Plaats reactie
1
L.S.
Als ik in verkenner iets zocht en dan een bestand (b.v. foto) had geopend om te checken of het de juiste was bleef de verkenner vroeger open staan en kon ik zo nodig het volgende bestand proberen, maar sinds kort sluit de verkenner na openen van een bestand direct af zodat ik bij het zoeken van een volgend bestand weer van vooraf kan beginnen. (de hele boom langs gaan)
Zit er ergens een optie om dit te herstellen zodat de verkenner na het openen van een bestand zelf niet meteen afsluit?

Gerrit-B.
2
w10: dan altijd eerst de pc opnieuw laten opstarten bij dergelijke vage problemen.
en dat doe je zo: ga start / afsluiten klik op pijltje naast afsluiten zodat je de optie 'opnieuw opstarten ziet'. kies die optie!
nb: uitzetten en weer aanzetten heeft onder w10 niet hetzelfde effect als onder eerdere windowsversies: er wordt (om het aanzetten sneller te laten verlopen) een soort lichte slaapstand ingeschakeld, met als gevolg: staat er een bitje verkeerd, dan blijft het verkeerd staan. tot je dus de optie 'optie opnieuw opstarten' gebruikt, dan wordt windows echt uit het geheugen gewist en weer opnieuw maagdelijk gestart.
3
Falstring,
Bedankt voor je poging te helpen, maar het is niet gelukt. (Ik had er al weinig hoop op omdat ik net op vakantie geweest ben en toen de PC helemaal van de netstroom heb afgehaald. (het probleem was al voor de vakantie aanwezig en 14 dagen zonder stroom moet toch genoeg zijn om alle evt. restspanningen te laten verdwijnen)

Jammer, maar bedankt voor je bijdrage

Gerrit-B
4
zoals uitgelegd: uitzetten ( al of niet met loshalen van de stroom) is onder w10 niets anders dan een soort slaapstand.
jammer dat deze poging niet hielp, doorgaans verricht deze actie wonderen...
tijd wellicht voor een grondige scan van je pc door de experts hier. dat steek je zo aan de vork:
Download RSIT van de onderstaande locaties en sla deze op het bureablad op.
Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.
Dubbelklik op RSIT.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.
5
Dus als ik het goed begrijp wordt bij het uitzetten de huidige situatie opgeslagen met de daarin aanwezige fouten
hopelijk geeft de logfile wat info over de oorzaak van het probleem
alvast bedankt
Gerrit-B

