Jump to content

Garbled, then inaccessible memory card/camera


Recommended Posts

Dear,

 

First off, I am new to your website and this forum. I have read the sticky posts; however if there is anything I overlooked, please do let me know.

 

I am asking your help for the following. My girlfriend's camera (Sony Cybershot DSC-WX200) recently turned inaccessible. When connected through the USB it would charge, but to the computer it was totally invisible (no connecting sound or anything). I changed the camera settings to 'mass storage' but no difference. I have taken the memory card out of the camera and inserted it in my laptop. There were files visible on the card, but like blank files with no association to any program, and all having a .scr extention. I put the card back into the camera, and the photos and videos were still playable on the camera itself.

 

 

I then put the memory card back into my laptop. Each file (all “.scr”) was no bigger than a few kb's. The names of some of the files were like before (‘DCIM’ and the likes) but also files such as ‘RECYCLER’ and some I wasn’t sure of. Avira started alerting; I quarantined the files through Avira, but now the whole memory card doesn't show any files at all anymore, even though there is only 88,9MB of its 14,9 GB available.

 

I haven't taken the card out of the laptop again. I am not sure if I should take the card out and check again, as I really do not understand what has happened and the first priority is to make sure that the photos and videos on the card will somehow be protected and saved. Also, I wonder whether there is a possibility of the camera itself to be infected (if that is possible?). First and foremost though, the importance is on retrieving the data on the card.

 

I pasted the output of the Farbar Recovery Scan Tool FRST.txt and addition.txt at the end of this post.

 

Tremendous thanks in advance for your time and assistance.

 

Kind regards,

Arjun

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:17-10-2015
Gestart door Arjun (Beheerder) op ARJUN (17-10-2015 21:37:20)
Gestart vanaf C:\Users\Arjun\Downloads
Geladen Profielen: Arjun &  (Beschikbare Profielen: Arjun)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Opera)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
() C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ui\updateui.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-10] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-10-21] (Synaptics Incorporated)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-02-15] ()
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [spotify Web Helper] => C:\Users\Arjun\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-16] (Spotify Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [GoogleChromeAutoLaunch_684E79B2ACBAECC883CEF6D2651C6D01] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-09] (Google Inc.)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Run: [spotify] => C:\Users\Arjun\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-16] (Spotify Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\RunOnce: [Application Restart #4] => C:\Users\Arjun\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (de data item heeft 549 mee tekens).
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [1156296 2015-08-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\MountPoints2: {fae7e8b6-ee97-11e4-8262-d07e35e93544} - "E:\setup.exe" 
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\MountPoints2: {fae7edc0-ee97-11e4-8262-d07e35e93544} - "G:\setup_the_witcher_2_ee_3.0.1.17.exe" 
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Arjun\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-16] (Spotify Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_684E79B2ACBAECC883CEF6D2651C6D01] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-09] (Google Inc.)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify] => C:\Users\Arjun\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-16] (Spotify Ltd)
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #4] => C:\Users\Arjun\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (de data item heeft 549 mee tekens).
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fae7e8b6-ee97-11e4-8262-d07e35e93544} - "E:\setup.exe" 
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fae7edc0-ee97-11e4-8262-d07e35e93544} - "G:\setup_the_witcher_2_ee_3.0.1.17.exe" 
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{338E581C-E807-4B6B-B334-17B2D81222F0}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{8DAEE3FB-9F74-40C7-B6A4-CC456B6D37A2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1268573499-3608729314-613688236-1001 -> DefaultScope {A6F99FB0-1B9D-4474-9AF4-DEDC4E795238} URL = 
SearchScopes: HKU\S-1-5-21-1268573499-3608729314-613688236-1001 -> {A6F99FB0-1B9D-4474-9AF4-DEDC4E795238} URL = 
SearchScopes: HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A6F99FB0-1B9D-4474-9AF4-DEDC4E795238} URL = 
SearchScopes: HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A6F99FB0-1B9D-4474-9AF4-DEDC4E795238} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation)
Toolbar: HKLM-x32 - Geen Naam - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -  Geen bestand
 
