPolicies-Explorer: ConfirmFileDelete = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStor A.sys [2015-6-24 1455552]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrust edRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrusted RTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.s ys [2015-12-11 35488]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\ drivers\CLVirtualDrive.sys [2015-7-21 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\fi lecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sy s [2015-10-30 8192]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-12-11 470600]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-12-11 470600]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgn tflt.sys [2015-12-11 144664]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-8-4 320672]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avne tflt.sys [2015-12-11 78208]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2016-3-22 154680]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2016-3-22 417304]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2016-3-22 917016]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2016-6-23 2267352]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\Sy stem32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-21 1163200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-24 18856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-9-2 1514464]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-9-2 1136608]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-21 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-21 4812736]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2016-7-13 582544]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-5 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2016-3-22 437784]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\dr ivers\mbam.sys [2016-9-2 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\dr ivers\MBAMSwissArmy.sys [2016-9-2 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDO WS\System32\drivers\mwac.sys [2016-9-2 65408]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtual Bus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-21 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-21 6308288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-9-5 47760]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-21 886528]
R3 RtlWlanu;Realtek draadloze LAN 802.11n USB 2.0-netwerkadapter;C:\WINDOWS\System32\drivers\rtwlanu .sys [2015-10-30 3764736]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sy s [2015-10-30 28512]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\ WUDFRd.sys [2015-10-30 216064]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-12-11 989696]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-12-11 1454720]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 KMService;KMService;C:\WINDOWS\System32\srvany.exe --> C:\WINDOWS\System32\srvany.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 A38CCID;CCID USB Smart Card Reader;C:\WINDOWS\System32\drivers\a38ccid.sys [2015-8-19 82480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80x x.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconver ter.sys [2015-10-30 37376]
S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-21 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\ System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2015-12-8 122160]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHu b.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\ svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svch ost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericu sbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidin terrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPI O.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C .sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers \ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobiele hotspotservice;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\ls i_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\ls i_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sy s [2015-10-30 705376]
S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\pe rcsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\pe rcsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.s ys [2015-10-30 930656]
S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\s vchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-12-8 214832]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs .sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineServic e.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcs i.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-15 258912]
S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea .sys [2015-10-30 94048]
S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys .sys [2016-5-11 131424]
S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\sv chost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-09-11 08:52:12 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA7AED3-D031-4848-88E4-1FBAD53F3F84}\gapaengine.dll
2016-09-09 19:13:13 -------- d-----w- C:\Users\Hugo\AppData\Roaming\ZHP
2016-09-05 08:40:42 134712 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2016-09-05 08:40:32 45344 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-09-05 08:40:32 40224 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-09-05 08:40:32 130848 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-09-05 08:40:32 129824 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-09-05 08:40:28 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-09-05 08:40:09 213952 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2016-09-05 08:40:09 203320 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2016-09-05 08:39:44 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-09-05 08:34:58 99472 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2016-09-05 08:34:58 90768 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-09-05 08:34:58 47760 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2016-09-02 06:09:20 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-09-02 06:09:02 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-09-02 06:09:02 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-09-02 06:09:01 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-09-02 06:09:01 -------- d-----w- C:\ProgramData\Malwarebytes
2016-09-01 13:03:24 -------- d---a-w- C:\Program Files\CCleaner
2016-08-30 09:38:51 -------- d-----w- C:\AdwCleaner
2016-08-17 18:01:29 -------- d-----w- C:\Users\Hugo\AppData\Roaming\Atari
2016-08-17 17:59:52 197120 ----a-w- C:\WINDOWS\patchw32.dll
2016-08-17 17:59:52 -------- d-----w- C:\Program Files (x86)\Common Files\PocketSoft
2016-08-17 17:57:07 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iKernel.dll
2016-08-17 17:57:07 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\ctor.dll
2016-08-17 17:57:07 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\DotNetInstaller.exe
2016-08-17 17:57:07 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps. dll
2016-08-17 17:57:07 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iscript.dll
2016-08-17 17:57:07 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iuser.dll
2016-08-17 17:57:06 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\setup.dll
2016-08-17 17:57:06 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iGdi.dll
.
==================== Find3M ====================
.