Hieronder dan de logfile van RSIT64
Logfile of random's system information tool 1.10 (written by random/random)
Run by Gebruiker at 2017-02-22 18:00:08
Microsoft Windows 10 Home
System drive C: has 188 GB (79%) free of 238 GB
Total RAM: 8071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:14, on 22-2-2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WiFi Protector\wifiProtLauncher.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe
C:\Users\Gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\AlomWare\Actions\Actions.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Gebruiker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [AlomWare Actions] C:\AlomWare\Actions\Actions.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Chemtable Startup Checking - Unknown owner - C:\Program Files (x86)\Autorun Organizer\StartupCheckingService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe
O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12094 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\WINDOWS\System32\svchost.exe -k NetworkService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a6e70347-8f0f-43cf-87b9-5abaac54c4a8 -SystemEventPortName:HostProcess-0c245a80-f70e-4f22-a225-a7b881da0f54 -IoCancelEventPortName:HostProcess-0ee90cff-cf98-43ba-8071-8be3124e8656 -NonStateChangingEventPortName:HostProcess-0361afdb-b979-43e6-8117-cbb1cd8be429 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:fb9fd696-d781-470c-bfa4-509798cacb5c -DeviceGroupId:WpdFsGroup
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe"
C:\WINDOWS\system32\AUDIODG.EXE 0x35c
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d9c03fd3-6896-4873-9d9f-6ebead8d672c -SystemEventPortName:HostProcess-0993ed43-d0bf-4368-8074-cdd0cd1bea2a -IoCancelEventPortName:HostProcess-536ba7ce-7ebf-4d67-a8e1-0e1d93219b6c -NonStateChangingEventPortName:HostProcess-53824ce9-d4d7-41f4-ba5f-181113b07448 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8c630c1b-c27c-4d70-bc08-fb5f97b72080 -DeviceGroupId:WudfDefaultDevicePool
"" "--start" "--register_port" "--address" "127.0.0.1" "--port" "49331" "--pause_on_user_switching" "--depend_on_key" "SYSTEM\CurrentControlSet\Services\ESRV_SVC_WILLAMETTE" "--depend_on_value" "run" "--time_in_ms" "--pause" "5000" "--library" "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll" "--no_pl" "--watchdog" "10" "--watchdog_cpu_usage_limit" "50" "--end_on_error" "--kernel_priority_boost" "--shutdown_priority_boost" "--device_options" " time=no output=no output_folder='C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData\userlogs' limit_output_by=time output_limit=3600000 output_buffer=1024 il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll' "
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\WiFi Protector\wifiProtLauncher.exe" --launched-by-launcher
"C:\Program Files\BOINC\boinctray.exe"
"C:\Program Files\BOINC\boincmgr.exe" /a /s
"C:\Program Files\BOINC\boinc.exe" --redirectio --launched_by_manager
\??\C:\WINDOWS\system32\conhost.exe 0x4
projects/csgrid.org_csg/exact_client_0.15_windows_x86_64__windows_min.exe --samples_file samples.bin --genome_file input_genome.txt --output_file output_genome.txt --checkpoint_file checkpoint.txt
\??\C:\WINDOWS\system32\conhost.exe 0x4
projects/csgrid.org_csg/exact_client_0.15_windows_x86_64__windows_min.exe --samples_file samples.bin --genome_file input_genome.txt --output_file output_genome.txt --checkpoint_file checkpoint.txt
\??\C:\WINDOWS\system32\conhost.exe 0x4
projects/csgrid.org_csg/exact_client_0.15_windows_x86_64__windows_min.exe --samples_file samples.bin --genome_file input_genome.txt --output_file output_genome.txt --checkpoint_file checkpoint.txt
\??\C:\WINDOWS\system32\conhost.exe 0x4
projects/csgrid.org_csg/exact_client_0.15_windows_x86_64__windows_min.exe --samples_file samples.bin --genome_file input_genome.txt --output_file output_genome.txt --checkpoint_file checkpoint.txt
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Autorun Organizer\StartupCheckingService.exe"
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
C:\WINDOWS\system32\DbxSvc.exe
"C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe" "--AUTO_START" "--start" "--address" "127.0.0.1" "--port" "49330" "--depend_on_key" "SYSTEM\CurrentControlSet\Services\ESRV_SVC_WILLAMETTE" "--depend_on_value" "run" "--time_in_ms" "--pause" "5000" "--library" "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll" "--no_pl" "--watchdog" "10" "--watchdog_cpu_usage_limit" "50" "--end_on_error" "--kernel_priority_boost" "--shutdown_priority_boost" "--device_options" " time=no output=w output_folder='C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData' limit_output_by=time output_limit=3600000 output_buffer=1024 il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll','process_input_options.txt' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll','service=yes' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll','pause=60000 working_dir=C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData override_existing_tracing=no limit_output_by_filesize_mb=10' os='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\os_counters.txt' "
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe
"C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --service-launch
"C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe"
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --service-launch
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\TrayPopupE\TrayTipAgentE.exe"
"C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe"
C:\Users\Gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe /noshow
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Secunia\PSI\psi_tray.exe"
C:\AlomWare\Actions\Actions.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
explorer.exe
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 640 644 652 8192 648
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "viewtopic.php?f=366&t=20684&e=1&view=unread#unread"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="7448.0.1173318298\1826108714" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser"  7448 "\\.\pipe\gecko-crash-server-pipe.7448" tab
"C:\Users\Gebruiker\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe  /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\6msq19h1.default