FireFox:
========
FF ProfilePath: C:\Users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\5t982KsA.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1268573499-3608729314-613688236-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arjun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arjun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\5t982KsA.default\Extensions\abs@avira.com [2015-10-17] [ niet getekend]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> d
CHR Profile: C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (CookiesOK) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni [2015-04-29]
CHR Extension: (Google Documenten) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (Web2PDFConverter) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk [2015-07-16]
CHR Extension: (YouTube) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Give Up) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2015-04-29]
CHR Extension: (Google Spreadsheets) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-15]
CHR Extension: (GeenStijl Extension for Google Chrome™) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbhknghcbmhfeogkgiklahakfhfmbhb [2015-04-29]
CHR Extension: (AdBlock) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-05]
CHR Extension: (SoundCloud) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-04-29]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (PDFMerge!) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdacedgjnjempjojkeglobekhdnljlp [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: (AVG PrivacyFix) - C:\Users\Arjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2015-04-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\Arjun\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-08-09]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [644080 2014-10-22] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [bestand niet getekend]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2014-12-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
R3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-19] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2015-10-13] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-26] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-26] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-18] (Lenovo(beijing) Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-10-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-10-15] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-29] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [bestand niet getekend]
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
S3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-05] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-10-21] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3554968 2014-08-26] (Sonix Co. Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 KMDFVirtualKbd; \SystemRoot\System32\drivers\KMDFVirtualKbd.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-10-17 21:37 - 2015-10-17 21:38 - 00031329 _____ C:\Users\Arjun\Downloads\FRST.txt
2015-10-17 21:36 - 2015-10-17 21:37 - 00000000 ____D C:\FRST
2015-10-17 21:35 - 2015-10-17 21:35 - 02196992 _____ (Farbar) C:\Users\Arjun\Downloads\FRST64.exe
2015-10-17 21:05 - 2015-10-17 21:09 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 21:04 - 2015-10-17 21:04 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 21:04 - 2015-10-17 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 21:04 - 2015-10-17 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-17 21:04 - 2015-10-17 21:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 21:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-17 21:04 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-17 21:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-17 21:00 - 2015-10-17 21:04 - 22908888 _____ (Malwarebytes ) C:\Users\Arjun\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-17 20:58 - 2015-10-17 20:58 - 00000000 _____ C:\Users\Arjun\Downloads\mbam-setup-2.2.0.1024.exe.opdownload
2015-10-17 20:23 - 2015-10-17 20:23 - 00041846 _____ C:\Users\Arjun\Downloads\birdman.or.(the.unexpected.virtue.of.ignorance).(2014).dut.1cd.(6064934).zip
2015-10-17 20:23 - 2015-10-17 20:23 - 00041846 _____ C:\Users\Arjun\Downloads\birdman.or.(the.unexpected.virtue.of.ignorance).(2014).dut.1cd.(6064934) (1).zip
2015-10-17 20:20 - 2015-10-17 21:13 - 00000000 ____D C:\Users\Arjun\Downloads\Birdman (2014) [1080p]
2015-10-17 20:10 - 2015-10-17 20:10 - 00000000 ____D C:\Users\Arjun\Downloads\30 Rock Season 1 Complete HDTV-soagg
2015-10-17 20:08 - 2015-10-17 20:12 - 00000000 ____D C:\Users\Arjun\Downloads\Interstellar (2014)
2015-10-13 17:05 - 2015-10-13 17:05 - 00289168 _____ C:\windows\Minidump\101315-36859-01.dmp
2015-10-13 16:08 - 2015-10-13 16:08 - 00289112 _____ C:\windows\Minidump\101315-42234-01.dmp
2015-10-13 15:42 - 2015-10-13 15:43 - 00000000 ____D C:\Users\Arjun\Downloads\Fargo.S02E01.HDTV.x264-KILLERS[ettv]
2015-10-12 10:19 - 2015-10-12 10:19 - 00144896 _____ C:\Users\Arjun\Downloads\Mobilization for action.ppt
2015-10-11 23:11 - 2015-10-11 23:11 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-10-11 23:08 - 2015-10-11 23:09 - 16407552 _____ (Sony Corporation) C:\Users\Arjun\Downloads\PMHOME_5002DL.exe
2015-09-30 10:00 - 2015-09-30 10:16 - 00000000 ____D C:\Users\Arjun\AppData\Roaming\Audacity
2015-09-30 10:00 - 2015-09-30 10:00 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-30 10:00 - 2015-09-30 10:00 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-09-30 09:58 - 2015-09-30 09:58 - 25186399 _____ (Audacity Team ) C:\Users\Arjun\Downloads\audacity-win-2.1.1.exe