2016-08-27 19:52:16 14216760 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-08-25 21:12:08 6384064 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2016-08-25 21:12:08 2475064 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2016-08-25 21:12:07 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2016-08-25 21:12:07 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2016-08-25 21:12:07 548408 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2016-08-25 21:12:07 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2016-08-25 21:12:07 1764408 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2016-08-25 21:12:07 1362368 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2016-08-22 15:17:41 7320235 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2016-08-03 11:14:47 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-08-03 11:14:47 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-08-03 11:14:47 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-08-03 10:36:39 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-08-03 10:36:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2016-08-03 10:36:30 37744 ----a-w- C:\WINDOWS\System32\wldp.dll
2016-08-03 10:23:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-08-03 10:23:42 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-08-03 10:22:59 58408 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll
2016-08-03 10:22:53 465248 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2016-08-03 10:22:39 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-08-03 10:22:10 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-08-03 10:22:08 1322760 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-08-03 10:21:07 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-08-03 10:21:01 566112 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-08-03 10:20:08 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-08-03 10:20:04 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-08-03 10:19:37 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-08-03 10:19:36 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-08-03 10:13:17 1988448 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-08-03 10:13:11 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-08-03 10:13:10 393056 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-08-03 10:11:09 422744 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2016-08-03 09:51:14 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-08-03 09:51:00 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-08-03 09:46:24 22384128 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-08-03 09:44:39 63488 ----a-w- C:\WINDOWS\System32\wshbth.dll
2016-08-03 09:44:23 44544 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2016-08-03 09:44:03 189952 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-08-03 09:43:07 16985088 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-08-03 09:41:27 64000 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient. dll
2016-08-03 09:41:25 59904 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker. dll
2016-08-03 09:40:54 58880 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2016-08-03 09:40:48 47616 ----a-w- C:\WINDOWS\System32\TpmTasks.dll
2016-08-03 09:40:16 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-08-03 09:40:09 91136 ----a-w- C:\WINDOWS\System32\bthserv.dll
2016-08-03 09:39:55 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-08-03 09:39:43 104448 ----a-w- C:\WINDOWS\System32\BluetoothApis.dll
2016-08-03 09:38:23 379392 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-08-03 09:38:22 412160 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-08-03 09:37:22 110080 ----a-w- C:\WINDOWS\System32\IdCtrls.dll
2016-08-03 09:36:49 211456 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2016-08-03 09:36:28 198144 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-08-03 09:35:56 200192 ----a-w- C:\WINDOWS\System32\WUDFPlatform.dll
2016-08-03 09:35:15 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-08-03 09:33:57 339968 ----a-w- C:\WINDOWS\System32\SensorService.dll
2016-08-03 09:33:37 285184 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2016-08-03 09:31:59 359936 ----a-w- C:\WINDOWS\System32\SensorsApi.dll
2016-08-03 09:31:54 247296 ----a-w- C:\WINDOWS\System32\wevtutil.exe
2016-08-03 09:31:38 506880 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2016-08-03 09:30:28 515072 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dl l
2016-08-03 09:30:09 970752 ----a-w- C:\WINDOWS\System32\kerberos.dll
2016-08-03 09:29:36 2127360 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2016-08-03 09:29:15 1500160 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2016-08-03 09:29:09 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-08-03 09:28:40 529920 ----a-w- C:\WINDOWS\System32\LogonController.dll
2016-08-03 09:28:22 1213440 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2016-08-03 09:27:58 1717760 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2016-08-03 09:27:45 7536640 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-08-03 09:27:29 381952 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2016-08-03 09:18:57 6974464 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-08-03 09:18:20 1388032 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-08-03 09:18:16 2067968 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-08-03 09:17:10 2175488 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-08-03 09:16:43 2635776 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-08-03 09:16:30 3589120 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-08-03 09:16:25 5123072 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2016-08-03 09:15:20 7833088 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-08-03 09:14:04 1997824 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2016-08-03 09:14:02 4895232 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-08-03 09:13:59 3025920 ----a-w- C:\WINDOWS\System32\wininet.dll
2016-08-03 09:12:25 2746368 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-08-03 09:11:25 4171264 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-08-03 05:52:28 34088 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2016-08-03 05:34:16 501592 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-08-03 05:34:13 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-08-03 05:33:08 51128 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-08-03 05:31:51 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-08-03 05:31:38 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-08-03 05:30:12 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-08-03 05:30:07 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-08-03 04:57:44 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-08-03 04:48:25 51712 ----a-w- C:\WINDOWS\SysWow64\wshbth.dll
2016-08-03 04:47:48 13018112 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:44:46 48128 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker. dll
2016-08-03 04:44:45 48640 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient. dll
2016-08-03 04:42:54 80896 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2016-08-03 04:40:45 92160 ----a-w- C:\WINDOWS\SysWow64\IdCtrls.dll
2016-08-03 04:37:22 219136 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-08-03 04:35:37 178688 ----a-w- C:\WINDOWS\SysWow64\wevtutil.exe
.
