OMWeesie
Posts: 8 +0
After Mbam found the threat mentioned above I started scans with ckscanner, minitoolbox, adwcleaner, junkware removal and eset online.
I someone could help me (hopefully) confirm my laptop is clean again that would be absolutely great!
the logfiles can be found down below (eset found 15 threats and cleaned them but I cannot find the log anymore)!
I know it's Christmas and holidays and all, but a response would be hugely appreciated, as I'm trying to fix my parents' laptop and they live in a different country than me. I unfortunately leave again to my home country the 28th. No hard feelings if help doesn't make it on time, Id thought I'd give it a go!
Thanks so much in advance and regards,
Olmo
=======================================
Malwarebytes
www.malwarebytes.com
-Logboekdetails-
Scandatum: 25-12-16
Scantijd: 14:21
Logboekbestand:
Beheerder: Ja
-Software-informatie-
Versie: 3.0.4.1269
Versie componenten: 1.0.39
Update pakketversie: 1.0.858
Licentie: Gratis
-Systeeminformatie-
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: LAPTOP-BTTGC2PJ\Rolf & Erna
-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 355311
Verstreken tijd: 2 min, 43 sec
-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)
Module: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)
Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)
Map: 1
PUP.Optional.Booking, C:\PROGRAM FILES\Booking.COM, Verwijder-bij-herstart, [504], [310593],1.0.858
Bestand: 6
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, Verwijder-bij-herstart, [504], [310593],1.0.858
RiskWare.IStealer, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, Verwijder-bij-herstart, [11800], [147615],1.0.858
PUP.Optional.Booking, C:\USERS\PUBLIC\DESKTOP\BOOKING.COM.LNK, Verwijder-bij-herstart, [504], [310601],1.0.858
Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)
(end)
==================================
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\windows\prefetch\kmsauto net.exe-26d3b982.pf
c:\windows\prefetch\kmseldi.exe-396681d6.pf
c:\windows\prefetch\kmspico_setup.exe-ba659fff.pf
c:\windows\prefetch\kmspico_setup.tmp-4c27d381.pf
c:\windows\prefetch\kmspico_setup.tmp-66ed0bfd.pf
c:\windows\prefetch\kmsss.exe-ea251358.pf
scanner sequence 3.CH.11.XAAPRZ
----- EOF -----
-----------------------------------------------------------------------
MiniToolBox by Farbar Version: 17-06-2016
Ran by Rolf & Erna (administrator) on 25-12-2016 at 16:04:30
Running from "C:\Users\Rolf & Erna\Desktop"
Microsoft Windows 10 Home (X64)
Model: Aspire E5-575 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Qualcomm Atheros QCA9377 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-netwerkverbinding" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAPTOP-BTTGC2PJ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-AB-3A-99-0F-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter LAN-verbinding* 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : CA-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
Physical Address. . . . . . . . . : C8-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8c07:269e:ee07:c9b8%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : zondag 25 december 2016 12:40:32
Lease Expires . . . . . . . . . . : maandag 26 december 2016 12:40:36
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 164167464
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{C13CF6BA-2204-48B5-93F5-F829B42C825F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1007:f350:7d00:ecb1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1007:f350:7d00:ecb1%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 385875968
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1
Name: google.com
Addresses: 77.67.49.154
77.67.49.155
77.67.49.150
77.67.49.148
77.67.49.153
77.67.49.151
77.67.49.152
77.67.49.149
Pinging google.com [77.67.49.154] with 32 bytes of data:
Reply from 77.67.49.154: bytes=32 time=712ms TTL=52
Reply from 77.67.49.154: bytes=32 time=674ms TTL=52
Ping statistics for 77.67.49.154:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 674ms, Maximum = 712ms, Average = 693ms
Server: UnKnown
Address: 192.168.0.1
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=807ms TTL=46
Reply from 206.190.36.45: bytes=32 time=797ms TTL=46
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 797ms, Maximum = 807ms, Average = 802ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
7...54 ab 3a 99 0f 7e ......Realtek PCIe GBE Family Controller
5...ca ff 28 fa 94 6f ......Microsoft Wi-Fi Direct Virtual Adapter #2
10...c8 ff 28 fa 94 6f ......Qualcomm Atheros QCA9377 Wireless Network Adapter
1...........................Software Loopback Interface 1
3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.106 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.106 281
