Inactive System infected? Win10

Status
Not open for further replies.
P

Pepijn

Posts: 7   +0
System appears to be infected some way. Cannot start Powershell. No Explorer anymore, not able to create new user account, virus scanner not starting. Problems with CRYPTUI.DLL and another DLL (name I cannot find right now).
Thanks for any advice you can give me!

First part of FRST.txt:

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 03-10-2017
Gestart door Administrator (Beheerder) op DESKTOP-3O58L1S (03-10-2017 23:08:04)
Gestart vanaf C:\Users\Administrator\Downloads
Geladen Profielen: Administrator (Beschikbare Profielen: defaultuser0 & gebruiker & Pepijn & Administrator)
Platform: Windows 10 Education Versie 1703 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool:

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star INT'L CO., LTD.) R:\Stuff\6.1.0.18\Gaming APP\GamingHotkey_Service.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Administrator\Downloads\FRST64 (1).exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-11] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{31d9cddc-8de7-4162-9b4c-033e8fd459d2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2017-06-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-10-03]
CHR Extension: (Google Documenten) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-08]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-08]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-08]
CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-01]
CHR Extension: (Offline Documenten) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-08]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-01]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-11] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [409128 2017-04-10] (EasyAntiCheat Ltd)
S2 GamingApp_Service; R:\Stuff\6.1.0.18\Gaming APP\GamingApp_Service.exe [47056 2017-01-12] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; R:\Stuff\6.1.0.18\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [68024 2017-01-18] (Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-04-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-05-08] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [X]
S4 NetTcpPortSharing; %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S2 Origin Web Helper Service; "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361784 2017-09-25] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [66608 2017-04-01] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-10-03 23:08 - 2017-10-03 23:08 - 000012527 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-10-03 23:07 - 2017-10-03 23:08 - 000000000 ____D C:\FRST
2017-10-03 23:07 - 2017-10-03 23:07 - 002399744 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64 (1).exe
2017-10-03 23:07 - 2017-10-03 23:07 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2017-10-03 23:05 - 2017-10-03 23:05 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-03 22:57 - 2017-10-03 22:57 - 000000000 __SHD C:\found.002
2017-10-03 16:43 - 2017-10-03 16:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2017-10-01 23:08 - 2017-10-01 23:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2017-10-01 23:08 - 2017-10-01 23:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2017-10-01 13:41 - 2017-10-01 13:41 - 000000000 __SHD C:\found.001
2017-10-01 10:46 - 2017-10-01 10:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64}
2017-10-01 10:45 - 2017-10-01 10:45 - 000000763 _____ C:\Users\Administrator\Desktop\Uplay.lnk
2017-10-01 10:45 - 2017-10-01 10:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-10-01 10:45 - 2017-10-01 10:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Ubisoft Game Launcher
2017-10-01 10:24 - 2017-09-19 01:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-01 10:24 - 2017-09-19 01:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-01 10:24 - 2017-09-19 01:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-01 10:24 - 2017-09-19 01:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-01 10:24 - 2017-09-19 01:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-01 10:24 - 2017-09-19 01:17 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-01 10:24 - 2017-09-19 01:17 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-01 10:24 - 2017-09-19 01:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-01 10:24 - 2017-09-19 01:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-01 10:24 - 2017-09-19 01:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-01 10:24 - 2017-09-19 00:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-01 10:24 - 2017-09-19 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-01 10:24 - 2017-09-19 00:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-01 10:24 - 2017-09-19 00:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-01 10:24 - 2017-09-19 00:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-01 10:24 - 2017-09-19 00:18 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-01 10:24 - 2017-09-19 00:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-01 10:17 - 2017-10-01 10:19 - 000515916 _____ C:\WINDOWS\Minidump\100117-8687-01.dmp
2017-10-01 10:14 - 2017-10-01 10:14 - 000621788 _____ C:\WINDOWS\Minidump\100117-8656-01.dmp
2017-10-01 09:57 - 2017-10-01 10:17 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-01 09:57 - 2017-10-01 09:57 - 000684244 _____ C:\WINDOWS\Minidump\100117-11718-01.dmp
2017-09-26 17:47 - 2017-09-26 17:47 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Squad
2017-09-14 17:56 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-14 17:56 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-14 17:56 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-14 17:56 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-14 17:56 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-14 17:56 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-14 17:56 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-14 17:56 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-14 17:56 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-14 17:56 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-14 17:56 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-14 17:56 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-14 17:56 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-14 17:56 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-14 17:56 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-14 17:56 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-14 17:56 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-14 17:56 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-14 17:56 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-14 17:56 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-14 17:56 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-14 17:56 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-14 17:56 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-14 17:56 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-14 17:56 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-14 17:56 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-14 17:56 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-14 17:56 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-14 17:56 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-14 17:56 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-14 17:56 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-14 17:56 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-14 17:56 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-14 17:56 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-14 17:56 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-14 17:56 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-14 17:56 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-14 17:56 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-14 17:56 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-14 17:56 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-14 17:56 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-14 17:56 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-14 17:56 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-14 17:56 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-14 17:56 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-14 17:56 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-14 17:56 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-14 17:56 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-14 17:56 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-14 17:56 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-14 17:56 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-14 17:56 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-14 17:56 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-14 17:56 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-14 17:56 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-14 17:56 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-14 17:56 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-14 17:56 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-14 17:56 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-14 17:56 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-14 17:56 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-14 17:56 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-14 17:56 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-14 17:56 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-14 17:55 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-14 17:55 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-14 17:55 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-14 17:55 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-14 17:55 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-14 17:55 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-14 17:55 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-14 17:55 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-14 17:55 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-14 17:55 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-14 17:55 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-14 17:55 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-14 17:55 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-14 17:55 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-14 17:55 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-14 17:55 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-14 17:55 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-14 17:55 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-14 17:55 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-14 17:55 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-14 17:55 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-14 17:55 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-14 17:55 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 17:55 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-14 17:55 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-14 17:55 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-14 17:53 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-14 17:53 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-14 17:53 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-14 17:53 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-14 17:53 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-14 17:53 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-14 17:52 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-14 17:52 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-14 17:52 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-14 17:52 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-14 17:52 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-14 17:52 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-14 17:52 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-14 17:52 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-14 17:52 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-14 17:52 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-14 17:52 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-14 17:52 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-14 17:52 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-14 17:52 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-14 17:52 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
 
