Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed: possible infection system


  • This topic is locked This topic is locked
2 replies to this topic

#1 NeophyteSync

NeophyteSync

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 16 February 2017 - 01:04 PM

So, let me start of by saying hi to all.

 

And lets get to the matter at hand.

 

I have bought myself a Lenovo laptop, which I later found out had superfish installed on it, which I have removed several times now, every time my system becomes unstable and I get locked out, when I try to remove some of the leftovers.

I constantly have to reset and remove the malware again because my win8.1 OS its recovery fuctions dont work, and this is my only option, which then loads the bioskit/malware back into place...thus repeating the cycle.

 

I have done this with software as can be found bleeping computers.

 

Up until now I have been very busy trying to find work/education and havent had enough time to contact specialists like on this website, but at the moment, I've run into what possibly might be my 5th reset in 5 months, so I am asking you for help.

 

I believe that the current problem is probably malware or a combination settings/conflict software, why?:

-My system was running reasonable as usual after working for days ons superfish

-Dealing with high CPU and/or Disk usage; CPU is new in this.

-When do I deal with high CPU: when my av software is on

-When my browsers are used

-When other third party scans are used and my AV is turned off.

-I have been noticing weird referrals when typing in an adress in Firefox specifically.

 

I have tried several fixes and best practices to remedy the situation, but its difficult when your computer slows to a crawl.

Im far from being an expert or techy, so is there someone within your team who would and could help me figure this one out?

 

Right now my system is stable: used dism and SFC, as to make sure that I could at least contact you here.

 

Going to us

 

I would be very greatful.

 

Thank you

 

 

DDS was non-compatible So used Farbar

 

Here is my log:

 

canresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 15-02-2017 02
Gestart door FC (Beheerder) op FLUX-PC (16-02-2017 19:34:38)
Gestart vanaf C:\Users\FC\Downloads
Geladen Profielen: FC & Administrator & Gast (Beschikbare Profielen: FC & Administrator & Gast)
Platform: Windows 8.1 (Update) (X64) Taal: Dutch (Netherlands)
Internet Explorer Versie 11 (Standaardbrowser: IE)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sysinternals - www.sysinternals.com) C:\Users\FC\Downloads\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\FC\AppData\Local\Temp\PROCEXP64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

 

==================== Register (gefilterd) ====================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-12-23] (Realtek semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKU\S-1-5-21-346333861-451419202-3683234426-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-346333861-451419202-3683234426-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-346333861-451419202-3683234426-501\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON

 

==================== Internet (gefilterd) ====================

 

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{94462D6D-0D9E-4166-BFC4-EE8D17B94DB1}: [DhcpNameServer] 150.206.1.3
Tcpip\..\Interfaces\{97437FE0-ABD6-4177-A756-5429CD68A5E6}: [DhcpNameServer]

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps:/www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps:/www.google.com/
HKU\S-1-5-21-346333861-451419202-3683234426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
HKU\S-1-5-21-346333861-451419202-3683234426-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://www.msn.com/
HKU\S-1-5-21-346333861-451419202-3683234426-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?=ssl,cr
URLSearchHook: [S-1-5-21-346333861-451419202-3683234426-501] AANDACHT => Standaard URLSearchHook ontbreekt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-346333861-451419202-3683234426-1001 -> DefaultScope {2E6B19B2-FD19-4AAB-875F-A093F10A6A96} URL =
SearchScopes: HKU\S-1-5-21-346333861-451419202-3683234426-1001 -> {2E6B19B2-FD19-4AAB-875F-A093F10A6A96} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-15] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-16] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-15] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-01-15] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-346333861-451419202-3683234426-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-15] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-16] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\FC\AppData\Roaming\Mozilla\Firefox\Profiles\7sxfplvi.default [2017-02-16]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-01-15]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-16] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)

Chrome:

=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

 

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

 

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [318568 2014-08-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-12] (Lenovo(beijing) Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2017-01-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2017-01-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)

 

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

 

S3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 epp; c:\EEK\bin64\epp.sys [114968 2016-10-31] (Emsisoft Ltd)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-09-15] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2017-01-15] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-01-15] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2017-01-15] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9101016 2013-12-23] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2017-01-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2017-01-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2017-01-16] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

 

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

 