2015-09-30 00:58 - 2015-09-30 01:00 - 00000000 ____D C:\Users\Arjun\AppData\Local\PDFCreator
2015-09-26 22:06 - 2015-09-26 22:16 - 00000000 ____D C:\Users\Arjun\Downloads\Anchorman 2 The Legend Continues (2013)
2015-09-26 02:33 - 2015-09-26 22:45 - 367591208 _____ C:\Users\Arjun\Downloads\An.Idiot.Abroad.S01E03.WS.PDTV.XviD-aAF.avi
2015-09-26 02:32 - 2015-09-26 02:46 - 367550104 _____ C:\Users\Arjun\Downloads\An.Idiot.Abroad.S01E02.WS.PDTV.XviD-aAF.avi
2015-09-26 02:12 - 2015-09-26 02:23 - 367672056 _____ C:\Users\Arjun\Downloads\An.Idiot.Abroad.S01E01.WS.PDTV.XviD-aAF.avi
2015-09-20 18:45 - 2015-09-20 18:46 - 00000000 ____D C:\Users\Arjun\Downloads\Benjamin Clementine - At Least For Now (2015) l Audio l Album Track l 320Kbps l CBR l Mp3 l sn3h1t87
2015-09-20 18:45 - 2015-09-20 18:45 - 00012490 _____ C:\Users\Arjun\Downloads\[kat.cr]benjamin.clementine.at.least.for.now.2015.l.audio.l.album.track.l.320kbps.l.cbr.l.mp3.l.sn3h1t87.torrent
2015-09-20 16:22 - 2015-09-20 16:25 - 00000000 ____D C:\Users\Arjun\Downloads\Pure Reason Revolution - The Dark Third (2006)
2015-09-20 16:12 - 2015-09-20 16:12 - 00011391 _____ C:\Users\Arjun\Downloads\[kat.cr]pure.reason.revolution.the.dark.third.2006.mp3.320.torrent
2015-09-19 15:07 - 2015-09-19 15:07 - 02360520 _____ C:\Users\Arjun\Desktop\0p3PUar.webm
2015-09-19 15:05 - 2015-09-19 15:05 - 00007753 _____ C:\Users\Arjun\Desktop\0p3PUar.gifv
2015-09-18 00:59 - 2015-09-18 00:59 - 00000000 ____D C:\Users\Arjun\Downloads\Stromae-Cheese
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-10-17 21:38 - 2015-04-29 19:57 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1268573499-3608729314-613688236-1001
2015-10-17 21:32 - 2015-08-26 11:31 - 00001002 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-17 21:31 - 2015-07-16 02:13 - 00000000 ____D C:\Users\Arjun\AppData\Local\ClassicShell
2015-10-17 21:26 - 2015-04-29 20:00 - 00001076 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-17 21:02 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-10-17 20:34 - 2015-02-15 19:04 - 00807742 _____ C:\windows\system32\perfh013.dat
2015-10-17 20:34 - 2015-02-15 19:04 - 00162706 _____ C:\windows\system32\perfc013.dat
2015-10-17 20:34 - 2014-03-18 11:53 - 01826596 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-17 20:23 - 2015-09-09 00:47 - 00000000 ____D C:\Users\Arjun\Downloads\Parks and Recreation
2015-10-17 19:52 - 2015-02-15 18:15 - 01791428 _____ C:\windows\WindowsUpdate.log
2015-10-17 19:42 - 2015-04-29 19:59 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E3519392-472B-4DF4-862C-810C6B8693BD}
2015-10-17 18:45 - 2015-05-16 23:19 - 00000000 ____D C:\Users\Arjun\AppData\Local\Last.fm
2015-10-16 03:11 - 2015-02-15 18:18 - 00008456 _____ C:\windows\lupdate.log
2015-10-15 23:42 - 2015-05-12 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-15 23:40 - 2015-05-12 11:52 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-10-15 23:40 - 2015-05-12 11:52 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-10-15 18:05 - 2013-08-22 16:46 - 00074519 _____ C:\windows\setupact.log
2015-10-15 15:13 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-10-15 15:11 - 2015-05-03 19:11 - 00000000 ____D C:\windows\system32\MRT
2015-10-15 15:02 - 2015-05-03 19:10 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-15 14:45 - 2015-04-30 14:26 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-15 14:44 - 2015-04-30 14:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-14 14:26 - 2015-04-29 20:00 - 00001072 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 12:33 - 2015-04-30 13:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 07:30 - 2015-05-02 04:21 - 00000000 ____D C:\Users\Arjun\AppData\Roaming\vlc
2015-10-13 17:20 - 2015-02-15 19:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-13 17:19 - 2015-04-29 19:55 - 00000000 ___RD C:\Users\Arjun\OneDrive
2015-10-13 17:08 - 2015-02-15 19:26 - 00115453 _____ C:\windows\SysWOW64\Gms.log
2015-10-13 17:05 - 2015-05-05 15:18 - 517142909 _____ C:\windows\MEMORY.DMP
2015-10-13 17:05 - 2015-05-05 15:18 - 00000000 ____D C:\windows\Minidump
2015-10-13 17:05 - 2015-02-15 18:10 - 00153336 _____ C:\windows\system32\wpbbin.exe
2015-10-13 17:05 - 2015-02-15 18:10 - 00111088 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoCheck.exe
2015-10-13 17:05 - 2015-02-15 18:10 - 00026608 _____ (Lenovo) C:\windows\system32\LenovoUpdate.exe
2015-10-13 17:05 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-13 16:20 - 2015-04-29 19:46 - 00000000 ____D C:\Users\Arjun
2015-10-13 16:07 - 2014-03-18 11:44 - 00192688 _____ C:\windows\PFRO.log
2015-10-08 18:15 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-10-08 14:41 - 2015-08-09 23:31 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-08 10:00 - 2015-05-03 19:21 - 00000000 ___SD C:\windows\system32\GWX
2015-10-07 16:59 - 2015-05-03 19:21 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-06 01:22 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2015-09-30 11:47 - 2015-08-09 23:32 - 00003824 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1439155915
2015-09-30 11:47 - 2015-08-09 23:32 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-29 16:13 - 2013-08-22 16:44 - 00499248 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-29 16:11 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-09-29 16:09 - 2015-02-15 19:22 - 07797988 _____ C:\Users\Public\CAFADEBUG.log
2015-09-26 19:05 - 2015-07-16 01:54 - 00000000 ____D C:\Users\Arjun\AppData\Roaming\Spotify
2015-09-26 18:59 - 2015-07-16 01:54 - 00000000 ____D C:\Users\Arjun\AppData\Local\Spotify
2015-09-19 20:17 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2015-09-18 12:56 - 2015-05-26 21:11 - 00000000 ____D C:\Users\Arjun\AppData\Roaming\Skype
 