192.168.0.106 255.255.255.255 On-link 192.168.0.106 281
192.168.0.255 255.255.255.255 On-link 192.168.0.106 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.106 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.106 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
6 306 ::/0 On-link
1 306 ::1/128 On-link
6 306 2001::/32 On-link
6 306 2001:0:5ef5:79fb:1007:f350:7d00:ecb1/128
On-link
10 281 fe80::/64 On-link
6 306 fe80::/64 On-link
6 306 fe80::1007:f350:7d00:ecb1/128
On-link
10 281 fe80::8c07:269e:ee07:c9b8/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
6 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/25/2016 01:03:56 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/25/2016 12:30:54 PM) (Source: Application Hang) (User: )
Description: Het programma setup64.exe, versie 16.0.4266.1003 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: 20f4
Starttijd: 01d25eaaa347809b
Eindtijd: 4294967295
Toepassingspad: C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exe
Rapport-id: edb9f226-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:28:42 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.10586.11, tijdstempel: 0x56457cb1
Naam van module met fout: ntdll.dll, versie: 10.0.10586.122, tijdstempel: 0x56cbf9dd
Uitzonderingscode: 0xc0000409
Foutmarge: 0x00000000000953f7
Id van proces met fout: 0x1f3c
Starttijd van toepassing met fout: 0xSystemSettings.exe0
Pad naar toepassing met fout: SystemSettings.exe1
Pad naar module met fout: SystemSettings.exe2
Rapport-id: SystemSettings.exe3
Volledige pakketnaam met fout: SystemSettings.exe4
Relatieve toepassings-id van pakket met fout: SystemSettings.exe5
Error: (12/25/2016 12:27:39 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeC2RClient.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: a6c
Starttijd: 01d25ea75eb588a6
Eindtijd: 4294967295
Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
Rapport-id: 8568c0c4-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:27:35 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeClickToRun.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: 213c
Starttijd: 01d25ea75e6ebf8c
Eindtijd: 4294967295
Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Rapport-id: 833acb66-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}
Error: (12/25/2016 11:39:32 AM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: EXCEL.EXE, versie: 16.0.4266.1003, tijdstempel: 0x55ceb394
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x133787e0
Id van proces met fout: 0x6d8
Starttijd van toepassing met fout: 0xEXCEL.EXE0
Pad naar toepassing met fout: EXCEL.EXE1
Pad naar module met fout: EXCEL.EXE2
Rapport-id: EXCEL.EXE3
Volledige pakketnaam met fout: EXCEL.EXE4
Relatieve toepassings-id van pakket met fout: EXCEL.EXE5
Error: (12/25/2016 11:25:41 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/24/2016 06:44:24 PM) (Source: Perflib) (User: )
Description: rdyboost4
System errors:
=============
Error: (12/25/2016 04:04:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Adobe Acrobat Update Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Security Assist-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De User Experience Improvement Program-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Dashlane Upgrade Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De CCDMonitorService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De AtherosSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Microsoft Office Sessions:
=========================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
Error: (12/25/2016 01:03:56 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
Error: (12/25/2016 12:30:54 PM) (Source: Application Hang)(User: )
Description: setup64.exe16.0.4266.100320f401d25eaaa347809b4294967295C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exeedb9f226-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:28:42 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.10586.1156457cb1ntdll.dll10.0.10586.12256cbf9ddc000040900000000000953f71f3c01d25ea9ecd33007C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\SYSTEM32\ntdll.dll583082e1-9d97-49b5-a5c7-1d089899e081windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (12/25/2016 12:27:39 PM) (Source: Application Hang)(User: )
Description: OfficeC2RClient.exe16.0.7571.1326a6c01d25ea75eb588a64294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe8568c0c4-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:27:35 PM) (Source: Application Hang)(User: )
Description: OfficeClickToRun.exe16.0.7571.1326213c01d25ea75e6ebf8c4294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe833acb66-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}