2017-02-16 19:23 - 2017-02-16 19:23 - 01887139 _____ C:\Users\FC\Desktop\Shortcut.txt
2017-02-16 19:23 - 2017-02-16 19:23 - 00021835 _____ C:\Users\FC\Desktop\Addition.txt
2017-02-16 19:22 - 2017-02-16 19:22 - 01887136 _____ C:\Users\FC\Downloads\Shortcut.txt
2017-02-16 19:22 - 2017-02-16 19:22 - 00065090 _____ C:\Users\FC\Desktop\FRST.txt
2017-02-16 19:20 - 2017-02-16 19:22 - 00021832 _____ C:\Users\FC\Downloads\Addition.txt
2017-02-16 19:19 - 2017-02-16 19:34 - 00016785 _____ C:\Users\FC\Downloads\FRST.txt
2017-02-16 19:18 - 2017-02-16 19:34 - 00000000 ____D C:\FRST
2017-02-16 18:35 - 2017-02-16 18:35 - 02422272 _____ (Farbar) C:\Users\FC\Downloads\FRST64.exe
2017-02-16 18:33 - 2017-02-16 18:33 - 00103912 _____ C:\Users\FC\Documents\Servicesmsc settings before changes troubleshooting 16022017 1831 #2.txt
2017-02-16 18:31 - 2017-02-16 18:31 - 00051955 _____ C:\Users\FC\Documents\Servicesmsc settings before changes troubleshooting 16022017 1831.txt
2017-02-16 17:06 - 2017-02-16 17:07 - 00000000 ____D C:\Users\FC\Downloads\wsusoffline1091
2017-02-16 15:02 - 2017-02-16 15:04 - 04015056 _____ C:\Users\FC\Downloads\adwcleaner_6.043 (1).exe
2017-02-15 22:19 - 2017-02-15 22:20 - 01143127 _____ C:\Users\FC\Documents\Info20170215220804.xml
2017-02-15 22:06 - 2017-02-16 19:15 - 00113626 _____ C:\WINDOWS\ntbtlog.txt
2017-02-15 22:02 - 2017-02-15 22:20 - 00000000 ____D C:\Users\FC\AppData\Local\NPE
2017-02-15 22:02 - 2017-02-15 22:02 - 00000000 ____D C:\ProgramData\Norton
2017-02-15 15:45 - 2017-02-15 15:45 - 00096575 _____ C:\Users\FC\Downloads\Persoonlijkheidstest_
2017-02-14 22:31 - 2017-02-14 22:32 - 47683808 _____ (Microsoft Corporation) C:\Users\FC\Downloads\Windows-KB890830-x64-V5.44.exe
2017-02-10 17:44 - 2017-02-10 17:44 - 00091878 _____ C:\Users\FC\Downloads\it-support-medewerker-met-opleidingstraject-pub116943.pdf
2017-02-09 21:53 - 2017-02-09 21:53 - 00568885 ____T C:\Users\FC\Documents\bla.oxps
2017-02-09 17:13 - 2017-02-09 21:09 - 00000000 ____D C:\Users\FC\Desktop\Sollicitaties algemeen
2017-02-09 16:56 - 2017-02-09 16:56 - 00020914 ____H C:\Users\FC\Documents\~WRL3166.tmp
2017-02-09 04:13 - 2017-02-09 04:13 - 00142744 _____ C:\Users\FC\Downloads\vtuploader2.2.exe
2017-02-09 03:21 - 2017-02-09 03:21 - 00000000 ____D C:\WINDOWS\pss
2017-02-09 01:31 - 2017-02-09 18:53 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak3
2017-02-08 23:48 - 2016-11-05 21:46 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-02-08 23:48 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-02-08 23:48 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2017-02-08 23:48 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-02-08 23:48 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-02-08 23:48 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-02-08 23:48 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2017-02-08 23:48 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2017-02-08 23:48 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2017-02-08 23:48 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2017-02-08 23:48 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-02-08 23:48 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-02-08 23:48 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-08 23:48 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-02-08 23:48 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-02-08 23:48 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2017-02-08 23:48 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-02-08 23:48 - 2016-10-05 14:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2017-02-08 23:48 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-02-08 23:48 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-02-08 23:48 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-02-08 23:48 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-02-08 23:48 - 2016-09-27 21:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-02-08 23:48 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-02-08 23:48 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2017-02-08 23:47 - 2017-02-08 23:47 - 02051429 _____ C:\Users\FC\Downloads\wsusoffline1091.zip