==================== Bestanden in de root van sommige mappen =======
 
2015-06-29 21:43 - 2015-06-29 21:55 - 0006144 _____ () C:\Users\Arjun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-15 19:20 - 2015-02-15 19:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Sommige bestanden in TEMP:
====================
C:\Users\Arjun\AppData\Local\Temp\avgnt.exe
C:\Users\Arjun\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Arjun\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Arjun\AppData\Local\Temp\oct1C4A.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\oct36C.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\oct753B.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octA6B.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octAAA5.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octB4E1.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octD009.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octE248.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octE541.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\octFA85.tmp.exe
C:\Users\Arjun\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\windows\system32\winlogon.exe => Bestand is getekend
C:\windows\system32\wininit.exe => Bestand is getekend
C:\windows\explorer.exe => Bestand is getekend
C:\windows\SysWOW64\explorer.exe => Bestand is getekend
C:\windows\system32\svchost.exe => Bestand is getekend
C:\windows\SysWOW64\svchost.exe => Bestand is getekend
C:\windows\system32\services.exe => Bestand is getekend
C:\windows\system32\User32.dll => Bestand is getekend
C:\windows\SysWOW64\User32.dll => Bestand is getekend
C:\windows\system32\userinit.exe => Bestand is getekend
C:\windows\SysWOW64\userinit.exe => Bestand is getekend
C:\windows\system32\rpcss.dll => Bestand is getekend
C:\windows\system32\dnsapi.dll => Bestand is getekend
C:\windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-10-10 21:42
 