prefs.js - "browser.startup.homepage" -  "http://simpelezoekhulp.nl/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20 571456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20 234560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23 184488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 6149288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23 4452504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-07 8497368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-24 1517280]
"CyberGhost"=C:\Program Files\CyberGhost 6\CyberGhost.exe /autostart /min []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-06 9288408]
"AlomWare Actions"=C:\AlomWare\Actions\Actions.exe [2016-07-23 1006592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-22 18:00:08 ----D---- C:\rsit
2017-02-22 18:00:08 ----D---- C:\Program Files\trend micro
2017-02-22 12:23:56 ----D---- C:\Users\Gebruiker\AppData\Roaming\fotofabriekSoftware
2017-02-22 12:23:56 ----D---- C:\ProgramData\CodedColor Common
2017-02-22 12:22:24 ----D---- C:\ProgramData\fotofabriekSoftware
2017-02-20 10:37:33 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2017-02-20 10:37:22 ----D---- C:\Program Files (x86)\Java
2017-02-20 10:37:01 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-64.dll
2017-02-20 10:35:41 ----A---- C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-20 10:35:31 ----D---- C:\Program Files\Java
2017-02-19 09:14:29 ----D---- C:\Program Files (x86)\FOXIT SOFTWARE
2017-02-18 13:59:35 ----D---- C:\Users\Gebruiker\AppData\Roaming\dvdcss
2017-02-07 05:38:06 ----A---- C:\WINDOWS\system32\drivers\dbx-stable.sys
2017-02-07 05:38:06 ----A---- C:\WINDOWS\system32\drivers\dbx-dev.sys
2017-02-07 05:38:06 ----A---- C:\WINDOWS\system32\drivers\dbx-canary.sys
2017-02-07 05:38:06 ----A---- C:\WINDOWS\system32\DbxSvc.exe
2017-02-01 09:14:46 ----ASH---- C:\swapfile.sys
2017-02-01 09:14:46 ----ASH---- C:\pagefile.sys
2017-01-28 10:36:48 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-01-26 10:31:13 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-26 10:31:13 ----A---- C:\WINDOWS\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2017-02-22 18:00:08 ----RD---- C:\Program Files
2017-02-22 17:59:57 ----D---- C:\WINDOWS\Temp
2017-02-22 17:57:39 ----D---- C:\WINDOWS\System32
2017-02-22 17:57:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 17:54:48 ----D---- C:\ProgramData\BOINC
2017-02-22 17:53:17 ----D---- C:\WINDOWS\Prefetch
2017-02-22 17:53:08 ----AD---- C:\Program Files (x86)\WiFi Protector
2017-02-22 17:53:07 ----D---- C:\ProgramData\boost_interprocess
2017-02-22 17:52:32 ----D---- C:\WINDOWS\system32\SleepStudy
2017-02-22 13:24:36 ----D---- C:\WINDOWS\system32\config
2017-02-22 13:23:00 ----D---- C:\WINDOWS\system32\sru
2017-02-22 12:42:16 ----D---- C:\WINDOWS\WinSxS
2017-02-22 12:42:16 ----D---- C:\WINDOWS\SysWOW64
2017-02-22 12:42:14 ----D---- C:\WINDOWS\system32\catroot2
2017-02-22 12:42:12 ----D---- C:\WINDOWS\CbsTemp
2017-02-22 12:23:56 ----HD---- C:\ProgramData
2017-02-22 11:34:38 ----HD---- C:\Program Files\WindowsApps
2017-02-22 11:04:36 ----D---- C:\WINDOWS\AppReadiness
2017-02-21 21:56:55 ----RD---- C:\WINDOWS\Microsoft.NET
2017-02-20 19:20:24 ----D---- C:\Users\Gebruiker\AppData\Roaming\BitTorrent
2017-02-20 10:37:37 ----SHD---- C:\WINDOWS\Installer
2017-02-20 10:37:22 ----RD---- C:\Program Files (x86)
2017-02-20 10:37:17 ----SHD---- C:\System Volume Information
2017-02-20 10:34:20 ----AD---- C:\Program Files (x86)\Calibre2
2017-02-20 10:31:27 ----D---- C:\WINDOWS\system32\Macromed
2017-02-20 10:31:25 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-02-20 10:31:01 ----D---- C:\Windows
2017-02-19 09:41:01 ----D---- C:\ProgramData\CanonIJPLM
2017-02-19 09:14:49 ----D---- C:\ProgramData\Foxit Software
2017-02-19 09:14:20 ----D---- C:\ProgramData\Foxit ContentPlatform
2017-02-19 08:41:25 ----D---- C:\WINDOWS\system32\NDF
2017-02-18 14:21:12 ----D---- C:\Users\Gebruiker\AppData\Roaming\vlc
2017-02-18 09:00:53 ----D---- C:\WINDOWS\LiveKernelReports
2017-02-18 08:31:16 ----D---- C:\WINDOWS\INF
2017-02-18 08:06:50 ----D---- C:\WINDOWS\system32\Tasks
2017-02-18 08:06:05 ----D---- C:\Program Files (x86)\Google
2017-02-18 08:06:00 ----D---- C:\Program Files (x86)\Dropbox
2017-02-18 08:05:52 ----D---- C:\WINDOWS\system32\drivers
2017-02-06 20:48:07 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2017-01-30 08:16:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 18:16:51 ----D---- C:\Program Files\McAfee Security Scan
2017-01-28 20:54:00 ----D---- C:\WINDOWS\SoftwareDistribution
2017-01-28 16:28:00 ----D---- C:\ProgramData\SoftMaker
2017-01-28 15:14:42 ----D---- C:\Users\Gebruiker\AppData\Roaming\AIMP
2017-01-27 09:14:04 ----D---- C:\Program Files\MultiCommander (x64)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2016-12-20 84616]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2015-07-29 1462720]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 pwdrvio;pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [2013-09-30 19152]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-12-20 262792]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-12-20 197248]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2016-12-20 208520]