============= FINISH: 10:52:25,62 ===============
En internet is zeer traag sindsdien.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 11/09/2016
Scantijd: 9:56
Logboekbestand:
Beheerder: Ja
Versie: 2.2.1.1043
Malware-database: v2016.09.11.04
Rootkit-database: v2016.08.15.01
Licentie: Proef
Malware-bescherming: Ingeschakeld
Bescherming tegen kwaadaardige websites: Ingeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Hugo
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 315966
Verstreken tijd: 3 min, 35 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-09-11 10:50:05
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c SAMSUNG_MZ7LF128HCHP-00000 rev.FXT0101Q 119,24GB
Running: hj3rusqr.exe; Driver: C:\Users\Hugo\AppData\Local\Temp\fwedapow.sys
---- User code sections - GMER 2.2 ----
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Ext ractEmailAddress + 4 000000005af10632 2 bytes JMP 120d0026
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!OAu th2 + 4 000000005af10642 2 bytes JMP 120d0046
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Get Token + 4 000000005af10652 2 bytes JMP 120d0066
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!Dec odeBase64 + 4 000000005af10662 2 bytes JMP 120d0086
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!WCG etChoise + 4 000000005af10672 2 bytes JMP 120d00a6
.text C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe[8056] C:\Program Files (x86)\Firetrust\MailWasher\MWPHeaderParser.dll!WCG etToken + 4 000000005af10682 2 bytes JMP 120d00c6
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [576:636] fffff96140d14030
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1247922525
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5348
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 15036
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 80
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 820
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 10865
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 46
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 86
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 356
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 10998
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 187
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 157
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 13
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 11686
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 11708
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 14372
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 11703
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 15033
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 15004
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 19
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 17906
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1916
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 7
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 633
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 31
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 498367
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xF8 0x09 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 36875
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x51 0x41 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 56
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 409
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 124
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 161
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 20
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 124
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 9
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 294
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 8317
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x44 0x68 0x47 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Pa rameters\Isatap\{46D3AFD2-FC90-4782-A7EA-ACEBB9FF2C5C}@DefunctTimestamp 0x00 0xFC 0xD4 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Te redo\PreviousState\5c-35-3b-7a-76-7c@AddressCreationTimestamp 0x69 0x8D 0xE5 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch@Epoch 38755
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch2@Epoch 5547
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules@{716EA47 5-1836-4C32-A142-CC6FCE55607A} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=58| ICMP6=128:*|App=System|Name=@IpHlpSvc.dll,-502|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules@{B42760A 9-4218-447B-B6A2-920DBC1F397D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=58 |ICMP6=128:*|Name=@IpHlpSvc.dll,-503|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000|
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@LeaseObtainedTime 1473581102
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@T1 1473582684
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@T2 1473584034
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@LeaseTerminatesTime 1473584702
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Para meters\Interfaces\{668f750d-9918-4831-90db-41528105942a}@Dhcpv6InformationObtainedTime 1473576036
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeConfidence 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeEstimated 0xA5 0x6D 0x97 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeHigh 0xA5 0xD5 0x5B 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeLow 0xA5 0x05 0xD3 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeTickCount 0x5B 0x4E 0x60 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw Mask 0x64 0x62 0x03 0x00 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 4
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Sea rch@JumpListChangedAppIds Chrome?
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.545
Run by Hugo at 10:52:11 on 2016-09-11
Microsoft Windows 10 Home 10.0.10586.0.1252.32.1043.18.8129.5000 [GMT 2:00]
.