==================== Eind van FRST.txt ============================
 
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:17-10-2015
Gestart door Arjun (2015-10-17 21:38:29)
Gestart vanaf C:\Users\Arjun\Downloads
Windows 8.1 (X64) (2015-04-29 17:49:48)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1268573499-3608729314-613688236-500 - Administrator - Disabled)
Arjun (S-1-5-21-1268573499-3608729314-613688236-1001 - Administrator - Enabled) => C:\Users\Arjun
Gast (S-1-5-21-1268573499-3608729314-613688236-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
µTorrent (HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.1.0.7 - Lenovo)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.52 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HFSExplorer 0.23 (HKLM-x32\...\HFSExplorer) (Version: 0.23 - Catacombae Software)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A4622668-B80F-406A-B86A-548382C994D7}) (Version: 17.1.1512.0771 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1324.7_WHQL - Sonix)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6806.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.6806.52 - CyberLink Corp.) Hidden
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.20 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.6 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.5 - Lenovo)
LenovoUtility (x32 Version: 2.0.0.5 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.2 (x86 nl) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 nl)) (Version: 40.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nexus 14.11 (HKLM-x32\...\Winstep Xtreme_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.16 - Lenovo) Hidden
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Skyrim HD Texture Pack (HKLM-x32\...\The Elder Scrolls V Skyrim HD Texture Pack_is1) (Version: 6 Feb 2013 - Bethesda Softworks)
Spotify (HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Spotify (HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.132 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{72AE3AF7-E2E9-4890-8F0C-8E3E89A3826F}) (Version: 6.1.5.0 - Husdawg, LLC)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Herstelpunten =========================
 
19-09-2015 20:06:22 Gepland controlepunt
07-10-2015 16:57:48 Windows Update
14-10-2015 12:31:23 Windows Update
 