2017-02-08 23:39 - 2017-02-08 23:43 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak2
2017-02-08 23:28 - 2017-02-08 23:28 - 00000000 ____D C:\WINDOWS\SoftwareDistribution.old2
2017-02-08 22:31 - 2017-02-08 22:31 - 04015056 _____ C:\Users\FC\Downloads\adwcleaner_6.043.exe
2017-02-08 21:27 - 2017-02-15 01:15 - 00000000 ____D C:\EEK
2017-02-08 21:10 - 2017-02-08 21:11 - 55566792 _____ (Malwarebytes ) C:\Users\FC\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-08 13:27 - 2017-02-08 13:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-02 20:29 - 2017-02-02 20:29 - 00019793 _____ C:\Users\FC\Downloads\vacature(1).pdf
2017-02-02 20:25 - 2017-02-02 20:25 - 00019541 _____ C:\Users\FC\Downloads\vacature.pdf
2017-02-02 20:20 - 2017-02-02 20:20 - 02351109 _____ C:\Users\FC\Downloads\WERKkrant week 5 2017.pdf
2017-02-02 20:20 - 2017-02-02 20:20 - 01785419 _____ C:\Users\FC\Downloads\WERKkrant week 4 2017.pdf
2017-02-01 20:49 - 2017-02-01 20:49 - 00007597 _____ C:\Users\FC\AppData\Local\Resmon.ResmonCfg
2017-02-01 17:51 - 2017-02-01 17:52 - 03021104 _____ C:\Users\FC\Desktop\SGR Schoolgrammar full portfolio.pdf
2017-02-01 15:04 - 2017-02-01 15:11 - 00000000 ____D C:\Users\FC\Desktop\Werkwijze Wetgeving
2017-02-01 14:42 - 2016-05-17 21:00 - 01803651 _____ C:\Users\FC\Desktop\Lodewijk Asscher proefschrift communicatierecht grondrechten 24716.pdf
2017-02-01 14:34 - 2017-02-08 17:41 - 00000000 ____D C:\Users\FC\Desktop\Documenten sollicitatie voorlichter
2017-01-30 23:40 - 2017-01-30 23:40 - 02521206 _____ C:\Users\FC\Desktop\Summary of Comments on Rootkit Furunkel 4 totaal.pdf
2017-01-30 23:39 - 2017-01-30 23:40 - 00246523 _____ C:\Users\FC\Desktop\Summary of Comments on Symantec simpele uitleg van hetgeen ik ben tegen gekomen op me systeem tijdens de rootkit.pdf
2017-01-30 23:38 - 2017-01-30 23:38 - 00532975 _____ C:\Users\FC\Desktop\Symantec simpele uitleg van hetgeen ik ben tegen gekomen op me systeem tijdens de rootkit.pdf
2017-01-30 23:37 - 2017-01-30 23:37 - 02172273 _____ C:\Users\FC\Desktop\Summary of Comments on Andersoortige infecties naar aanleiding van rootkit destijds.pdf
2017-01-30 23:36 - 2017-01-30 23:36 - 00247047 _____ C:\Users\FC\Documents\Summary of Comments on Symantec simpele uitleg van hetgeen ik ben tegen gekomen op me systeem tijdens de rootkit.pdf
2017-01-30 13:19 - 2017-01-30 13:19 - 00000000 ____D C:\Users\FC\Documents\Canon
2017-01-30 13:18 - 2017-01-30 13:18 - 00000000 ___HD C:\ProgramData\CanonIJScan
2017-01-30 13:18 - 2017-01-30 13:18 - 00000000 ____D C:\Users\FC\AppData\Roaming\Canon
2017-01-30 00:25 - 2017-01-30 00:25 - 00219190 _____ C:\Users\FC\Documents\bookmarksfavoritesie.htm
2017-01-29 21:29 - 2017-01-29 21:29 - 02422304 _____ (Kaspersky Lab) C:\Users\FC\Downloads\kis17.0.0.611en_10780.exe
2017-01-29 21:29 - 2017-01-29 21:29 - 02422304 _____ (Kaspersky Lab) C:\Users\FC\Downloads\kis17.0.0.611en_10780(1).exe
2017-01-29 21:29 - 2017-01-29 21:29 - 00000968 _____ C:\Users\FC\Desktop\Install Kaspersky Internet Security version 17.0.0.611.lnk
2017-01-29 20:12 - 2017-01-29 20:12 - 00002290 _____ C:\Users\FC\Documents\cc_20170129_201243.reg
2017-01-29 18:50 - 2017-01-29 18:50 - 00540173 _____ C:\Users\FC\Downloads\Sigcheck (1).zip
2017-01-29 18:49 - 2017-01-29 18:49 - 07010138 _____ C:\Users\FC\Documents\FLUX-PC 1 1849 29012017.arn
2017-01-29 18:44 - 2017-01-29 18:44 - 01304400 _____ C:\Users\FC\Downloads\Autoruns.zip