Second part of FIRST.txt:

2017-09-14 17:52 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-14 17:52 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-14 17:52 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-14 17:52 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-14 17:52 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-14 17:52 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-14 17:52 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-14 17:52 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-14 17:52 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-14 17:52 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-14 17:52 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-14 17:52 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-14 17:52 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-14 17:52 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-14 17:52 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-14 17:52 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-14 17:52 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-14 17:52 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-14 17:52 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-14 17:52 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-14 17:52 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-14 17:52 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-14 17:52 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-14 17:52 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-14 17:52 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-14 17:52 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-14 17:52 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-14 17:52 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-14 17:52 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-14 17:52 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-14 17:52 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-14 17:52 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-14 17:52 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-14 17:52 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-14 17:52 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-14 17:52 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-14 17:52 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-14 17:52 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-14 17:52 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-14 17:52 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-14 17:52 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-14 17:52 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-14 17:52 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-14 17:52 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-14 17:52 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-14 17:52 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-14 17:52 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-14 17:52 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-14 17:52 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-14 17:52 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-14 17:52 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-14 17:52 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-14 17:52 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-14 17:52 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-14 17:52 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-14 17:52 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-14 17:52 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-14 17:52 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-14 17:52 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-14 17:52 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-14 17:52 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 17:51 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-14 17:51 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-14 17:51 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-14 17:51 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-14 17:51 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-14 17:51 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-14 17:51 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-14 17:51 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-14 17:51 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-14 17:51 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-14 17:51 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-14 17:51 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-14 17:51 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-14 17:51 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-14 17:51 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-14 17:51 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-14 17:51 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-14 17:51 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-14 17:51 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-14 17:51 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-14 17:51 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-14 17:51 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-14 17:51 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-14 17:51 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-14 17:51 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-14 17:51 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-14 17:51 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-14 17:51 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-14 17:51 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-14 17:51 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-14 17:51 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-14 17:51 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-14 17:51 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-14 17:51 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-14 17:51 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-14 17:51 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-14 17:51 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-14 17:51 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-14 17:51 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-14 17:51 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-14 17:51 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-14 17:51 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-14 17:51 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-14 17:51 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-14 17:51 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-14 17:51 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-14 17:51 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-14 17:51 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-14 17:51 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-14 17:51 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-14 17:51 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-14 17:51 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-14 17:51 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-14 17:51 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-14 17:51 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-14 17:51 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-14 17:51 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-14 17:51 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-14 17:51 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-14 17:51 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-14 17:51 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-14 17:51 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-14 17:51 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-14 17:51 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-14 17:51 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-14 17:51 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-14 17:51 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-14 17:51 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-14 17:51 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-14 17:51 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-14 17:51 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-14 17:51 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-14 17:51 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-14 17:51 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-14 17:51 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-14 17:51 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-14 17:51 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-14 17:51 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-14 17:51 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-14 17:51 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-14 17:51 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-14 17:51 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-14 17:51 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-14 17:51 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-14 17:51 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-14 17:51 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-14 17:51 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-14 17:51 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-14 17:51 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-14 17:51 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-14 17:51 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-14 17:51 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-14 17:50 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-14 17:50 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-14 17:50 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-14 17:50 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-14 17:50 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-11 10:46 - 2017-09-11 10:46 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-10-03 23:00 - 2017-06-12 22:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-03 22:58 - 2017-06-12 22:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-03 17:54 - 2017-06-12 22:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-03 17:54 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-03 17:54 - 2017-02-23 18:07 - 000000000 ___RD C:\Users\Pepijn\OneDrive
2017-10-03 12:48 - 2017-06-12 22:18 - 000000000 ____D C:\Users\Pepijn
2017-10-03 12:47 - 2017-02-23 20:11 - 000002407 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-03 12:47 - 2017-02-23 20:11 - 000000000 ___RD C:\Users\Administrator\OneDrive
2017-10-02 13:21 - 2017-06-12 22:21 - 003476140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-02 13:21 - 2017-03-20 05:57 - 001644868 _____ C:\WINDOWS\system32\perfh013.dat
2017-10-02 13:21 - 2017-03-20 05:57 - 000414488 _____ C:\WINDOWS\system32\perfc013.dat
2017-10-02 13:17 - 2017-06-08 16:06 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-10-02 00:09 - 2017-06-12 22:18 - 000000000 ____D C:\Users\Administrator
2017-10-01 23:52 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-01 23:52 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-01 23:51 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-01 23:30 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-01 23:18 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-01 23:18 - 2017-02-23 20:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-10-01 23:08 - 2017-02-24 12:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-01 23:08 - 2017-02-23 20:10 - 000002352 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-10-01 10:44 - 2017-02-23 18:54 - 000000000 ____D C:\Users\Pepijn\AppData\Local\Ubisoft Game Launcher
2017-10-01 10:02 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-01 10:02 - 2017-02-23 12:41 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-28 22:51 - 2017-03-09 23:52 - 000000000 ____D C:\Users\Pepijn\AppData\Local\Spotify
2017-09-28 21:03 - 2017-03-09 23:51 - 000000000 ____D C:\Users\Pepijn\AppData\Roaming\Spotify
2017-09-28 13:51 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 13:50 - 2017-02-25 21:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-25 22:46 - 2017-02-25 21:25 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-09-25 22:13 - 2017-02-23 18:25 - 000002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-20 22:46 - 2017-02-25 21:25 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-09-19 19:26 - 2017-08-13 08:08 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-391047650-1887844984-3031768068-1002
2017-09-19 19:26 - 2017-02-23 18:07 - 000002386 _____ C:\Users\Pepijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-18 09:58 - 2017-06-12 22:17 - 000380704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-18 09:57 - 2017-03-20 05:56 - 000000000 ____D C:\WINDOWS\system32\nl
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-18 09:57 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-15 10:13 - 2017-02-23 18:06 - 000000000 ____D C:\Users\Pepijn\AppData\Local\Packages
2017-09-14 17:56 - 2017-06-12 22:18 - 000000000 ____D C:\Users\gebruiker
2017-09-14 17:56 - 2017-06-12 22:18 - 000000000 ____D C:\Users\defaultuser0
2017-09-14 17:56 - 2017-02-23 12:40 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-14 17:56 - 2017-02-23 12:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 14:52 - 2017-06-12 22:22 - 000004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1488050780
2017-09-13 14:52 - 2017-02-25 21:26 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-09-13 14:52 - 2017-02-25 21:25 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-12 18:14 - 2017-02-23 18:27 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-11 10:46 - 2017-06-12 22:22 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-11 10:46 - 2017-06-06 22:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-11 10:46 - 2017-02-25 21:26 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-11 10:46 - 2017-02-25 21:25 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2017-09-25 22:33

