Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

returning malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Highfive0980

Highfive0980

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 10 November 2015 - 01:52 PM

Hello everyone,

 

I have some maleware on my laptop. I already ran MBAM and it found several infections. I removed all of them and the problem (pop-ups and internet browser hijack) seemed to be gone, but after one day the problems returned. Who can help me get rid of this malware. Below my HiJackThis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:39:47, on 10-11-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 42.0 (x86 nl)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Eigenaar\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify] "C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LsvUIService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11321 bytes
 

 

Thanks in advance!

 

Greetings Highfive0980



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 11 November 2015 - 01:03 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Highfive0980

Highfive0980
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 12 November 2015 - 02:36 AM

Hello Deeprybka,

 

Thanks for your reply. Below both logs:

 

 

FRST.txt

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:07-11-2015
Gestart door Eigenaar (Beheerder) op LENOVO-PC (12-11-2015 08:30:07)
Gestart vanaf C:\Users\Eigenaar\Downloads
Geladen Profielen: Eigenaar (Beschikbare Profielen: Eigenaar)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: FF)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe


==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2013-12-23] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-06-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-06-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Run: [Google Update] => C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-18] (Google Inc.)
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Run: [Spotify Web Helper] => C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-28] (Spotify Ltd)
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Run: [Spotify] => C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-28] (Spotify Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 8.8.4.4
Tcpip\..\Interfaces\{A4287078-AB7D-44B4-8D8E-31CC6FCE5588}: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{ACEA03C9-4198-4F89-9F5A-B0E515784B93}: [DhcpNameServer] 192.168.2.254 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-03-01] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-01] (DVDVideoSoft Ltd.)
Toolbar: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Geen bestand

FireFox:
========
FF ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\t183evwc.default
FF NewTab: hxxps://search.protectedio.com/?u=0faf50f19233d49df05562f02802a747&c=p1&src=hp&inst=1447087628
FF Homepage: hxxp://www.google.nl/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Eigenaar\Pictures\Nieuwe map\Picasa3\npPicasa3.dll [Geen bestand]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3424864366-1767512835-1974845031-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3424864366-1767512835-1974845031-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

==================== Services (gefilterd) ========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [Bestand niet getekend]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-06-01] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-06-01] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [Bestand niet getekend]