Error: (12/25/2016 11:39:32 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE16.0.4266.100355ceb394unknown0.0.0.000000000c0000005133787e06d801d25ea35495cd0aC:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEunknownccf59c8d-ca96-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 11:25:41 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
Error: (12/24/2016 06:44:24 PM) (Source: Perflib)(User: )
Description: rdyboost4
CodeIntegrity Errors:
===================================
Date: 2016-12-25 13:10:43.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 12:43:35.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:48:40.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:40:57.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:39:15.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:25:23.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:32:56.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:30:45.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:27:35.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:24:07.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKCU\...\Host App Service) (Version: 0.272.1.357 - SweetLabs)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{60865E78-1AC5-4532-A6B0-4B028DE8A076}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{e4e126a8-f29e-4b56-947d-fe8bbdce8b1b}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.1.0.4242 - Avira Operations GmbH & Co. KG)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Malwarebytes versie 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7773 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
========================= Memory info: ===================================
Percentage of memory in use: 57%
Total physical RAM: 8065.9 MB
Available physical RAM: 3433.81 MB
Total Virtual: 9985.9 MB
Available Virtual: 4385.07 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:414.09 GB) NTFS
========================= Users: ========================================
Gebruikersaccounts voor \\LAPTOP-BTTGC2PJ
Administrador DefaultAccount Invitado
niebo Rolf & Erna
De opdracht is voltooid.
**** End of log ****
=================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Rolf & Erna (Administrator) on zo 25-12-2016 at 18:57:17,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1B0B107-1559-4C88-8A91-D5A3FA966DE1} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 25-12-2016 at 18:58:58,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I someone could help me (hopefully) confirm my laptop is clean again that would be absolutely great!
the logfiles can be found down below (eset found 15 threats and cleaned them but I cannot find the log anymore)!
I know it's Christmas and holidays and all, but a response would be hugely appreciated, as I'm trying to fix my parents' laptop and they live in a different country than me. I unfortunately leave again to my home country the 28th. No hard feelings if help doesn't make it on time, Id thought I'd give it a go!
Thanks so much in advance and regards,
Olmo
=======================================
Malwarebytes
www.malwarebytes.com
-Logboekdetails-
Scandatum: 25-12-16
Scantijd: 14:21
Logboekbestand:
Beheerder: Ja
-Software-informatie-
Versie: 3.0.4.1269
Versie componenten: 1.0.39
Update pakketversie: 1.0.858
Licentie: Gratis
-Systeeminformatie-
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: LAPTOP-BTTGC2PJ\Rolf & Erna
-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 355311
Verstreken tijd: 2 min, 43 sec
-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)
Module: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)
Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)
Map: 1
PUP.Optional.Booking, C:\PROGRAM FILES\Booking.COM, Verwijder-bij-herstart, [504], [310593],1.0.858
Bestand: 6
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, Verwijder-bij-herstart, [504], [310593],1.0.858
RiskWare.IStealer, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, Verwijder-bij-herstart, [11800], [147615],1.0.858
PUP.Optional.Booking, C:\USERS\PUBLIC\DESKTOP\BOOKING.COM.LNK, Verwijder-bij-herstart, [504], [310601],1.0.858
Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)
(end)
==================================
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\windows\prefetch\kmsauto net.exe-26d3b982.pf
c:\windows\prefetch\kmseldi.exe-396681d6.pf
c:\windows\prefetch\kmspico_setup.exe-ba659fff.pf
c:\windows\prefetch\kmspico_setup.tmp-4c27d381.pf
c:\windows\prefetch\kmspico_setup.tmp-66ed0bfd.pf
c:\windows\prefetch\kmsss.exe-ea251358.pf
scanner sequence 3.CH.11.XAAPRZ
----- EOF -----
-----------------------------------------------------------------------
MiniToolBox by Farbar Version: 17-06-2016
Ran by Rolf & Erna (administrator) on 25-12-2016 at 16:04:30
Running from "C:\Users\Rolf & Erna\Desktop"