==================== Eind van FRST.txt ============================
 
Addition.txt:

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 03-10-2017
Gestart door Administrator (03-10-2017 23:08:30)
Gestart vanaf C:\Users\Administrator\Downloads
Windows 10 Education Versie 1703 (X64) (2017-06-12 20:24:44)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-391047650-1887844984-3031768068-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-391047650-1887844984-3031768068-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-391047650-1887844984-3031768068-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-391047650-1887844984-3031768068-501 - Limited - Disabled)
gebruiker (S-1-5-21-391047650-1887844984-3031768068-1001 - Administrator - Disabled) => C:\Users\gebruiker
Pepijn (S-1-5-21-391047650-1887844984-3031768068-1002 - Limited - Enabled) => C:\Users\Pepijn

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version: - Relic Entertainment)
DarthMod Napoleon (HKLM-x32\...\DarthMod Napoleon) (Version: - )
Dishonored 2 (HKLM\...\Steam App 403640) (Version: - Arkane Studios)
Far Cry Primal (HKLM\...\Steam App 371660) (Version: - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version: - Dambuster Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
League of Legends (HKLM-x32\...\{B2777235-FDF0-4371-9D1E-0CD24DFE3579}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-391047650-1887844984-3031768068-500\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.5 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.1.0.18 - MSI)
NVIDIA 3D Vision controllerstuurprogramma 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision stuurprogramma 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Slime Rancher (HKLM\...\Steam App 433340) (Version: - Monomi Park)
Spec Ops: The Line (HKLM\...\Steam App 50300) (Version: - Yager Development)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version: - Creative Assembly)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 40.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-11] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-11] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-11] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-11] (AVAST Software)