===================== Drivers (gefilterd) ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-10-18] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 kf1avs; C:\Windows\System32\Drivers\kf1avs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 kf1usb_svc; C:\Windows\System32\Drivers\kf1usb.sys [47696 2011-09-15] (Native Instruments GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9101016 2013-12-23] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-27] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-18] (Duplex Secure Ltd.)
S3 ta10avs; C:\Windows\System32\Drivers\ta10avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 ta10usb_svc; C:\Windows\System32\Drivers\ta10usb.sys [83304 2012-12-18] (Native Instruments GmbH)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-11-12 08:30 - 2015-11-12 08:30 - 00016947 _____ C:\Users\Eigenaar\Downloads\FRST.txt
2015-11-12 08:29 - 2015-11-12 08:30 - 00000000 ____D C:\FRST
2015-11-12 08:29 - 2015-11-12 08:29 - 02198528 _____ (Farbar) C:\Users\Eigenaar\Downloads\FRST64.exe
2015-11-12 08:28 - 2015-11-12 08:28 - 01702400 _____ (Farbar) C:\Users\Eigenaar\Downloads\FRST.exe
2015-11-11 12:16 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 12:16 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 12:16 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 12:16 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 12:16 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 12:16 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 12:16 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 12:16 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 12:16 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 12:16 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 12:16 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 12:16 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 12:16 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 12:16 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 12:16 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 12:16 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 12:16 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 12:16 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 12:16 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 12:16 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 12:16 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 12:16 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 12:16 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 12:16 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 12:16 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 12:16 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 12:16 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 12:16 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 12:16 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 12:16 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 12:16 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 12:16 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 12:16 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 12:16 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 12:16 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 12:16 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 12:16 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 12:16 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 12:16 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 12:16 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 12:16 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 12:16 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 12:16 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 12:16 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 12:16 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 12:16 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 12:16 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:16 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 12:16 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 12:16 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 12:16 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 12:16 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 12:16 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:16 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:16 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:16 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 12:16 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 12:16 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 12:16 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 12:16 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 12:16 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 12:16 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 12:16 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 12:16 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 12:16 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 12:16 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 12:16 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 12:16 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 12:16 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 12:16 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 12:16 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 12:16 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 12:16 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 12:16 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 12:16 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 12:16 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-11 12:16 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 12:16 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-10 19:39 - 2015-11-10 19:39 - 00011323 _____ C:\Users\Eigenaar\Downloads\hijackthis.log
2015-11-10 19:22 - 2015-11-10 19:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eigenaar\Downloads\HijackThis.exe
2015-11-09 20:41 - 2015-11-11 15:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-31 15:57 - 2015-11-09 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-31 15:56 - 2015-10-31 16:21 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-31 15:56 - 2015-10-31 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-31 15:56 - 2015-10-31 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-31 15:56 - 2015-10-31 15:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-31 15:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-31 15:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-31 15:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-31 15:51 - 2015-10-31 15:51 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Eigenaar\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-10-21 13:54 - 2015-11-11 15:14 - 00016302 _____ C:\Windows\PFRO.log
2015-10-21 04:46 - 2015-10-21 04:46 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nkzvnxnl.sys
2015-10-18 21:33 - 2015-06-19 18:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-10-18 21:32 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-18 21:32 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-18 21:32 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-18 21:32 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-18 21:32 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-18 21:32 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-18 21:32 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-18 21:32 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-18 21:32 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-18 21:32 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-18 21:32 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-18 21:32 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-18 21:32 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-18 21:32 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-18 21:32 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-18 21:32 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-18 21:32 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-18 21:32 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-18 21:32 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-18 21:32 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-18 21:32 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-18 21:32 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-18 21:32 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-18 21:32 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-18 21:32 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-18 21:32 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-18 21:32 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-18 21:32 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-18 21:32 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-18 21:32 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-10-18 21:32 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-10-18 21:32 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-18 21:32 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-10-18 21:32 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-10-18 21:32 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-10-18 21:32 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-18 21:32 - 2015-07-22 15:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-18 21:32 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-10-18 21:32 - 2015-07-22 15:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-18 21:32 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-10-18 21:32 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-10-18 21:32 - 2015-07-22 14:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-10-18 21:32 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-10-18 21:32 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-10-18 21:32 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-10-18 21:32 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-10-18 21:32 - 2015-07-17 15:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-10-18 21:32 - 2015-07-17 15:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-18 21:32 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-10-18 21:32 - 2015-07-10 20:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-10-18 21:32 - 2015-07-09 17:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-10-18 21:32 - 2015-06-27 12:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-18 21:31 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-18 21:31 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-18 21:31 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-18 21:31 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-18 21:31 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-18 21:31 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-18 21:31 - 2015-09-03 03:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-18 21:31 - 2015-09-03 03:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-18 21:31 - 2015-09-02 19:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-18 21:31 - 2015-09-02 18:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-18 21:31 - 2015-09-02 03:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-18 21:31 - 2015-09-02 03:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-18 21:31 - 2015-09-02 03:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-18 21:31 - 2015-09-02 03:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-18 21:31 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-18 21:31 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-18 21:31 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-18 21:31 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-18 21:31 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-18 21:31 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-18 21:31 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-10-18 21:11 - 2015-10-18 21:11 - 00000000 ____D C:\Users\Eigenaar\Desktop\Script