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
C:\WINDOWS\system32\sihost.exe
C:\Windows\System32\RuntimeBroker.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722. 10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\N IS_Delta_Patch.exe
C:\WINDOWS\system32\MpSigStub.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [OneDrive] "C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\One Drive.exe" /background
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Hugo\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Hugo\AppData\Local\Temp\{84AC93D5-431F-42C0-ABF6-2FC82792D583}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-Explorer: ConfirmFileDelete = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 195.130.130.3 195.130.131.3
TCP: Interfaces\{668f750d-9918-4831-90db-41528105942a} : DHCPNameServer = 195.130.130.3 195.130.131.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Inst aller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Corel Update Helper] "d:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe" /t
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSyst emStart
x64-mPolicies-Explorer: ConfirmFileDelete = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStor A.sys [2015-6-24 1455552]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrust edRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrusted RTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.s ys [2015-12-11 35488]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\ drivers\CLVirtualDrive.sys [2015-7-21 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\fi lecrypt.sys [2016-5-11 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sy s [2015-10-30 8192]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-12-11 470600]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-12-11 470600]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgn tflt.sys [2015-12-11 144664]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-8-4 320672]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avne tflt.sys [2015-12-11 78208]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2016-3-22 154680]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2016-3-22 417304]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2016-3-22 917016]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2016-6-23 2267352]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\Sy stem32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-21 1163200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-24 18856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-9-2 1514464]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-9-2 1136608]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-21 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-21 4812736]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2016-7-13 582544]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-5 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2016-3-22 437784]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\dr ivers\mbam.sys [2016-9-2 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\dr ivers\MBAMSwissArmy.sys [2016-9-2 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDO WS\System32\drivers\mwac.sys [2016-9-2 65408]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtual Bus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-21 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-21 6308288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-9-5 47760]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-21 886528]
R3 RtlWlanu;Realtek draadloze LAN 802.11n USB 2.0-netwerkadapter;C:\WINDOWS\System32\drivers\rtwlanu .sys [2015-10-30 3764736]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sy s [2015-10-30 28512]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\ WUDFRd.sys [2015-10-30 216064]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-12-11 989696]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-12-11 1454720]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 KMService;KMService;C:\WINDOWS\System32\srvany.exe --> C:\WINDOWS\System32\srvany.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 A38CCID;CCID USB Smart Card Reader;C:\WINDOWS\System32\drivers\a38ccid.sys [2015-8-19 82480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80x x.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconver ter.sys [2015-10-30 37376]
S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-21 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\ System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2015-12-8 122160]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHu b.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\ svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svch ost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericu sbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidin terrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPI O.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C .sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers \ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobiele hotspotservice;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\ls i_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\ls i_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sy s [2015-10-30 705376]
S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\pe rcsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\pe rcsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.s ys [2015-10-30 930656]
S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\s vchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2015-12-8 214832]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs .sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineServic e.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcs i.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-15 258912]
S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea .sys [2015-10-30 94048]
S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys .sys [2016-5-11 131424]
S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\sv chost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-09-11 08:52:12 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA7AED3-D031-4848-88E4-1FBAD53F3F84}\gapaengine.dll
2016-09-09 19:13:13 -------- d-----w- C:\Users\Hugo\AppData\Roaming\ZHP
2016-09-05 08:40:42 134712 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2016-09-05 08:40:32 45344 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-09-05 08:40:32 40224 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-09-05 08:40:32 130848 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-09-05 08:40:32 129824 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-09-05 08:40:28 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-09-05 08:40:09 213952 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2016-09-05 08:40:09 203320 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2016-09-05 08:39:44 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-09-05 08:34:58 99472 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2016-09-05 08:34:58 90768 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-09-05 08:34:58 47760 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2016-09-02 06:09:20 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-09-02 06:09:02 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-09-02 06:09:02 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-09-02 06:09:01 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-09-02 06:09:01 -------- d-----w- C:\ProgramData\Malwarebytes
2016-09-01 13:03:24 -------- d---a-w- C:\Program Files\CCleaner
2016-08-30 09:38:51 -------- d-----w- C:\AdwCleaner
2016-08-17 18:01:29 -------- d-----w- C:\Users\Hugo\AppData\Roaming\Atari
2016-08-17 17:59:52 197120 ----a-w- C:\WINDOWS\patchw32.dll
2016-08-17 17:59:52 -------- d-----w- C:\Program Files (x86)\Common Files\PocketSoft
2016-08-17 17:57:07 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iKernel.dll
2016-08-17 17:57:07 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\ctor.dll
2016-08-17 17:57:07 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\DotNetInstaller.exe
2016-08-17 17:57:07 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps. dll
2016-08-17 17:57:07 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iscript.dll
2016-08-17 17:57:07 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iuser.dll
2016-08-17 17:57:06 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\setup.dll
2016-08-17 17:57:06 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Inte l32\iGdi.dll
.
==================== Find3M ====================
.