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {003B16E1-B449-4C0E-8522-1A5599354DC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {04203DD8-8824-4582-AE62-01EDA2B5E2A0} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {04FDEF0B-97E4-492C-9EBF-8985143551A2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-28] (Microsoft Corporation)
Task: {12A8DBC6-9F1E-42B4-8CED-1FDDDEAA73DB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-01] (NVIDIA Corporation)
Task: {3A106B10-E9C4-45FB-A734-297B24365F23} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {3A6ADF2F-C0B9-4BD9-89E3-2B0909CA122F} - System32\Tasks\SafeZone scheduled Autoupdate 1488050780 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {3C7280AD-E1F6-4290-A4DE-BD79E0ECAB08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {3DA56A33-8383-4D54-A43E-BC90F7A54C46} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {4B9A92D5-5B69-4DEC-9596-320EE3A72E90} - System32\Tasks\MSIOSDx86_Host => R:\Stuff\6.1.0.18\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {545088BC-9EDD-4EF3-B9CE-B3B07EBE2A34} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-01] (NVIDIA Corporation)
Task: {562FD9BA-406B-46C1-A5A1-41057C336803} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-01] (NVIDIA Corporation)
Task: {64231C0D-18DF-4C83-BAB3-D9DD16CB8A9E} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset
Task: {71727124-C276-42AD-BFDA-76A0903BA0EB} - System32\Tasks\MSIOSDx64_Host => R:\Stuff\6.1.0.18\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {7508AA02-A5E9-438E-B961-2E61F682C190} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {76834B65-AE89-4DC3-8125-6E490A8DCCF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-23] (Google Inc.)
Task: {A7972803-BAF2-417E-BA0F-7D75BA85DD7C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {B4903089-745E-4598-8843-2813D82B3A84} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-11] (AVAST Software)
Task: {BAFDABFC-5E7B-419B-BCBE-F1A24258FFCD} - \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical -> Geen bestand <==== AANDACHT
Task: {DAC31399-242F-439A-9644-D38A62310589} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DBA58DD6-0FE5-4925-8DD1-BC6E5B0C1E07} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-01] (NVIDIA Corporation)
Task: {DDE69A0B-3C6F-4EB0-B9E5-B8281FF991F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-23] (Google Inc.)
Task: {E0FEDE58-DC62-47DD-B1AE-53246054A46E} - System32\Tasks\MSIGH_Host => R:\Stuff\6.1.0.18\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {E546E442-E9E7-4F4A-82D7-A2A9696F550D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {EB0FFE09-4792-4019-BF9B-4C5110913F36} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-04-01] (NVIDIA Corporation)

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Snelkoppelingen & WMI ========================

(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)


==================== Geladen Modules (gefilterd) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 05:58 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-11 10:46 - 2017-09-11 10:46 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-25 22:13 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 22:13 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