==================== Hosts inhoud: ===============================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {07D6106E-ACBF-4912-9A12-06BA7251BDEB} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {2FF7F760-9F1F-4C42-AB6D-2CC536F5C31D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4E6263F0-3251-4397-A9A4-65B8E3F4B5FD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {51C00BF3-7F9E-4A85-90A4-AD1E4D794AC2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {5F5A0B33-34D7-434D-A395-6998DC825E78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {60400779-158B-4335-9A47-8DA2655DD2C9} - System32\Tasks\Opera scheduled Autoupdate 1439155915 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {609F6D11-2CF2-40FE-99DF-730E85975BCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {6707BDF9-02C2-4F30-8E30-13CCE5FA34EB} - System32\Tasks\{1C663E6F-9EEC-493E-8332-B9666DA4597E} => pcalua.exe -a "C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RCT.EXE" -d "C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon"
Task: {6FCFEC6C-6051-4C74-92BA-0C084314EC91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {719393FF-52FA-48BA-912A-FD77B3C74A03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {7C67DDD6-1EB6-4747-87A5-FB20ECE0D159} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {88F77A24-273D-4F78-8D0C-A207093ABDAD} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {8AC4C3E2-9F64-4CA4-9B2A-984B98362F85} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {8C57FCA3-EC56-4D24-8902-21E1CCAD2C11} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {C0AC7695-3696-4C60-BD4D-A8DF7A5D134D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {F79F8A41-4827-4AF3-989E-3256AF5005EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {FCF866A3-1B55-4491-836C-B3347F798EB9} - System32\Tasks\{BC5FF3A0-5A4A-4E4E-9133-A5493A382C7B} => pcalua.exe -a "C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RCT.EXE" -d "C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon"
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Geladen Modules (gefilterd) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-15 20:25 - 2014-11-20 20:43 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-02-15 20:15 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-02-15 20:25 - 2014-11-18 01:35 - 00036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-02-15 20:25 - 2014-11-18 01:35 - 00166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-15 02:42 - 2014-12-19 06:03 - 00391784 _____ () C:\windows\system32\igfxTray.exe
2015-02-15 20:10 - 2014-10-22 20:15 - 00410096 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2015-02-15 19:21 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-02-15 20:10 - 2015-02-15 20:10 - 00791368 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-02-15 20:10 - 2015-02-15 20:10 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-02-15 20:25 - 2014-11-18 01:35 - 00044824 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\res_NL_Dutch_DUT.dll
2015-02-15 20:25 - 2014-11-20 20:43 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-02-15 20:25 - 2014-11-18 01:35 - 00036120 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2015-02-15 20:25 - 2015-02-15 20:25 - 00019232 _____ () C:\windows\Microsoft.Net\assembly\GAC_MSIL\Lenovo.MetricCollectionSDK\v4.0_1.1.9.0__d43be3ee47b19ecb\Lenovo.MetricCollectionSDK.dll
2014-04-09 21:29 - 2014-04-09 21:29 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
2014-09-03 21:03 - 2014-09-03 21:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-15 20:16 - 2014-07-04 06:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 22:35 - 2014-07-04 22:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-04-09 21:30 - 2014-04-09 21:30 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd
2014-04-09 21:29 - 2014-04-09 21:29 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll
2014-04-09 21:29 - 2014-04-09 21:29 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll
2014-04-09 21:29 - 2014-04-09 21:29 - 00562464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\urlmon.dll
2014-04-09 21:29 - 2014-04-09 21:29 - 00401184 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iertutil.dll
2014-04-09 21:29 - 2014-04-09 21:29 - 00412448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\WININET.dll
2014-04-09 21:30 - 2014-04-09 21:30 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32service.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\servicemanager.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32event.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_socket.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ssl.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_hashlib.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\select.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_ctypes.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32process.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32ts.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32profile.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32security.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00336160 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_bsddb.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32evtlog.pyd
2014-04-09 21:30 - 2014-04-09 21:30 - 00024864 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32inet.pyd
2014-04-09 21:29 - 2014-04-09 21:29 - 00021280 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\EnvironmentID.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00738784 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00128992 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00034784 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00353248 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2015-05-16 23:19 - 2015-04-20 01:59 - 00304608 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00184800 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2015-05-16 23:19 - 2015-04-20 01:59 - 00113120 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2015-05-16 23:19 - 2015-04-20 01:59 - 02288608 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2015-05-16 23:19 - 2015-04-20 02:00 - 00051680 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2015-02-15 19:42 - 2015-01-22 19:18 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-02-15 19:42 - 2015-01-22 19:18 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-30 11:47 - 2015-09-30 11:46 - 59639416 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\opera.dll
2015-09-30 11:46 - 2015-09-30 11:46 - 01881208 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\libglesv2.dll
2015-09-30 11:46 - 2015-09-30 11:46 - 00081528 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\libegl.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Arjun\OneDrive:ms-properties
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arjun\Downloads\2014-07-16 15.17.04.jpg
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Arjun\Downloads\2014-07-16 15.17.04.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_684E79B2ACBAECC883CEF6D2651C6D01"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_684E79B2ACBAECC883CEF6D2651C6D01"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1268573499-3608729314-613688236-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5F1F7AA1-D6D8-476A-8D84-943EB931A8F3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6D142707-B580-4A51-BAE4-86EF4ADFCE70}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{FAD98CF9-FE9F-4C7C-A9B5-98784E3AD977}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{23EF388C-610C-46A9-90AE-6DB6C2CB8D95}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{0EBD5CB1-E34E-4958-B77F-DBD73A6393DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9603E522-DCA1-4E9D-B232-7D0D824A9D14}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5056E5CE-D8F7-4747-977F-8F02E7DC0EA2}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B527C041-7D9A-46DA-B613-C403D3E78F96}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{98A0AAB6-49A4-4E9C-9982-831A0D03C9F5}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{93CAF964-6506-411A-A1AB-CE5C3BB5990F}] => (Allow) LPort=55100
FirewallRules: [{58D6DD87-4504-4F39-A688-00731C1C6840}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{A7A08CE8-A1C8-47AD-ABB5-8212F9B0B361}] => (Allow) C:\Users\Arjun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8697A11-57ED-4621-A7B5-06D7972D3B1D}] => (Allow) C:\Users\Arjun\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1657669D-FF7D-43E5-B36F-974FDD0AE123}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B984E089-B7DE-4F65-A188-E96618528E6A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B59800C-3294-4762-B428-7AAB7CF87E38}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FFC2A051-DC85-4132-A020-C7E560B397BB}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [uDP Query User{F53115E1-A187-47F8-A2F4-49D34785DC3F}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{5F33CD5C-2989-4D86-AFB2-D0C05FC97A76}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{5D9FA35A-84A4-4F21-9C17-E806D5B81EDA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{68A3B3EE-3B10-4129-914B-7B3748FA076A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{51DFF687-9AB4-4084-85FC-1863EE26E16C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5CA52D86-AC0B-44E9-971E-F50208E6AF81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BF025D0-BB48-474E-A0F0-E59EC988E700}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05B766A2-6740-470E-8764-FA30AF33A2AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43D8058C-EA0A-4789-B16F-1310E5155D6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68C57866-1514-4F7F-BFF8-31F21B0CC642}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{46745878-2973-4D5E-854E-FF973C3D02F5}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [uDP Query User{039CFD40-7737-45D6-886E-9F7F699D231C}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{19788505-C69A-440F-B2F2-000E0BDD4FF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CF78F15-6003-4AC5-ACA8-E84CC1B6B809}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9D8625F5-5A7D-4163-8A0F-E2C0738640F4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [uDP Query User{C164A4DC-AC0C-430D-B263-6A7353D21B14}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D725FF32-48C6-4E41-B8D4-0A3538B4E00A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (10/16/2015 11:22:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4969
 