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-11-12 08:30 - 2014-06-01 11:33 - 01934040 _____ C:\Windows\WindowsUpdate.log
2015-11-12 08:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-11 16:37 - 2014-06-01 11:14 - 07185268 _____ C:\Users\Public\CAFADEBUG.log
2015-11-11 16:01 - 2014-10-14 10:08 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001UA.job
2015-11-11 15:18 - 2014-09-24 08:00 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F83AC72-16FA-4EDD-B1B7-D2918F1AD2F7}
2015-11-11 15:15 - 2015-08-24 17:58 - 00002724 _____ C:\Windows\setupact.log
2015-11-11 15:15 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-11 15:15 - 2013-08-22 15:44 - 00491920 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 15:14 - 2015-08-27 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 13:30 - 2014-06-01 11:42 - 00008704 _____ C:\Windows\system32\VfService.trf
2015-11-11 13:28 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-11 13:26 - 2014-10-13 04:12 - 00002262 ____H C:\Users\Eigenaar\Documents\Default.rdp
2015-11-11 13:08 - 2015-08-21 17:58 - 00040448 ___SH C:\Users\Eigenaar\Desktop\Thumbs.db
2015-11-11 13:02 - 2015-03-26 17:54 - 00183808 ___SH C:\Users\Eigenaar\Downloads\Thumbs.db
2015-11-11 12:36 - 2014-08-21 06:41 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3424864366-1767512835-1974845031-1001
2015-11-11 12:34 - 2014-10-18 15:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 12:34 - 2014-09-29 17:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-11 12:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 12:26 - 2014-08-21 07:24 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 12:24 - 2014-08-21 07:24 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 12:24 - 2013-08-22 14:25 - 00000196 _____ C:\Windows\win.ini
2015-11-10 19:18 - 2014-08-21 09:16 - 00000000 ___RD C:\Windows\BrowserChoice
2015-11-10 19:17 - 2014-08-21 06:34 - 00000000 ____D C:\Users\Eigenaar
2015-11-10 19:17 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-09 23:01 - 2014-10-14 10:08 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001Core.job
2015-11-09 17:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-06 01:58 - 2014-06-01 11:38 - 00807742 _____ C:\Windows\system32\perfh013.dat
2015-11-06 01:58 - 2014-06-01 11:38 - 00162706 _____ C:\Windows\system32\perfc013.dat
2015-11-06 01:58 - 2014-03-18 10:53 - 01826596 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 01:42 - 2014-12-24 01:09 - 00000000 ____D C:\Users\Eigenaar\AppData\Roaming\Skype
2015-11-06 00:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 12:54 - 2014-12-23 16:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-04 12:46 - 2015-05-14 10:34 - 00000000 ___RD C:\Users\Eigenaar\OneDrive
2015-11-04 12:46 - 2014-09-29 17:43 - 00003104 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3424864366-1767512835-1974845031-1001
2015-11-04 04:48 - 2015-07-03 20:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-03 01:23 - 2015-08-21 17:47 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2015-08-21 17:47 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 16:17 - 2015-04-21 14:13 - 00000000 ____D C:\Users\Eigenaar\AppData\Roaming\InetStat
2015-10-31 16:16 - 2014-11-22 05:20 - 00000000 ____D C:\ProgramData\APN
2015-10-30 22:13 - 2015-08-27 22:09 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-30 22:13 - 2015-08-27 22:09 - 00001125 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-30 22:13 - 2014-08-21 06:35 - 00001356 _____ C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-30 22:11 - 2015-04-14 22:34 - 00070144 _____ C:\Windows\SysWOW64\tasks.dll
2015-10-30 06:32 - 2014-09-29 17:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-30 02:14 - 2014-09-25 13:23 - 00000000 ____D C:\Users\Eigenaar\AppData\Local\CrashDumps
2015-10-28 04:06 - 2015-06-12 14:31 - 00000000 ____D C:\Users\Eigenaar\AppData\Roaming\Spotify
2015-10-28 04:06 - 2015-06-12 14:31 - 00000000 ____D C:\Users\Eigenaar\AppData\Local\Spotify
2015-10-26 20:00 - 2014-06-01 11:45 - 00000000 ____D C:\ProgramData\Energy Manager
2015-10-23 01:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-10-21 14:06 - 2015-04-07 15:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-21 13:51 - 2015-04-07 15:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-21 13:51 - 2014-12-15 20:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-21 13:51 - 2014-08-21 09:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-21 13:51 - 2014-03-18 10:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-21 13:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-18 22:00 - 2015-07-03 20:13 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-18 22:00 - 2015-07-03 20:13 - 00000982 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-18 21:56 - 2014-10-14 10:08 - 00004050 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001UA
2015-10-18 21:56 - 2014-10-14 10:08 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001Core
2015-10-18 21:06 - 2014-11-12 06:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Bestanden in de root van sommige mappen =======