==================== Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-391047650-1887844984-3031768068-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [{337EB692-1AD1-4C6B-A152-1DE58FC55D5A}] => (Allow) R:\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{BB8F36B9-9546-4575-A398-3C7B7E2BE5E6}] => (Allow) R:\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{DE7AB1E7-E163-41C6-90BF-8BB8DEC2783D}] => (Allow) R:\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{F5FCFCF2-9941-4500-8F49-31C73D0388EC}] => (Allow) R:\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{DB346F44-5BF6-4E49-BEF7-B98401BF5329}] => (Allow) R:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{6DA072F9-563D-46E3-A644-B5CBFEFB4E5F}] => (Allow) R:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{288DD69F-FA4B-40A3-A90E-E960B1A31EF7}] => (Allow) R:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{C2844E3B-B8FF-4A0E-86C2-F7F9259167B5}] => (Allow) R:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{FE6DB8F5-E962-40BD-9BEF-68F3035A1E61}] => (Allow) R:\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{7938CAD7-DDD7-4B24-84DB-78A46188067C}] => (Allow) R:\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [UDP Query User{EBA7C7A8-20A5-4899-B25B-0D6212A4CE20}R:\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Allow) R:\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [TCP Query User{9ABF00F2-F461-4C0F-A557-D905380D4EAC}R:\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Allow) R:\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [{C3C4B970-0AF0-4AAD-B62D-5687AA28082C}] => (Allow) R:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7D6E6488-64DC-4CB5-8A77-8203623FEA3D}] => (Allow) R:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A5BF5974-1679-4128-BA5B-E76DB3DFD408}] => (Allow) R:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{94928785-1DAA-4A8C-BA8B-92973244A40B}] => (Allow) R:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{B5AD8492-48CD-4D39-B194-583D60C5C828}] => (Allow) C:\Tom Clancy's Ghost Recon Wildlands\GRW.exe
FirewallRules: [{FD54CB43-2D3C-4D6F-B1FA-47D90FD1E934}] => (Allow) R:\Steam\steamapps\common\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{7F32C9DF-8D4B-4BCD-ABB8-6D5C3C267A78}] => (Allow) R:\Steam\steamapps\common\Assassin's Creed Rogue\ACC.exe
FirewallRules: [{081ADE48-6408-464D-B659-0A8DE9F81080}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{7AE423A5-14C3-4F5A-8FF8-D2CB7D6D5C4B}] => (Allow) R:\Steam\steamapps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{7A19961C-FF13-43B6-A142-2189221AA2E1}] => (Allow) R:\Steam\steamapps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{29E01E74-35A1-4506-A657-F582EDCDD57E}] => (Allow) R:\Steam\steamapps\common\Spore\runme.exe
FirewallRules: [{DAD065CF-8B70-44E8-8580-C8C1B9B4DC50}] => (Allow) R:\Steam\steamapps\common\Spore\runme.exe
FirewallRules: [{EC100F75-37B5-4F63-A8BB-327387982AE7}] => (Allow) R:\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{F02C9FCA-C6D8-47E9-AF25-48C8022EF949}] => (Allow) R:\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{D9E69207-3C99-4CDF-80B2-C7CDE23D834E}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{86BD563A-FAE0-4A2A-93B0-11B552E50ED9}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{393B0A98-BF3C-4D96-9475-0F5788D79860}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{F3FBAC9A-F51E-4924-BD7A-B0A6941F680C}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{999F8FC9-6E82-487D-A11D-75832CFFEF85}C:\users\pepijn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pepijn\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{04ECB829-2420-4EA6-8A2A-FDF9F76D7763}C:\users\pepijn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pepijn\appdata\roaming\spotify\spotify.exe
FirewallRules: [{75DE1CA6-BC2B-4101-8397-163B82F7208C}] => (Allow) R:\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{DD97D1E4-4307-4107-B64A-3C7D32E7694D}] => (Allow) R:\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{86889A9F-5450-4FE5-A0E0-5261A08952A3}] => (Allow) R:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{35AB04B2-B47B-4A4F-8AAE-842D15C931F8}] => (Allow) R:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [UDP Query User{AD48A73E-2DBD-428F-B40B-29B4F101F81A}C:\users\pepijn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pepijn\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{039F8E56-7771-4CFE-B9A8-68089DBDD1D6}C:\users\pepijn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pepijn\appdata\roaming\spotify\spotify.exe
FirewallRules: [{90374A71-792F-417E-9152-8FAB3A067C51}] => (Allow) R:\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{9BACDFE7-1FCD-4DAD-A207-1AF8414A2B6C}] => (Allow) R:\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{43A1A93F-7E5B-475A-84A5-E14212BDFC32}] => (Allow) R:\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{E34A3BA3-E7CE-4FA8-9F1A-31FB5288A6AA}] => (Allow) R:\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [UDP Query User{85A45CAA-1FC3-4F38-A50E-8EEC1068509B}R:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) R:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{414AB21E-0DFB-40C9-BCBC-F368732C7A19}R:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) R:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{55017A8A-34F9-4C59-8903-A7550A75A9A9}] => (Allow) R:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9A8DA254-8F00-4E8F-882F-F33DFBF80AB2}] => (Allow) R:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5BAAD4C0-2DF3-4088-8F0B-DDA447D5FF46}] => (Allow) R:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{F162AAFB-0FCE-4382-ABD3-EA6B079F4447}] => (Allow) R:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{1B3B8619-5BC2-4DBB-99D2-59C14D2F1680}] => (Allow) LPort=26789
FirewallRules: [{7C8770B6-B40C-464E-9BFE-2034713C0756}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{29107D67-501E-41DA-8494-55D733F46B98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5762A8B4-8FCE-4925-90A7-E6000F94DA98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F31FCFD4-6624-41F4-B597-3BCA8E19A391}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E9CF4B4C-37BE-4AE8-A9B4-6D399C913448}] => (Allow) R:\Steam\steamapps\common\Homefront_The_Revolution\Bin64\Homefront2_Release.exe
FirewallRules: [{A4EAB5E1-F6C7-4B03-94DE-E9CE3D6C43EE}] => (Allow) R:\Steam\steamapps\common\Homefront_The_Revolution\Bin64\Homefront2_Release.exe
FirewallRules: [UDP Query User{CA833086-998C-4C78-8E86-8E1B7EBD7CF8}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{C9896FCC-B4D6-4AF5-8A74-E3BFC6018B07}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{87DC1124-8A47-4B93-9A10-F059FC4FC015}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{532CE3C6-CA76-4870-AB59-55CB520C0283}] => (Allow) R:\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{E5A4DE86-072F-424B-8829-39F66091EEAB}] => (Allow) R:\Steam\steamapps\common\Tyto Ecology\TytoEcology.exe
FirewallRules: [{A8EF644C-6CC4-4E50-95F5-FB4AF795C123}] => (Allow) R:\Steam\steamapps\common\Tyto Ecology\TytoEcology.exe
FirewallRules: [{F3768EC0-1D32-4103-BBA4-90D55D1FDB29}] => (Allow) R:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{10986CC8-7259-48DF-A2CF-F576B6E5D3A9}] => (Allow) R:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC098E9E-21A9-4A73-AA9C-2046327B861B}] => (Allow) R:\Steam\Steam.exe
FirewallRules: [{ECDCB9E5-5111-430D-9534-0340973DA62C}] => (Allow) R:\Steam\Steam.exe
FirewallRules: [{A5BC8899-8592-49E2-9857-EBD6674C0521}] => (Allow) R:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{4BD7972C-D7F0-4A7B-BD9D-818354E0D457}] => (Allow) R:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{77C1C81C-C8FF-4F16-AAE8-0E56FB0591E7}] => (Allow) R:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{BA8097D2-6B04-41E8-865A-380C90084E9B}] => (Allow) R:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{2D3A5E88-47B8-4EDF-80D7-7B05FF8E60CA}] => (Allow) R:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{49FF8257-6869-473F-9D45-9AC6FBA4A44C}] => (Allow) R:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{E8B2505B-5F48-4E97-BC78-9EBCFCC28E3F}] => (Allow) R:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{BCD62AC2-740B-4978-A0DD-0371F8B55AB2}] => (Allow) R:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{5AE408BD-1B1A-4AEC-B8BB-82F8E85B4B1A}] => (Allow) R:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{7FA55618-8E5B-4C8E-BBB7-0985FD166A3B}] => (Allow) R:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{CF63AAC4-535D-4951-9132-E7D143614D05}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon2-Steam.exe
FirewallRules: [{A0A7F59B-08FF-49FC-913B-810CBFE1D900}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon2-Steam.exe
FirewallRules: [{2D5BA3AA-6E44-44FB-AB66-FFC8AFFA02A8}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon5-Steam.exe
FirewallRules: [{A89CCEDB-9BB6-47C4-B622-31CCD1BCE511}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon5-Steam.exe
FirewallRules: [{D8243361-D008-406E-A8D6-5F5514C74041}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2fantasy-Steam.exe
FirewallRules: [{92637452-B6A9-4865-A5E4-840C59B06A7D}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2fantasy-Steam.exe
FirewallRules: [{ECC3BC26-5D88-4F4D-BBFF-79E5467C04C2}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2-Steam.exe
FirewallRules: [{1EC38792-9F3D-4C71-B0F7-EB5193150F8D}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2-Steam.exe
FirewallRules: [{185372BA-E6A1-42FD-A9AE-0792134669CD}] => (Allow) R:\SteamLibrary\steamapps\common\Wildlife Park 2\WLP2Addon1-Steam.exe
FirewallRules: [{DC9A1E05-CAF3-4D91-8C4E-4A7A893F939E}] => (Allow) R:\SteamLibrary\steamapps\common\Wildlife Park 2\WLP2Addon1-Steam.exe
FirewallRules: [{111836DA-EEFE-4D7B-B9B9-9E55D8CF00DE}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon3-Steam.exe
FirewallRules: [{F562601B-A153-4A63-894E-D7CAB9F2BCF3}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon3-Steam.exe
FirewallRules: [{7B3A0245-9B58-4E47-ACDE-D99E5A3519EE}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon4-Steam.exe
FirewallRules: [{CD86BE77-A664-4C7A-A87A-2FFB73977E69}] => (Allow) R:\Steam\steamapps\common\Wildlife Park 2\WLP2Addon4-Steam.exe
FirewallRules: [{337EE56C-8492-4FEF-A5C6-2A99B2450B99}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{687ABA32-B2A7-4066-A2CE-FE60EDE360B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9611B27F-D53A-4F88-9C56-9650036594F3}] => (Allow) R:\Steam\steamapps\common\Verdun\1914-1918 Series.exe
FirewallRules: [{CA451FB4-E8E1-4ECC-88C9-7C18D21DC085}] => (Allow) R:\Steam\steamapps\common\Verdun\1914-1918 Series.exe
FirewallRules: [{0F7CF2DF-57B6-4DDC-9AD8-4F32F4110E9D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{BA9E46EC-2942-4555-8927-57BAB2B80FE5}] => (Allow) R:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{24AB8EF8-177A-41DB-BFBC-52E9B2FC11B0}] => (Allow) R:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{5AADFAE2-2FF5-4181-914C-5490356F7A61}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1B4E25A0-448E-48CE-B302-468CD66D0FE2}] => (Allow) R:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{629C3AEF-DBE4-4DC9-9641-FC3E5EA8C01B}] => (Allow) R:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe

==================== Herstelpunten =========================

AANDACHT: Systeemherstel is uitgeschakeld

==================== Defecte Apparaatbeheer Apparaten =============

Name: Standaard PS/2-toetsenbord
Description: Standaard PS/2-toetsenbord
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (standaardtoetsenbord)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-muis (PS/2)
Description: Microsoft-muis (PS/2)
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (10/03/2017 11:02:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Explorer.EXE, versie: 10.0.15063.608, tijdstempel: 0xb00723ab
Naam van module met fout: twinui.pcshell.dll, versie: 10.0.15063.608, tijdstempel: 0xd37db1b2
Uitzonderingscode: 0x80270233
Foutmarge: 0x000000000017c65d
Id van proces met fout: 0x1b50
Starttijd van toepassing met fout: 0x01d33c8ae136eeac
Pad naar toepassing met fout: C:\WINDOWS\Explorer.EXE
Pad naar module met fout: C:\WINDOWS\system32\twinui.pcshell.dll
Rapport-id: c8349db2-1075-4e29-80d0-a67cde792598
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (10/03/2017 11:02:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Geen toegang tot bestand C:\Windows\System32\mssrch.dll om een van de volgende redenen:
Er is een probleem met de netwerkverbinding, met de schijf waarop het bestand is opgeslagen,
met de opslagstuurprogramma's op deze computer, of de schijf ontbreekt.
Programma Shell Infrastructure Host werd afgesloten vanwege deze fout.