Error: (10/16/2015 11:22:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4969
 
Error: (10/16/2015 11:22:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/16/2015 03:11:42 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x00002fbc
 
Error: (10/16/2015 03:11:41 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is  failed w/err 0x00000003
 
Error: (10/15/2015 11:33:27 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x0000330e
 
Error: (10/15/2015 11:33:27 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is  failed w/err 0x00000002
 
Error: (10/15/2015 05:16:28 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x0000312e
 
Error: (10/15/2015 05:16:28 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is  failed w/err 0x00000001
 
Error: (10/14/2015 01:00:29 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x00003372
 
 
Systeemfouten:
=============
Error: (10/14/2015 10:31:10 AM) (Source: Schannel) (EventID: 4116) (User: ARJUN)
Description: In het van de externe server ontvangen certificaat ontbreekt een naam die werd verwacht. Hierdoor is het onmogelijk om vast te stellen of er verbinding met de juiste server wordt gemaakt. De verwachte servernaam is autoupdate.geo.opera.com. De SSL-verbindingsaanvraag is mislukt. Het servercertificaat bevindt zich in de bijgesloten gegevens.
 
Error: (10/14/2015 10:31:10 AM) (Source: Schannel) (EventID: 4120) (User: ARJUN)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 43. De foutstatus van Windows SChannel is 552.
 
Error: (10/14/2015 10:31:01 AM) (Source: Schannel) (EventID: 4116) (User: ARJUN)
Description: In het van de externe server ontvangen certificaat ontbreekt een naam die werd verwacht. Hierdoor is het onmogelijk om vast te stellen of er verbinding met de juiste server wordt gemaakt. De verwachte servernaam is client.wns.windows.com. De SSL-verbindingsaanvraag is mislukt. Het servercertificaat bevindt zich in de bijgesloten gegevens.
 
Error: (10/14/2015 10:31:01 AM) (Source: Schannel) (EventID: 4120) (User: ARJUN)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 43. De foutstatus van Windows SChannel is 552.
 
Error: (10/13/2015 05:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De OKOControlSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (10/13/2015 05:19:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De CCSDK-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (10/13/2015 05:05:48 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xffffd00172fdab20, 0xffffd00172fdaa78, 0x0000000000000000)C:\windows\MEMORY.DMP101315-36859-01
 
Error: (10/13/2015 05:05:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 16:34:47 op ‎13-‎10-‎2015 is onverwacht gebeurd.
 
Error: (10/13/2015 04:08:43 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff800e47a4a3c, 0xffffd00023cf9548, 0xffffd00023cf8d50)C:\windows\MEMORY.DMP101315-42234-01
 
Error: (10/13/2015 04:08:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 15:50:21 op ‎13-‎10-‎2015 is onverwacht gebeurd.
 
 
CodeIntegrity:
===================================
  Date: 2015-05-01 03:37:42.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:37:42.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:33:24.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:33:23.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:22:33.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:22:32.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-01 03:21:32.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core i5-5200U CPU @ 2.20GHz
Percentage geheugen in gebruik: 68%
Totaal fysiek RAM-geheugen: 4011.08 MB
Beschikbaar fysiek RAM-geheugen: 1272.95 MB
Totaal Virtueel geheugen: 8107.08 MB
Beschikbaar Virtual geheugen: 4562.52 MB
 
==================== Schijven ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:422.81 GB) (Free:28.62 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.25 GB) NTFS
Drive e: () (Removable) (Total:14.91 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E0C6E1F3)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== Eind van Addition.txt ============================

 

Link to post
Share on other sites

  • Root Admin

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.