2015-07-19 18:11 - 2015-07-19 18:11 - 0000000 _____ () C:\Users\Eigenaar\AppData\Roaming\8BB1.tmp
2015-04-13 21:11 - 2015-04-13 21:11 - 0000000 _____ () C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp
2015-07-31 17:38 - 2015-07-31 17:38 - 0000000 _____ () C:\Users\Eigenaar\AppData\Roaming\E79C.tmp
2015-04-21 14:13 - 2015-04-21 14:13 - 0009662 _____ () C:\Users\Eigenaar\AppData\Roaming\em_64x64.ico
2015-04-01 21:24 - 2015-04-01 21:24 - 3306636 _____ () C:\Users\Eigenaar\AppData\Local\package.nw.new
2014-06-01 11:14 - 2014-06-01 11:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Sommige bestanden in TEMP:
====================
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd5623FC810.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd562677030.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd56291A030.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd562AE9C00.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd562D71610.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd56303CB90.exe
C:\Users\Eigenaar\AppData\Local\Temp\GPUpd5632C55D0.exe


==================== Bamital & volsnap =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend


LastRegBack: 2015-11-09 17:52

==================== Eind van FRST.txt ============================

 

 

Addition.txt

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:07-11-2015
Gestart door Eigenaar (2015-11-12 08:31:32)
Gestart vanaf C:\Users\Eigenaar\Downloads
Windows 8.1 (X64) (2014-08-21 05:34:15)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3424864366-1767512835-1974845031-500 - Administrator - Disabled)
Eigenaar (S-1-5-21-3424864366-1767512835-1974845031-1001 - Administrator - Enabled) => C:\Users\Eigenaar
Gast (S-1-5-21-3424864366-1767512835-1974845031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3424864366-1767512835-1974845031-1003 - Limited - Enabled)

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

Adobe Reader XI (11.0.13) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Free Audio Converter version 5.0.59.525 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
Google Photos Backup (HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Dutch/Nederlands (HKLM-x32\...\Office15.OMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 nl)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.4.199 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.3.935 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.20.0239 - REALTEK Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0100-0413-0000-0000000FF1CE}_Office15.OMUI.nl-nl_{7675520D-65AA-4A7A-8967-4DCE7BF6D741}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0413-0000-0000000FF1CE}_Office15.OMUI.nl-nl_{D1933056-DC4F-437D-97DC-4A795BEF6A49}) (Version:  - Microsoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eigenaar\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Herstelpunten =========================


==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {05382625-FB2F-46D9-A188-E8A36C843816} - System32\Tasks\Internet Updater => C:\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe [2015-08-11] ()
Task: {169C38B5-3983-4AFD-A253-0BDD685B2E54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {20A232D4-D2FE-4F7C-91EF-A61FA080C858} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-30] (Microsoft Corporation)
Task: {252DB33E-2A84-4ABB-BE79-4EB1458E13B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {2867304E-910D-419D-BE15-01BACC5B634B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {36096F98-6680-429D-BC52-4E7AD9B6D3F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {4680FF4E-3D7C-4D6D-8BA9-16EB666033D9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {5375CEC0-FDB7-4A79-B64D-F29103F13911} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {5FE9363E-3E1A-4BCD-BF00-0E1DF2057C70} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {6A0BC238-CC21-42AC-AFD9-A85832C7A0E7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001Core => C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {6BDFB671-279A-47FC-B324-63D4C21E9A61} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-24] (Synaptics Incorporated)
Task: {767BB1CA-9F22-4E98-BEB8-070F0C312D9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001UA => C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {A9329524-F1E5-4B2A-980C-0E3E63440B42} - System32\Tasks\Malware Cleaner => C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe <==== AANDACHT
Task: {C3036ECD-B13C-4C98-9A47-E8098EB64297} - System32\Tasks\Windows Installer => C:\Users\Eigenaar\AppData\Local\Updater\winupd.exe <==== AANDACHT
Task: {C4251052-1C79-48CA-9C24-5D24D7AD159C} - System32\Tasks\Safesoft Security Job => C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe [2015-04-21] (Secure Updater) <==== AANDACHT
Task: {D05BD812-AB73-4A60-8249-299B0C81C53A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3424864366-1767512835-1974845031-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {DE65D778-5D1B-4205-87E2-F8D0CA304DFD} - \Megasoft Security Job -> Geen bestand <==== AANDACHT
Task: {DE8C6780-F9EE-4644-89C4-53641E94BAD5} - \AutoKMS -> Geen bestand <==== AANDACHT
Task: {E96D89E1-8180-4B7A-A31F-72F111EFC7FF} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {F872581C-A546-4F3B-AD44-FE76DF43519D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001Core.job => C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3424864366-1767512835-1974845031-1001UA.job => C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Geladen Modules (gefilterd) ==============