Programma: Shell Infrastructure Host
Bestand: C:\Windows\System32\mssrch.dll

De foutwaarde wordt weergegeven in de sectie Extra gegevens.
Gebruikersactie
1. Open het bestand opnieuw.
Mogelijk is dit een tijdelijk probleem dat vanzelf wordt opgelost als het programma opnieuw wordt uitgevoerd.
2.
Als toegang tot het bestand nog steeds niet mogelijk is en
- Als het bestand zich in het netwerk bevindt,
dient de netwerkbeheerder te controleren of er geen probleem met het netwerk is en dat verbinding met de server kan
worden gemaakt.
- Als het bestand zich op een verwisselbare schijf bevindt, zoals een diskette of cd-rom, dient u te controleren
of deze schijf correct in het schijfstation is geplaatst.
3. Controleer en repareer het bestandssysteem met CHKDSK. Klik hiervoor op Start, Uitvoeren en typ CMD. Klik OK en typ CHKDSK /F op de opdrachtprompt. Druk vervolgens op ENTER.
4. Als het probleem blijft bestaan, dient u het bestand terug te zetten via een back-upmedium.
5. Bepaal of andere bestanden op dezelfde schijf kunnen worden geopend. Als dit niet zo is, is de schijf beschadigd. Als het een harde schijf is, neemt u contact op met de netwerkbeheerder of hardwareleverancier voor ondersteuning.

Aanvullende gegevens
Foutwaarde: C000009C
Type schijf: 3

Error: (10/03/2017 11:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: sihost.exe, versie: 10.0.15063.0, tijdstempel: 0x745f8759
Naam van module met fout: mssrch.dll, versie: 7.0.15063.447, tijdstempel: 0xfd5171cd
Uitzonderingscode: 0xc0000006
Foutmarge: 0x000000000004af30
Id van proces met fout: 0x1690
Starttijd van toepassing met fout: 0x01d33c8aa13c9f04
Pad naar toepassing met fout: c:\windows\system32\sihost.exe
Pad naar module met fout: C:\WINDOWS\system32\mssrch.dll
Rapport-id: 89f6fdbc-6d3d-4808-aacb-f00d8df2f185
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (10/03/2017 11:00:39 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: DESKTOP-3O58L1S)
Description: De providers kunnen niet worden aangeroepen door Client van Certificate Services als reactie op gebeurtenis 512. Foutcode 2147942593.

Error: (10/03/2017 11:00:39 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: DESKTOP-3O58L1S)
Description: Provider pautoenr.dll kan niet door Client van Certificate Services worden geladen. Foutcode 193.

Error: (10/03/2017 11:02:10 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Geen toegang tot bestand C:\Windows\System32\wersvc.dll om een van de volgende redenen:
Er is een probleem met de netwerkverbinding, met de schijf waarop het bestand is opgeslagen,
met de opslagstuurprogramma's op deze computer, of de schijf ontbreekt.
Programma Hostproces voor Windows-services werd afgesloten vanwege deze fout.

Programma: Hostproces voor Windows-services
Bestand: C:\Windows\System32\wersvc.dll

De foutwaarde wordt weergegeven in de sectie Extra gegevens.
Gebruikersactie
1. Open het bestand opnieuw.
Mogelijk is dit een tijdelijk probleem dat vanzelf wordt opgelost als het programma opnieuw wordt uitgevoerd.
2.
Als toegang tot het bestand nog steeds niet mogelijk is en
- Als het bestand zich in het netwerk bevindt,
dient de netwerkbeheerder te controleren of er geen probleem met het netwerk is en dat verbinding met de server kan
worden gemaakt.
- Als het bestand zich op een verwisselbare schijf bevindt, zoals een diskette of cd-rom, dient u te controleren
of deze schijf correct in het schijfstation is geplaatst.
3. Controleer en repareer het bestandssysteem met CHKDSK. Klik hiervoor op Start, Uitvoeren en typ CMD. Klik OK en typ CHKDSK /F op de opdrachtprompt. Druk vervolgens op ENTER.
4. Als het probleem blijft bestaan, dient u het bestand terug te zetten via een back-upmedium.
5. Bepaal of andere bestanden op dezelfde schijf kunnen worden geopend. Als dit niet zo is, is de schijf beschadigd. Als het een harde schijf is, neemt u contact op met de netwerkbeheerder of hardwareleverancier voor ondersteuning.

Aanvullende gegevens
Foutwaarde: C000009C
Type schijf: 3

Error: (10/03/2017 11:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: svchost.exe_WerSvc, versie: 10.0.15063.0, tijdstempel: 0x02799ef5
Naam van module met fout: ntdll.dll, versie: 10.0.15063.608, tijdstempel: 0x8274fd8b
Uitzonderingscode: 0xc0000006
Foutmarge: 0x0000000000065243
Id van proces met fout: 0x1974
Starttijd van toepassing met fout: 0x01d33c8aa7dff8bf
Pad naar toepassing met fout: C:\WINDOWS\System32\svchost.exe
Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll
Rapport-id: 5b308bdc-ea5a-44c7-8800-1211ff379ec8
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (10/03/2017 05:54:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3O58L1S)
Description: Het activeren van de app Microsoft.WindowsStore_8wekyb3d8bbwe!App is mislukt door de fout -2147024770. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.

Error: (10/03/2017 05:39:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3O58L1S)
Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927141. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.

Error: (10/03/2017 05:28:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3O58L1S)
Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927141. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.


Systeemfouten:
=============
Error: (10/03/2017 11:04:40 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Error Reporting Service-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
De service is al gestart.