R1 EpfwLWF;@oem19.inf,%EpfwLWF_Desc%;ESET Personal Firewall; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2016-12-20 61568]
R1 epp;epp; \??\C:\EEK\bin64\epp.sys [2016-06-30 116944]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2016-12-20 153216]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 BazisVirtualCDBus;@oem36.inf,%dev.SVCDESC%;WinCDEmu Virtual Bus Driver; C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [2015-09-28 172376]
R3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [2016-11-01 11033056]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-07-07 4514008]
R3 IntcDAud;@oem38.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-09-16 821224]
R3 iwdbus;@oem12.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-07 39920]
R3 MEIx64;@oem7.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-07-28 184608]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys [2016-02-02 18456]
R3 rt640x64;@oem25.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-10 935168]
R3 semav6msr64;semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [2015-06-04 21984]
R3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
R3 tapwp01;@oem35.inf,%DeviceDescription%;TAP-Windows Adapter V9 (WiFi Protector); C:\WINDOWS\System32\drivers\tapwp01.sys [2014-12-11 40664]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-06-23 15488]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 asmthub3;@oem5.inf,%asmthub3_ServiceDescription%;ASMedia USB3 Hub Service; C:\WINDOWS\System32\drivers\asmthub3.sys [2015-09-17 149240]
S3 asmtxhci;@oem4.inf,%asmtxhci_ServiceDescription%;ASMEDIA XHCI Service; C:\WINDOWS\System32\drivers\asmtxhci.sys [2014-10-24 428760]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 dbx;dbx; C:\WINDOWS\system32\DRIVERS\dbx.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\syswow64\epmntdrv.sys [2016-07-14 19960]
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\syswow64\EuGdiDrv.sys [2016-07-11 10208]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2016-07-21 26192]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-10-01 73568]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 intaud_WaveExtensible;@oem10.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-07 51704]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-09-30 12504]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 tap0901;@oem39.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\tap0901.sys [2016-04-21 27136]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 CDPUserSvc_24bfa;CDPUserSvc_24bfa; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 Chemtable Startup Checking;Chemtable Startup Checking; C:\Program Files (x86)\Autorun Organizer\StartupCheckingService.exe [2016-10-11 9501024]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DbxSvc;DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [2017-02-07 46400]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-12-20 2770312]
R2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-06-08 416408]
R2 FoxitReaderService;Foxit Reader Service; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [2016-12-29 1659592]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-07-27 18856]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [2016-11-01 341984]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-06-28 84616]
R2 OneSyncSvc_24bfa;Host synchroniseren_24bfa; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2016-02-02 1570520]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2016-02-02 837848]
R2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-06-08 117400]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [2016-11-01 301536]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PimIndexMaintenanceSvc_24bfa;Contact Data_24bfa; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 dbupdate;Dropbox-update-service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-14 143144]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-20 270936]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [2016-11-01 480224]
S3 dbupdatem;Dropbox-update-service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-14 143144]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [2017-01-19 329480]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_24bfa;MessagingService_24bfa; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-10-01 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S4 DiagTrack;Connected User Experiences and Telemetry; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------
7
Geeft niets, 2e plaatsing is verwijderd.
Zodra een malware / virus expert online is, wordt u verder geholpen.
met vriendelijke groet, iEscape
born to be free is the way to freedom