2017-01-29 18:44 - 2017-01-29 18:44 - 00000000 ____D C:\Users\FC\Downloads\Autoruns
2017-01-29 18:43 - 2017-01-29 18:43 - 01932769 _____ C:\Users\FC\Downloads\ProcessExplorer (1).zip
2017-01-29 18:15 - 2017-01-29 18:15 - 00003224 _____ C:\WINDOWS\System32\Tasks\Process Explorer-FLUX-PC-FC
2017-01-29 18:11 - 2017-01-29 18:11 - 01932769 _____ C:\Users\FC\Downloads\ProcessExplorer.zip
2017-01-29 18:11 - 2017-01-29 18:11 - 00000000 ____D C:\Users\FC\Downloads\ProcessExplorer
2017-01-28 15:14 - 2017-01-28 15:14 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-28 15:13 - 2017-01-30 15:16 - 00000000 ____D C:\Users\FC\AppData\Roaming\Foxit Software
2017-01-28 15:13 - 2017-01-28 15:13 - 00001378 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-01-28 15:13 - 2017-01-28 15:13 - 00000000 ____D C:\Users\FC\AppData\Roaming\Foxit AgentInformation
2017-01-28 15:13 - 2017-01-28 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-01-28 15:13 - 2017-01-28 15:13 - 00000000 ____D C:\ProgramData\Foxit Software
2017-01-28 15:13 - 2017-01-28 15:13 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-01-28 15:13 - 2017-01-28 15:13 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2017-01-28 14:53 - 2017-01-28 15:09 - 54164800 _____ (Foxit Software Inc. ) C:\Users\FC\Downloads\FoxitReader82_enu_Setup_Prom.exe
2017-01-27 17:21 - 2017-01-27 17:16 - 06939620 _____ C:\Users\FC\Downloads\bijlage-5-bij-besluit-wob-verzoek-over-toolbox-extremisme.pdf
2017-01-27 17:21 - 2017-01-27 17:16 - 06939620 _____ C:\Users\FC\Documents\bijlage-5-bij-besluit-wob-verzoek-over-toolbox-extremisme.pdf
2017-01-26 03:04 - 2017-01-26 03:05 - 00053247 _____ C:\Users\FC\Downloads\herroepingsrecht.pdf
2017-01-23 22:03 - 2017-01-23 22:03 - 01802210 _____ C:\Users\FC\Downloads\WERKkrant week 3 2017.pdf
2017-01-23 22:03 - 2017-01-23 22:03 - 01248887 _____ C:\Users\FC\Downloads\WERKkrant week 1 2017.pdf
2017-01-23 22:03 - 2017-01-23 22:03 - 01097474 _____ C:\Users\FC\Downloads\WERKkrant Week 2 2017.pdf
2017-01-23 15:31 - 2017-01-23 16:00 - 00013085 ____H C:\Users\FC\Documents\~WRL2458.tmp
2017-01-23 12:17 - 2017-01-23 12:16 - 01459461 _____ C:\Users\FC\Documents\ZP_PerS_2.1.pdf
2017-01-23 11:35 - 2017-01-23 11:35 - 00056332 _____ C:\Users\FC\Downloads\DiagnoseDocument_client.pdf
2017-01-17 21:26 - 2017-01-17 21:26 - 01146936 _____ (Microsoft Corporation) C:\Users\FC\Downloads\wdksetup.exe
2017-01-17 21:18 - 2017-01-17 21:18 - 00000000 ____D C:\Users\FC\Downloads\PDF's Downloads
2017-01-17 21:17 - 2017-01-17 21:17 - 00000000 ____D C:\Users\FC\Downloads\Software Programs Downloads
2017-01-17 21:13 - 2016-09-09 23:14 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-01-17 21:13 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-01-17 21:13 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-01-17 21:13 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-01-17 21:13 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2017-01-17 21:13 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2017-01-17 21:13 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2017-01-17 21:13 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-01-17 21:13 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2017-01-17 21:13 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-01-17 21:13 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-01-17 21:13 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-01-17 21:13 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2017-01-17 21:13 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2017-01-17 21:13 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2017-01-17 21:13 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-01-17 21:13 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-01-17 