Microsoft Windows 10 Home (X64)
Model: Aspire E5-575 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Qualcomm Atheros QCA9377 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-netwerkverbinding" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAPTOP-BTTGC2PJ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-AB-3A-99-0F-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter LAN-verbinding* 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : CA-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
Physical Address. . . . . . . . . : C8-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8c07:269e:ee07:c9b8%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : zondag 25 december 2016 12:40:32
Lease Expires . . . . . . . . . . : maandag 26 december 2016 12:40:36
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 164167464
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{C13CF6BA-2204-48B5-93F5-F829B42C825F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1007:f350:7d00:ecb1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1007:f350:7d00:ecb1%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 385875968
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1
Name: google.com
Addresses: 77.67.49.154
77.67.49.155
77.67.49.150
77.67.49.148
77.67.49.153
77.67.49.151
77.67.49.152
77.67.49.149
Pinging google.com [77.67.49.154] with 32 bytes of data:
Reply from 77.67.49.154: bytes=32 time=712ms TTL=52
Reply from 77.67.49.154: bytes=32 time=674ms TTL=52
Ping statistics for 77.67.49.154:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 674ms, Maximum = 712ms, Average = 693ms
Server: UnKnown
Address: 192.168.0.1
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=807ms TTL=46
Reply from 206.190.36.45: bytes=32 time=797ms TTL=46
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 797ms, Maximum = 807ms, Average = 802ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
7...54 ab 3a 99 0f 7e ......Realtek PCIe GBE Family Controller
5...ca ff 28 fa 94 6f ......Microsoft Wi-Fi Direct Virtual Adapter #2
10...c8 ff 28 fa 94 6f ......Qualcomm Atheros QCA9377 Wireless Network Adapter
1...........................Software Loopback Interface 1
3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.106 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.106 281
192.168.0.106 255.255.255.255 On-link 192.168.0.106 281
192.168.0.255 255.255.255.255 On-link 192.168.0.106 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.106 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.106 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
6 306 ::/0 On-link
1 306 ::1/128 On-link
6 306 2001::/32 On-link
6 306 2001:0:5ef5:79fb:1007:f350:7d00:ecb1/128
On-link
10 281 fe80::/64 On-link
6 306 fe80::/64 On-link
6 306 fe80::1007:f350:7d00:ecb1/128
On-link
10 281 fe80::8c07:269e:ee07:c9b8/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
6 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/25/2016 01:03:56 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/25/2016 12:30:54 PM) (Source: Application Hang) (User: )
Description: Het programma setup64.exe, versie 16.0.4266.1003 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: 20f4
Starttijd: 01d25eaaa347809b
Eindtijd: 4294967295
Toepassingspad: C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exe
Rapport-id: edb9f226-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:28:42 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.10586.11, tijdstempel: 0x56457cb1
Naam van module met fout: ntdll.dll, versie: 10.0.10586.122, tijdstempel: 0x56cbf9dd
Uitzonderingscode: 0xc0000409
Foutmarge: 0x00000000000953f7
Id van proces met fout: 0x1f3c
Starttijd van toepassing met fout: 0xSystemSettings.exe0
Pad naar toepassing met fout: SystemSettings.exe1
Pad naar module met fout: SystemSettings.exe2
Rapport-id: SystemSettings.exe3
Volledige pakketnaam met fout: SystemSettings.exe4
Relatieve toepassings-id van pakket met fout: SystemSettings.exe5
Error: (12/25/2016 12:27:39 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeC2RClient.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: a6c
Starttijd: 01d25ea75eb588a6
Eindtijd: 4294967295
Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
Rapport-id: 8568c0c4-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:27:35 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeClickToRun.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: 213c
Starttijd: 01d25ea75e6ebf8c
Eindtijd: 4294967295
Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Rapport-id: 833acb66-ca9d-11e6-9dad-54ab3a990f7e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}
Error: (12/25/2016 11:39:32 AM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: EXCEL.EXE, versie: 16.0.4266.1003, tijdstempel: 0x55ceb394