Error: (10/03/2017 11:02:42 PM) (Source: Microsoft-Windows-CorruptedFileRecovery-Server) (EventID: 10) (User: NT AUTHORITY)
Description: Systeembestand C:\Windows\System32\mssrch.dll is mogelijk beschadigd, maar er kan niet worden bepaald of het bestand inderdaad is beschadigd (foutcode 2147956481). Geen terugzetbewerking is uitgevoerd. Voer de opdracht 'sfc /scannow' op een beheeropdrachtprompt uit als u het bestand op fouten wilt controleren en, indien nodig, wilt terugzetten.

Error: (10/03/2017 11:02:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Error Reporting Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (10/03/2017 11:02:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: De server Windows.Internal.Management.Enrollment.Enroller heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.

Error: (10/03/2017 11:02:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (10/03/2017 11:02:10 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Er is een beschadiging ontdekt in de bestandssysteemstructuur op het volume C:.

De Master File Table (MFT) bevat een beschadigde bestandsrecord. Het referentienummer van het bestand is 0x200000001257f. De naam van het bestand is "\Windows\System32\wlgpclnt.dll".

Error: (10/03/2017 11:02:10 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Er is een beschadiging ontdekt in de bestandssysteemstructuur op het volume C:.

Er is een beschadiging gevonden in de indexstructuur van een bestandssysteem. Het referentienummer van het bestand is 0x1000000023a60. De naam van het bestand is "\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData". Het kenmerk van de beschadigde index is ":$I30:$INDEX_ALLOCATION".

Error: (10/03/2017 11:02:10 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Er is een beschadiging ontdekt in de bestandssysteemstructuur op het volume C:.

De Master File Table (MFT) bevat een beschadigde bestandsrecord. Het referentienummer van het bestand is 0x2000000014c1d. De naam van het bestand is "\Windows\System32\RelPost.exe".

Error: (10/03/2017 11:02:10 PM) (Source: volsnap) (EventID: 23) (User: )
Description: There was insufficient disk space on volume \\?\Volume{b7701dc8-136f-44fc-bf90-764cd3c02594} to create the shadow copy of volume C:. Shadow copy storage creation failed.

Error: (10/03/2017 11:02:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Registratieservice voor Apparaatbeheer-service is gestopt met de volgende foutcode:
Fout tijdens een bewerking in een pagina.
.


CodeIntegrity:
===================================
Date: 2017-10-02 13:19:22.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-02 13:19:22.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-02 13:19:21.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-01 09:59:38.767
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-01 09:59:38.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Geheugen info ===========================

Processor: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Percentage geheugen in gebruik: 13%
Totaal fysiek RAM-geheugen: 16339.64 MB
Beschikbaar fysiek RAM-geheugen: 14113.94 MB
Totaal Virtueel geheugen: 18771.64 MB
Beschikbaar Virtual geheugen: 16500.05 MB

==================== Schijven ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:22.17 GB) NTFS
Drive d: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive r: (GameDisk) (Fixed) (Total:931.41 GB) (Free:75.94 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59F08B9B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 9138179F)

Partition: GPT.

==================== Eind van Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
On first scan, no infections were found with RogueKiller.

RogueKiller V12.11.18.0 (x64) [Oct 2 2017] (Gratis) Door Adlice Software
Email : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 10 (10.0.15063) 64 bits version
Gestart in : Normale mode
Gebruiker : Administrator [Administrator]
Gestart vanaf : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Datum : 10/04/2017 22:26:15 (Duur : 00:14:09)
Schakelaars : -refid

¤¤¤ Processen : 0 ¤¤¤

¤¤¤ Register : 0 ¤¤¤

¤¤¤ Taken : 0 ¤¤¤

¤¤¤ Bestanden : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host-bestand : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤

¤¤¤ Web Browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARX-00N0YB0 +++++
--- User ---
[MBR] 61c1dca39c560cad63352373bc81418b
[BSP] b20c27fc23d25b821683e7062c0a707d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ADATA SP900 +++++
--- User ---
[MBR] daf3e0770dbabb32b6f03d0c817f399b
[BSP] 0d1eb7607f018b7ac96fc7dc7305c610 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 121537 MB
User = LL1 ... OK
User = LL2 ... OK
 
I was unable to download Malwarebytes. Downloading on a seperate computer and installing through a USB stick did not work either as I have no acces to Explorer or any other means of reading the stick.

Do I now skip this step and shall I continue with AdwCleaner?
 
I have now attempted to download both AdwCleaner and Junkware Removal Tool and neither of them are downloadable. When clicking on the download link it does not automatically start the download, and right-clicking on any link and opening it in a new tab doesn't work either as the tab is closed the instant it opens.

Where do I go from here?
 
Did you try different browser?
What exactly do you mean by not having access to Explorer?
it doesn't open by clicking on its icon?
Did you try Windows key + E?
 
System is reacting quite quirky. Login doesn't even work every time. I did manage to download through Microsoft Edge and have attempted to run the programs. The system is really slow and the programs hang before they finish, and when rebooting the system is scanning and repairing C: for ages.
Explorer can't be started from the Start menu nor through Windows-E.
I will keep trying but it seems I may also have to thoroughly check my C:-drive (SSD) for critical errors. All in all: I am still working on it and will update as soon as I am able to finish the additional scans.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
823
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back