2014-09-29 17:37 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-01 11:40 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-01 11:42 - 2014-06-01 11:42 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-06-01 11:42 - 2014-06-01 11:42 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-30 06:22 - 2013-10-30 06:22 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 06:19 - 2013-10-30 06:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-30 06:26 - 2013-10-30 06:26 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-06-01 11:14 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-08-11 18:14 - 2015-08-11 18:14 - 00215928 _____ () C:\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe
2014-06-01 11:04 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Windows\system32\Drivers\nkzvnxnl.sys:changelist

==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: 192.168.2.254 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{46C8DB35-7653-48C7-943E-0B04DE66F014}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A33C4DF7-21A3-4D20-8439-87D91311B9BB}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{50CD9B68-EAA7-47FD-8B07-7384CF00DF66}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1A9458A1-2B8D-4EE6-B56D-08EA95F631CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5DE5A604-ADE9-45AA-B153-082B7637DAC0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{025A8FB5-36C8-4FA5-AEB4-6AB9ACFA0A0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{29B7D833-8120-42D3-AF6F-C48D614A5478}] => (Allow) C:\Users\Eigenaar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{AA7C6229-88B0-439E-97C0-D60118F0A81D}C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{4B73C1B4-A458-4159-8879-66806F2A2BBD}C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3B0B63A6-3F92-4834-84B1-DDA337B222B4}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{AB3312DD-A54A-4BF6-8C18-8480CD60B46F}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{268232A9-A976-4613-9026-27ADE294FBE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D5BA255-D176-48C7-B2EF-76341FF1E465}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AEFABBAE-7E08-4A51-AA3D-F68F9AE83854}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{57444CB2-C5DA-4F33-B7C0-4D422E5DB761}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B8482F37-AE09-4A3A-ABB6-6E827193C100}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{46C063E8-880C-4711-ABE7-4BD07B78CC56}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{B0031587-8EF6-4925-9A80-285097AA0A8C}C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{0D9FD88F-536B-48B7-AB09-659204BEAC05}C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eigenaar\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{8CCBD48A-D4A9-4711-8F0E-7CCD8E598388}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{519A6E16-E122-4FC9-A8BE-791D9743E418}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1BD0139D-497C-4D3D-8683-DAC03999386F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F7B8D3FF-4FFB-4B1B-B8B8-89C436026AC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D1D332E1-CC48-4218-B710-1DD44CF9E116}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{882C6CAA-C644-476A-9925-173D01DB092B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{CCFF48CE-8E8B-4B0C-ADF7-61D57549F262}C:\users\eigenaar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eigenaar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9529CCAF-52D8-4556-8016-22B2503A36AF}C:\users\eigenaar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eigenaar\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{51AF7206-1593-4696-8507-94856BCC4240}C:\users\eigenaar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eigenaar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A1065D06-98F5-469C-8907-D0EBC9A31802}C:\users\eigenaar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eigenaar\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D40C6F6A-0F29-4467-9562-461E45195775}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DE655D16-B748-488C-83FB-8AD4AC184329}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C9162A2B-D8EF-49A5-8BE6-FF52D7B7C365}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94574557-833B-4518-B47A-5D1A0DF5082C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{AB55EBCD-2622-4864-A64E-DCACB5E071F1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2CE54F37-6194-40FD-A162-C89A06583C4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B25A1100-046E-45AD-BA0D-F302B22D138F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F37E70A6-1346-45C1-9524-8F10C5733C21}] => (Allow) LPort=2869
FirewallRules: [{58A5ECCB-ADF7-4D41-ADAD-2E7582309C9F}] => (Allow) LPort=1900
FirewallRules: [{3B362CB3-9B78-42FC-BC07-20C6E8C497BB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C0872B17-5255-4984-B90C-10456A30D313}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1BFF62F-42EF-4176-B2CD-E20C5EA6BB11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23640A6F-3DC4-4C33-9E2D-39A30D1E5A5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E89F74F3-E72B-45EF-8128-89599A813D98}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{20D649FA-5E81-44E1-B900-CC305C962DF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CFDCEA33-10A6-4487-AE20-C0682A0247A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{188E0875-3A68-4968-8161-2ED1AE0EAE1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8D8D259-541F-43C0-B6B0-91FAB396BFBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Defecte Apparaatbeheer Apparaten =============