21:13 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-01-17 21:13 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2017-01-17 21:13 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-01-17 21:13 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-01-17 21:13 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-01-17 21:13 - 2016-08-25 21:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-01-17 21:13 - 2016-08-25 20:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-01-17 21:13 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-01-17 21:13 - 2016-08-13 01:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2017-01-17 21:13 - 2016-08-13 01:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2017-01-17 21:13 - 2016-08-13 01:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2017-01-17 21:13 - 2016-08-13 01:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-01-17 21:13 - 2016-08-12 23:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2017-01-17 21:13 - 2016-08-12 23:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2017-01-17 21:13 - 2016-08-12 22:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-01-17 21:13 - 2016-08-12 22:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2017-01-17 21:13 - 2016-08-12 21:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-01-17 21:13 - 2016-08-12 02:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-01-17 21:13 - 2016-08-12 02:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-01-17 21:13 - 2016-08-11 19:33 - 00096256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2017-01-17 21:13 - 2016-08-11 19:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2017-01-17 21:13 - 2016-08-11 19:33 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2017-01-17 21:13 - 2016-08-11 18:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-01-17 21:13 - 2016-08-03 16:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-01-17 21:13 - 2016-08-03 16:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-01-17 21:13 - 2016-08-03 16:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-01-17 21:13 - 2016-08-03 16:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-01-17 21:13 - 2016-07-30 18:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2017-01-17 21:13 - 2016-07-30 17:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2017-01-17 21:13 - 2016-07-26 14:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2017-01-17 21:13 - 2016-07-26 14:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2017-01-17 21:13 - 2016-07-23 19:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-01-17 21:13 - 2016-07-23 19:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-01-17 21:13 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-01-17 21:13 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-01-17 21:13 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2017-01-17 21:05 - 2017-01-30 23:52 - 00000000 ____D C:\Users\FC\Desktop\Desktop cleanup 17-1-2017
2017-01-17 20:56 - 2017-01-17 20:56 - 00000000 ____D C:\Users\FC\Downloads\useful downloaded software
2017-01-17 20:15 - 2017-01-17 20:43 - 00000000 ____D C:\Users\FC\Downloads\Sigcheck
2017-01-17 20:15 - 2017-01-17 20:15 - 00540173 _____ C:\Users\FC\Downloads\Sigcheck.zip
2017-01-17 19:22 - 2017-01-17 19:22 - 03288504 _____ (Lenovo Inc.) C:\Users\FC\Downloads\Lenovo.SuperFishRemovalTool.exe
2017-01-17 01:25 - 2017-01-29 20:16 - 00000000 ____D C:\Users\FC\AppData\Local\ESET
2017-01-17 01:08 - 2017-01-16 21:18 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-17 01:08 - 2017-01-16 21:18 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-17 00:52 - 2017-02-16 15:11 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-17 00:52 - 2017-01-17 00:54 - 00000000 ____D C:\WINDOWS\system32\MRT