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x133787e0
Id van proces met fout: 0x6d8
Starttijd van toepassing met fout: 0xEXCEL.EXE0
Pad naar toepassing met fout: EXCEL.EXE1
Pad naar module met fout: EXCEL.EXE2
Rapport-id: EXCEL.EXE3
Volledige pakketnaam met fout: EXCEL.EXE4
Relatieve toepassings-id van pakket met fout: EXCEL.EXE5
Error: (12/25/2016 11:25:41 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
Error: (12/24/2016 06:44:24 PM) (Source: Perflib) (User: )
Description: rdyboost4
System errors:
=============
Error: (12/25/2016 04:04:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Adobe Acrobat Update Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Security Assist-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De User Experience Improvement Program-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Dashlane Upgrade Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De CCDMonitorService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De AtherosSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
Microsoft Office Sessions:
=========================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
Error: (12/25/2016 01:03:56 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1
Error: (12/25/2016 12:30:54 PM) (Source: Application Hang)(User: )
Description: setup64.exe16.0.4266.100320f401d25eaaa347809b4294967295C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exeedb9f226-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:28:42 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.10586.1156457cb1ntdll.dll10.0.10586.12256cbf9ddc000040900000000000953f71f3c01d25ea9ecd33007C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\SYSTEM32\ntdll.dll583082e1-9d97-49b5-a5c7-1d089899e081windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (12/25/2016 12:27:39 PM) (Source: Application Hang)(User: )
Description: OfficeC2RClient.exe16.0.7571.1326a6c01d25ea75eb588a64294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe8568c0c4-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:27:35 PM) (Source: Application Hang)(User: )
Description: OfficeClickToRun.exe16.0.7571.1326213c01d25ea75e6ebf8c4294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe833acb66-ca9d-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}
Error: (12/25/2016 11:39:32 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE16.0.4266.100355ceb394unknown0.0.0.000000000c0000005133787e06d801d25ea35495cd0aC:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEunknownccf59c8d-ca96-11e6-9dad-54ab3a990f7e
Error: (12/25/2016 11:25:41 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
Error: (12/24/2016 06:44:24 PM) (Source: Perflib)(User: )
Description: rdyboost4
CodeIntegrity Errors:
===================================
Date: 2016-12-25 13:10:43.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 12:43:35.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:48:40.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:40:57.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:39:15.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-25 11:25:23.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:32:56.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:30:45.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:27:35.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-24 18:24:07.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKCU\...\Host App Service) (Version: 0.272.1.357 - SweetLabs)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{60865E78-1AC5-4532-A6B0-4B028DE8A076}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{e4e126a8-f29e-4b56-947d-fe8bbdce8b1b}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.1.0.4242 - Avira Operations GmbH & Co. KG)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Malwarebytes versie 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7773 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
========================= Memory info: ===================================
Percentage of memory in use: 57%
Total physical RAM: 8065.9 MB
Available physical RAM: 3433.81 MB
Total Virtual: 9985.9 MB
Available Virtual: 4385.07 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:414.09 GB) NTFS
========================= Users: ========================================
Gebruikersaccounts voor \\LAPTOP-BTTGC2PJ
Administrador DefaultAccount Invitado
niebo Rolf & Erna
De opdracht is voltooid.
**** End of log ****
=================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Rolf & Erna (Administrator) on zo 25-12-2016 at 18:57:17,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1B0B107-1559-4C88-8A91-D5A3FA966DE1} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 25-12-2016 at 18:58:58,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~