Afbeelding
8
Welkom,

Post ook het bestand C:\RSIT\info.txt als bijlage.
Member of UNITE (Unified Network of Instructors and Trusted Eliminators.)
9
Hallo Peter
heb vanmiddag malwarebytes en EST laten scannen
Ik weet niet of dat invloed heeft en heb daarom nogmaals RSIT "gedraaid".

De Log en indo staan nu als bijlage
log1.txt
log1.txt
log1.txt
info.txt
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
10
heb vanmiddag malwarebytes en EST laten scannen
Het is niet verstandig andere tools te gebruiken dan aangegeven. Dit kan verwarrend zijn.
Hebben 'Malwarebytes' en 'Eset' iets gevonden dan wel verwijdert ?

Download de Afbeelding Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links:
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)

Dubbelklik op FRST.exe dan wel FRST64.exe om de tool te starten.
Als het programma is geopend klik Yes (Ja) bij de disclaimer.
Druk op de knop Scannen.
Na de scan worden 2 logbestanden gemaakt, "FRST.txt" en "Addition.txt" op dezelfde plaats vanwaar de 'tool' is gestart.
Voeg deze 2 logbestanden als bijlage toe aan je volgend bericht.
Member of UNITE (Unified Network of Instructors and Trusted Eliminators.)
11
Hallo Peter,

in principe laat ik Malwarebytes en Eset wekelijks alles scannen en ik zag geen reden dat nu niet te doen, vandaar...
Malwarebytes vond gisteren niets, Eset heeft 2 dingen verwijderd uit oude bestanden (vermoedelijk voortschrijdend inzicht en werd dit eerder niet als verdacht gezien en nu wel)

Ik heb volgens je advies Farbar64 laten scannen en de bijlage staan hierbij.

Overigens is het probleem nog niet opgelost en ik vraag me af of het een Malwarekwestie is of dat ik een istelling heb gewijzigd die ik niet meer terug kan vinden

m.v.g.
Gerrit-B
FRST.txt
Addition.txt
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
12
Komt de gebruikersnaam 'srpsxjskoaa' voor je Windows je bekend voor ?

Stap 1:
Sluit alle openstaande programma's.
De-installeer via Configuratiescherm - Programma's en onderdelen:
  • McAfee Security Scan Plus
Herstart de computer.