 

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

 

2017-02-16 19:15 - 2015-08-28 20:57 - 00000000 ___RD C:\Users\FC\OneDrive
2017-02-16 19:14 - 2017-01-15 02:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-16 19:13 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-16 17:56 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-16 17:49 - 2017-01-15 01:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-346333861-451419202-3683234426-1001
2017-02-16 17:46 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-16 17:11 - 2017-01-15 01:31 - 00000000 ____D C:\Users\FC
2017-02-16 15:10 - 2016-10-17 12:38 - 00000000 ____D C:\AdwCleaner
2017-02-16 15:00 - 2016-12-11 18:47 - 00000000 ____D C:\Users\FC\AppData\LocalLow\Mozilla
2017-02-16 02:44 - 2017-01-15 23:34 - 00000000 ____D C:\Users\FC\AppData\Roaming\Nitro PDF
2017-02-16 02:43 - 2013-08-22 16:36 - 00000000 ___HD C:\PerfLogs
2017-02-16 00:51 - 2015-02-12 14:21 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-02-15 22:20 - 2015-02-12 13:06 - 00808640 _____ C:\WINDOWS\system32\perfh013.dat
2017-02-15 22:20 - 2015-02-12 13:06 - 00163044 _____ C:\WINDOWS\system32\perfc013.dat
2017-02-15 22:20 - 2014-03-18 10:53 - 01829340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 22:07 - 2015-10-22 15:36 - 00000000 ____D C:\NPE
2017-02-15 22:04 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-15 21:48 - 2017-01-15 01:30 - 00000000 ____D C:\Users\Gast
2017-02-15 21:48 - 2014-04-03 19:18 - 00000000 ____D C:\Users\Administrator
2017-02-15 21:44 - 2017-01-15 16:26 - 00000000 ____D C:\Users\FC\AppData\Local\ElevatedDiagnostics
2017-02-13 22:56 - 2016-02-14 02:43 - 00000000 ____D C:\Users\FC\Documents\Werken map, Portfolio
2017-02-10 13:08 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2017-02-09 17:42 - 2015-08-28 20:50 - 00000000 ____D C:\Users\FC\AppData\Local\Packages
2017-02-09 01:21 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-06 00:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 13:07 - 2016-01-04 18:54 - 00000000 ____D C:\Users\FC\Documents\Wie ben ik UWV,Job-coach initiele documentatie
2017-02-01 21:35 - 2016-02-01 20:48 - 00000000 ____D C:\Users\FC\Documents\Word werken wetgeving
2017-01-29 21:29 - 2017-01-15 01:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-01-29 20:07 - 2017-01-15 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 20:07 - 2017-01-15 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 20:03 - 2015-02-12 14:28 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2017-01-28 13:00 - 2015-02-12 12:57 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-01-28 13:00 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-01-28 13:00 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-28 13:00 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-28 13:00 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-01-28 13:00 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\IME
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-28 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-28 13:00 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-28 13:00 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-28 13:00 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\servicing
2017-01-28 12:59 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-28 12:59 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-28 12:59 - 2014-03-18 10:25 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-01-28 12:59 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-28 12:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-28 12:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-01-28 12:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Com
2017-01-28 12:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2017-01-28 12:59 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-28 12:59 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-27 23:19 - 2015-09-25 18:26 - 00000000 ____D C:\Users\FC\AppData\LocalLow\Temp
2017-01-18 13:36 - 2013-08-22 15:44 - 00473312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 02:50 - 2017-01-15 10:27 - 00000000 ____D C:\Windows.old
2017-01-18 01:50 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-01-18 01:49 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-01-17 01:47 - 2016-12-28 18:44 - 06771840 _____ (ESET spol. s r.o.) C:\Users\FC\Downloads\esetonlinescanner_enu.exe
2017-01-17 01:21 - 2017-01-15 02:05 - 00000000 __SHD C:\Users\FC\AppData\Local\EmieUserList
2017-01-17 01:21 - 2017-01-15 02:05 - 00000000 __SHD C:\Users\FC\AppData\Local\EmieSiteList
2017-01-17 01:21 - 2015-08-28 21:02 - 00000000 __SHD C:\Users\FC\AppData\LocalLow\EmieUserList
2017-01-17 01:21 - 2015-08-28 21:02 - 00000000 __SHD C:\Users\FC\AppData\LocalLow\EmieSiteList
2017-01-17 00:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-01-17 00:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\setup
2017-01-17 00:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-17 00:56 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates

==================== Bestanden in de root van sommige mappen =======

2017-02-01 20:49 - 2017-02-01 20:49 - 0007597 _____ () C:\Users\FC\AppData\Local\Resmon.ResmonCfg
2015-02-12 13:36 - 2015-02-12 13:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Sommige bestanden in TEMP:

====================
2017-02-16 19:15 - 2017-02-16 19:15 - 1457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\FC\AppData\Local\Temp\PROCEXP64.exe

 

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

 

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2017-02-09 19:35

 

==================== Eind van FRST.txt ============================


Edited by NeophyteSync, 16 February 2017 - 01:52 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 18 February 2017 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-346333861-451419202-3683234426-501\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
URLSearchHook: [S-1-5-21-346333861-451419202-3683234426-501] AANDACHT => Standaard URLSearchHook ontbreekt
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please post the logs and let me know what problem persists.

p.s.
Include the Addition.txt file that was created by the Farbar tool. I need to review it.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 PM

Posted 24 February 2017 - 09:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users