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (11/11/2015 03:26:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (11/11/2015 12:51:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (11/11/2015 12:39:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (11/11/2015 12:32:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:32:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:32:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:31:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:30:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:30:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).

Error: (11/11/2015 12:30:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Er kan geen herstelpunt worden gemaakt (proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding; beschrijving = Installatieprogramma voor Windows-modules; fout = 0x80070422).


Systeemfouten:
=============
Error: (11/11/2015 01:30:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Superfetch-service is gestopt met de volgende foutcode:
%%1062.

Error: (11/11/2015 12:52:48 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/11/2015 12:52:18 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/11/2015 12:40:02 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/11/2015 12:39:31 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/11/2015 12:37:57 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/11/2015 12:37:27 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/11/2015 12:21:01 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/11/2015 12:20:31 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/11/2015 09:01:58 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


CodeIntegrity:
===================================
  Date: 2015-11-11 08:16:34.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-09 17:54:22.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-04 12:54:21.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-04 12:54:21.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:59.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:59.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:59.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:58.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:58.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-31 05:12:58.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Geheugen info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage geheugen in gebruik: 58%
Totaal fysiek RAM-geheugen: 3988.27 MB
Beschikbaar fysiek RAM-geheugen: 1674.63 MB
Totaal Virtueel geheugen: 5972.27 MB
Beschikbaar Virtual geheugen: 3619.83 MB

==================== Schijven ================================

Drive c: (Windows8_OS) (Fixed) (Total:228.87 GB) (Free:144.41 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
Drive d: (My Volume) (Fixed) (Total:195.31 GB) (Free:193.74 GB) NTFS
Drive e: (LENOVO) (Fixed) (Total:25 GB) (Free:24.93 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4D07FE09)

Partition: GPT.

==================== Eind van Addition.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 12 November 2015 - 05:58 AM

Hello,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Users\Eigenaar\AppData\Roaming\Internet Updater
    Task: {05382625-FB2F-46D9-A188-E8A36C843816} - System32\Tasks\Internet Updater => C:\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe [2015-08-11] ()
    C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe 
    C:\Users\Eigenaar\AppData\Local\Updater
    C:\Program Files (x86)\Safesoft Security\
    Task: {A9329524-F1E5-4B2A-980C-0E3E63440B42} - System32\Tasks\Malware Cleaner => C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe 
    Task: {C3036ECD-B13C-4C98-9A47-E8098EB64297} - System32\Tasks\Windows Installer => C:\Users\Eigenaar\AppData\Local\Updater\winupd.exe 
    Task: {C4251052-1C79-48CA-9C24-5D24D7AD159C} - System32\Tasks\Safesoft Security Job => C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe [2015-04-21
    Task: {DE65D778-5D1B-4205-87E2-F8D0CA304DFD} - \Megasoft Security Job -> Geen bestand 
    Task: {DE8C6780-F9EE-4644-89C4-53641E94BAD5} - \AutoKMS -> Geen bestand 
    AlternateDataStreams: C:\Windows\system32\Drivers\nkzvnxnl.sys:changelist
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    Toolbar: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Geen bestand
    FF NewTab: hxxps://search.protectedio.com/?u=0faf50f19233d49df05562f02802a747&c=p1&src=hp&inst=1447087628
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

Step 4

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Highfive0980

Highfive0980
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 15 November 2015 - 04:14 AM

Thanks again Deeprybka,

 

Below you'll find the different logs:

 

Log from FRST:

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:07-11-2015
Gestart door Eigenaar (2015-11-12 19:41:19) Run:2
Gestart vanaf C:\Users\Eigenaar\Downloads
Geladen Profielen: Eigenaar (Beschikbare Profielen: Eigenaar)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
CloseProcesses:
C:\Users\Eigenaar\AppData\Roaming\Internet Updater
Task: {05382625-FB2F-46D9-A188-E8A36C843816} - System32\Tasks\Internet Updater => C:\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe [2015-08-11] ()
C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe
C:\Users\Eigenaar\AppData\Local\Updater
C:\Program Files (x86)\Safesoft Security\
Task: {A9329524-F1E5-4B2A-980C-0E3E63440B42} - System32\Tasks\Malware Cleaner => C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe
Task: {C3036ECD-B13C-4C98-9A47-E8098EB64297} - System32\Tasks\Windows Installer => C:\Users\Eigenaar\AppData\Local\Updater\winupd.exe
Task: {C4251052-1C79-48CA-9C24-5D24D7AD159C} - System32\Tasks\Safesoft Security Job => C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe [2015-04-21
Task: {DE65D778-5D1B-4205-87E2-F8D0CA304DFD} - \Megasoft Security Job -> Geen bestand
Task: {DE8C6780-F9EE-4644-89C4-53641E94BAD5} - \AutoKMS -> Geen bestand

AlternateDataStreams: C:\Windows\system32\Drivers\nkzvnxnl.sys:changelist
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
Toolbar: HKU\S-1-5-21-3424864366-1767512835-1974845031-1001 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Geen bestand
FF NewTab: hxxps://search.protectedio.com/?u=0faf50f19233d49df05562f02802a747&c=p1&src=hp&inst=1447087628
EmptyTemp:
*****************

Proces succesvol afgesloten.
"C:\Users\Eigenaar\AppData\Roaming\Internet Updater" => niet gevonden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05382625-FB2F-46D9-A188-E8A36C843816}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05382625-FB2F-46D9-A188-E8A36C843816}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Internet Updater => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Updater" => sleutel is succesvol verwijderd.
"C:\Users\Eigenaar\AppData\Roaming\9AE1.tmp.exe" => niet gevonden.
"C:\Users\Eigenaar\AppData\Local\Updater" => niet gevonden.
C:\Program Files (x86)\Safesoft Security => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9329524-F1E5-4B2A-980C-0E3E63440B42}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9329524-F1E5-4B2A-980C-0E3E63440B42}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Malware Cleaner => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3036ECD-B13C-4C98-9A47-E8098EB64297}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3036ECD-B13C-4C98-9A47-E8098EB64297}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Windows Installer => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Installer" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4251052-1C79-48CA-9C24-5D24D7AD159C}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4251052-1C79-48CA-9C24-5D24D7AD159C}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Safesoft Security Job => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safesoft Security Job" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE65D778-5D1B-4205-87E2-F8D0CA304DFD}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE65D778-5D1B-4205-87E2-F8D0CA304DFD}" => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Job => sleutel niet gevonden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DE8C6780-F9EE-4644-89C4-53641E94BAD5}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE8C6780-F9EE-4644-89C4-53641E94BAD5}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => sleutel is succesvol verwijderd.
C:\Windows\system32\Drivers\nkzvnxnl.sys => ":changelist" ADS is succesvol verwijderd..
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => sleutel is succesvol verwijderd.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel niet gevonden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde met succes hersteld
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel niet gevonden.
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde is succesvol verwijderd.
HKU\S-1-5-21-3424864366-1767512835-1974845031-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => waarde is succesvol verwijderd.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => sleutel niet gevonden.
Firefox "newtab" is succesvol verwijderd.
EmptyTemp: => 645.5 MB tijdelijke gegevens verwijderd.


Het systeem moest herstart worden.