2016-08-27 19:52:16 14216760 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-08-25 21:12:08 6384064 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2016-08-25 21:12:08 2475064 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2016-08-25 21:12:07 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2016-08-25 21:12:07 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2016-08-25 21:12:07 548408 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2016-08-25 21:12:07 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2016-08-25 21:12:07 1764408 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2016-08-25 21:12:07 1362368 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2016-08-22 15:17:41 7320235 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2016-08-03 11:14:47 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-08-03 11:14:47 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-08-03 11:14:47 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-08-03 10:36:39 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-08-03 10:36:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2016-08-03 10:36:30 37744 ----a-w- C:\WINDOWS\System32\wldp.dll
2016-08-03 10:23:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-08-03 10:23:42 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-08-03 10:22:59 58408 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll
2016-08-03 10:22:53 465248 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2016-08-03 10:22:39 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-08-03 10:22:10 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-08-03 10:22:08 1322760 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-08-03 10:21:07 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-08-03 10:21:01 566112 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-08-03 10:20:08 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-08-03 10:20:04 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-08-03 10:19:37 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-08-03 10:19:36 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-08-03 10:13:17 1988448 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-08-03 10:13:11 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-08-03 10:13:10 393056 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-08-03 10:11:09 422744 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2016-08-03 09:51:14 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-08-03 09:51:00 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-08-03 09:46:24 22384128 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-08-03 09:44:39 63488 ----a-w- C:\WINDOWS\System32\wshbth.dll
2016-08-03 09:44:23 44544 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2016-08-03 09:44:03 189952 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-08-03 09:43:07 16985088 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-08-03 09:41:27 64000 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient. dll
2016-08-03 09:41:25 59904 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker. dll
2016-08-03 09:40:54 58880 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2016-08-03 09:40:48 47616 ----a-w- C:\WINDOWS\System32\TpmTasks.dll
2016-08-03 09:40:16 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-08-03 09:40:09 91136 ----a-w- C:\WINDOWS\System32\bthserv.dll
2016-08-03 09:39:55 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-08-03 09:39:43 104448 ----a-w- C:\WINDOWS\System32\BluetoothApis.dll
2016-08-03 09:38:23 379392 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-08-03 09:38:22 412160 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-08-03 09:37:22 110080 ----a-w- C:\WINDOWS\System32\IdCtrls.dll
2016-08-03 09:36:49 211456 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2016-08-03 09:36:28 198144 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-08-03 09:35:56 200192 ----a-w- C:\WINDOWS\System32\WUDFPlatform.dll
2016-08-03 09:35:15 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-08-03 09:33:57 339968 ----a-w- C:\WINDOWS\System32\SensorService.dll
2016-08-03 09:33:37 285184 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2016-08-03 09:31:59 359936 ----a-w- C:\WINDOWS\System32\SensorsApi.dll
2016-08-03 09:31:54 247296 ----a-w- C:\WINDOWS\System32\wevtutil.exe
2016-08-03 09:31:38 506880 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2016-08-03 09:30:28 515072 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dl l
2016-08-03 09:30:09 970752 ----a-w- C:\WINDOWS\System32\kerberos.dll
2016-08-03 09:29:36 2127360 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2016-08-03 09:29:15 1500160 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2016-08-03 09:29:09 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-08-03 09:28:40 529920 ----a-w- C:\WINDOWS\System32\LogonController.dll
2016-08-03 09:28:22 1213440 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2016-08-03 09:27:58 1717760 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2016-08-03 09:27:45 7536640 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-08-03 09:27:29 381952 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2016-08-03 09:18:57 6974464 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-08-03 09:18:20 1388032 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-08-03 09:18:16 2067968 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-08-03 09:17:10 2175488 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-08-03 09:16:43 2635776 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-08-03 09:16:30 3589120 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-08-03 09:16:25 5123072 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2016-08-03 09:15:20 7833088 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-08-03 09:14:04 1997824 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2016-08-03 09:14:02 4895232 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-08-03 09:13:59 3025920 ----a-w- C:\WINDOWS\System32\wininet.dll
2016-08-03 09:12:25 2746368 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-08-03 09:11:25 4171264 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-08-03 05:52:28 34088 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2016-08-03 05:34:16 501592 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-08-03 05:34:13 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-08-03 05:33:08 51128 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-08-03 05:31:51 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-08-03 05:31:38 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-08-03 05:30:12 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-08-03 05:30:07 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-08-03 04:57:44 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-08-03 04:48:25 51712 ----a-w- C:\WINDOWS\SysWow64\wshbth.dll
2016-08-03 04:47:48 13018112 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:44:46 48128 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker. dll
2016-08-03 04:44:45 48640 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient. dll
2016-08-03 04:42:54 80896 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2016-08-03 04:40:45 92160 ----a-w- C:\WINDOWS\SysWow64\IdCtrls.dll
2016-08-03 04:37:22 219136 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-08-03 04:35:37 178688 ----a-w- C:\WINDOWS\SysWow64\wevtutil.exe
.
============= FINISH: 10:52:25,62 ===============