Stap 2:
We gaan de Afbeelding Farbar Recovery Scan Tool opnieuw gebruiken.
  • Download de bijlage fixlist.txt naar de map, waar ook FRST.exe aanwezig is.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met FRST.
  • Dubbelklik op FRST.exe om de tool te starten.
  • Druk op de knop Fixen.
  • Na de fix wordt een logbestand gemaakt (Fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand als bijlage toe aan je volgend bericht.
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
Member of UNITE (Unified Network of Instructors and Trusted Eliminators.)
13
PeterJ
Sorry dat ik nu pas reageer, maar ik heb op een of andere manier je bericht van 25 feb gemist en ben net pas gaan checken of er een reactie was.

ik heb Mcafee security scan geinstalleerd en laten scannen. Moet ik deae ook laten fixen?

ik heb fixlst.txt bij FRST gezet, de beveiliging uitgeschakeld, FRST gestart en laten fixen. Het programma wordt afgebroken
knipsel..pdf
er is wel een fixlog gemaakt, maar of dat volledig is?
Fixlog.txt
Hopelijk kuntu hier wat mee, want het probleem is nog niet opgelost.

m.v.g.
Gerrit-B
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
14
ik heb Mcafee security scan geinstalleerd en laten scannen. Moet ik deae ook laten fixen?
Die had je al en kan je verwijderen.

We kijken verder.

Stap 1:
Download Afbeelding AdwCleaner (by Malwarebytes) naar je bureaublad.
Sluit alle openstaande programma's.
Rechtsklik op AdwCleaner en klik op 'Als administrator uitvoeren...'.

Klik op Scannen.
Na het scannen, klik op Verwijderen.
In het venster '- AdwCleaner – Programma's sluiten -' klik op OK.

Tijdens de opruim-actie zullen de snelkoppelingen verdwijnen, dit is normaal.
Na het verwijderen verschijnen 2 meldingen:
In het venster '- AdwCleaner – Informatie -' klik op OK.
In het venster '- AdwCleaner – Herstart -' klik op OK.

Nadat de computer herstart is, opent een logbestand.
Sluit het logbestand.
Post het bestand C:\AdwCleaner\AdwCleaner[C0].txt als bijlage in je volgend bericht.

Stap 2:
Rechtsklik op Start en klik op Opdrachtprompt (administrator).
Er verschijnt een zwart venster. Typ daarin CHKDSK en druk op de enter-toets.
Wacht nu geduldig tot CHKDSK klaar is.

Na het scannen:
Download ListChkdskResult.exe by SleepyDude en bewaar het op je bureaublad.
Rechtsklik op Afbeelding ListChkdskResult.exe en klik op Als administrator uitvoeren. De tool doorzoekt nu de computer en zal een tekstbestand tonen. Dit tekstbestand wordt tevens opgeslagen als ListChkdskResult.txt op je bureaublad.
Post dit tekstbestand als bijlage in je volgend bericht.
Member of UNITE (Unified Network of Instructors and Trusted Eliminators.)
15
Bedankt voor je reactie

Ik heb de acties uitgevoerd en doe hierbij de beide logjes
Adwcleaner
AdwCleaner[C0].txt
en Listchkdskresult
ListChkdskResult.txt
hopelijk kom je hier verder mee
alvast bedankt

Gerrit-B
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
Plaats reactie

Maak een account aan of log in om deel te nemen aan de discussie

Je moet lid zijn om een ​​reactie te kunnen plaatsen

Maak een account aan

Geen lid? Registreer om lid te worden van onze community
Leden kunnen hun eigen onderwerpen starten en zich abonneren op onderwerpen
Het is gratis en duurt maar een minuut

Registreer

Log in

Gebruikersnaam
Wachtwoord

Terug naar “Hulp bij malware problemen, adware, ongewenste software en een trage computer”