==== Eind van Fixlog 19:41:30 ====

 

Log from AdwCleaner:

 

# AdwCleaner v5.019 - Logbestand aangemaakt 12/11/2015 op 19:51:54
# Laatste update 08/11/2015 door Xplode
# Database : 2015-11-09.1 [Server]
# Besturingssysteem : Windows 8.1  (x64)
# Gebruikersnaam : Eigenaar - LENOVO-PC
# Gestart vanuit : C:\Users\Eigenaar\Downloads\AdwCleaner.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum

***** [ Services ] *****


***** [ Mappen ] *****

[-] Map Verwijderd : C:\ProgramData\apn
[-] Map Verwijderd : C:\Users\Eigenaar\AppData\Local\Mindspark_Interactive_Net
[-] Map Verwijderd : C:\Users\Eigenaar\AppData\Roaming\InetStat
[-] Map Verwijderd : C:\Users\Eigenaar\AppData\Roaming\RHEng

***** [ Bestanden ] *****


***** [ DLLs ] *****


***** [ Snelkoppelingen ] *****


***** [ geplande taken ] *****


***** [ Register ] *****

[-] Sleutel Verwijderd : HKCU\Software\Classes\pokki
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\speedupmypc
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
[-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
[-] Sleutel Verwijderd : HKLM\SOFTWARE\SecureWebChannel
[-] Sleutel Verwijderd : HKLM\SOFTWARE\SecureWeb

***** [ Internetbrowsers ] *****


*************************

:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2195 bytes] ##########
 

 

Log from MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 12-11-15
Scantijd: 20:01
Logboekbestand:
Beheerder: Ja

Versie: 2.2.0.1024
Malware-database: v2015.11.12.04
Rootkit-database: v2015.11.04.02
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld

Besturingssysteem: Windows 8.1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Eigenaar

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 396906
Verstreken tijd: 27 min, 57 sec

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Diepgewortelde-rootkit scan: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

Processen: 0
(Geen kwaadaardige items gedetecteerd)

Modules: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)

Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Mappen: 0
(Geen kwaadaardige items gedetecteerd)

Bestanden: 0
(Geen kwaadaardige items gedetecteerd)

Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)


(end)

 

Log from ESET:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9c34b00d2ebba746b3017ad757f85f3f
# end=init
# utc_time=2015-11-12 09:47:48
# local_time=2015-11-12 10:47:48 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
Old modules - delete modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
'Can not update to actual engine, exiting
Update Init
Update Download
Update Finalize
Updated modules version: 26704
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9c34b00d2ebba746b3017ad757f85f3f
# end=updated
# utc_time=2015-11-13 10:47:54
# local_time=2015-11-13 11:47:54 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9c34b00d2ebba746b3017ad757f85f3f
# engine=26704
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-11-14 11:16:01
# local_time=2015-11-14 12:16:01 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 189858 11289331 0 0
# scanned=271412
# found=4
# cleaned=4
# scan_time=1687
sh=4084682CD226BDDE5159142701166F06625BA9C5 ft=1 fh=e760a85a6b979cab vn="Win32/UniBlue.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Eigenaar\AppData\Roaming\RHEng\25279C16DE6E447C8FBFE6CB7341AF0A\speedupmypc-NL-p2.exe.vir"
sh=27AD6308700DBB8293A27F3CFF534845D2368CA2 ft=1 fh=4f62ad115af5c0e8 vn="a variant of Win32/Techsnab.S potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Eigenaar\AppData\Roaming\Internet Updater\Internet Updater.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Eigenaar\Documents\100%NL - Office 2013 Professional Plus SP1 (Dutch Nederlands)\1. DAEMON Tools Lite\Daemon Tools Lite.exe"
sh=24F994036EEDAED64C127DC8C26E0DFC1D3F0F99 ft=1 fh=ef5d4a377440bb23 vn="a variant of Win32/Tasks.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\SysWOW64\tasks.dll"
 

 

Thanks in advance for your help and reply.

Greetings Highfive0980



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 15 November 2015 - 04:17 AM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Highfive0980

Highfive0980
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 15 November 2015 - 04:24 AM

All the problems I had seemed to be disappeared...

The last time (a weel ago) the problems returned after a couple of days, but for now everything seems to run smoothly.

Thanks for your help!

 

Greetings Highfive0980



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 15 November 2015 - 04:29 AM

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif (you can donate in your local currency)
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:




Java 8 Update 40



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Highfive0980

Highfive0980
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 17 November 2015 - 02:58 AM

All clean.

 

Thank you very much for your help!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 17 November 2015 - 03:53 AM

You are welcome. Take care.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 AM

Posted 17 November 2015 - 03:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users