Inactive Potential malware ¨Riskware.IStealer¨

Status
Not open for further replies.

OMWeesie

Posts: 8   +0
After Mbam found the threat mentioned above I started scans with ckscanner, minitoolbox, adwcleaner, junkware removal and eset online.

I someone could help me (hopefully) confirm my laptop is clean again that would be absolutely great!

the logfiles can be found down below (eset found 15 threats and cleaned them but I cannot find the log anymore)!

I know it's Christmas and holidays and all, but a response would be hugely appreciated, as I'm trying to fix my parents' laptop and they live in a different country than me. I unfortunately leave again to my home country the 28th. No hard feelings if help doesn't make it on time, Id thought I'd give it a go!

Thanks so much in advance and regards,

Olmo
=======================================
Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Scandatum: 25-12-16
Scantijd: 14:21
Logboekbestand:
Beheerder: Ja

-Software-informatie-
Versie: 3.0.4.1269
Versie componenten: 1.0.39
Update pakketversie: 1.0.858
Licentie: Gratis

-Systeeminformatie-
Besturingssysteem: Windows 10
Processor: x64
Bestandssysteem: NTFS
Gebruiker: LAPTOP-BTTGC2PJ\Rolf & Erna

-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 355311
Verstreken tijd: 2 min, 43 sec

-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)

Module: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)

Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)

Map: 1
PUP.Optional.Booking, C:\PROGRAM FILES\Booking.COM, Verwijder-bij-herstart, [504], [310593],1.0.858

Bestand: 6
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, Verwijder-bij-herstart, [504], [310593],1.0.858
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, Verwijder-bij-herstart, [504], [310593],1.0.858
RiskWare.IStealer, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, Verwijder-bij-herstart, [11800], [147615],1.0.858
PUP.Optional.Booking, C:\USERS\PUBLIC\DESKTOP\BOOKING.COM.LNK, Verwijder-bij-herstart, [504], [310601],1.0.858

Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)


(end)







==================================

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\windows\prefetch\kmsauto net.exe-26d3b982.pf
c:\windows\prefetch\kmseldi.exe-396681d6.pf
c:\windows\prefetch\kmspico_setup.exe-ba659fff.pf
c:\windows\prefetch\kmspico_setup.tmp-4c27d381.pf
c:\windows\prefetch\kmspico_setup.tmp-66ed0bfd.pf
c:\windows\prefetch\kmsss.exe-ea251358.pf
scanner sequence 3.CH.11.XAAPRZ
----- EOF -----

-----------------------------------------------------------------------

MiniToolBox by Farbar Version: 17-06-2016
Ran by Rolf & Erna (administrator) on 25-12-2016 at 16:04:30
Running from "C:\Users\Rolf & Erna\Desktop"
Microsoft Windows 10 Home (X64)
Model: Aspire E5-575 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros QCA9377 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-netwerkverbinding" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-verbinding* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : LAPTOP-BTTGC2PJ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-AB-3A-99-0F-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter LAN-verbinding* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : CA-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
Physical Address. . . . . . . . . : C8-FF-28-FA-94-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8c07:269e:ee07:c9b8%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : zondag 25 december 2016 12:40:32
Lease Expires . . . . . . . . . . : maandag 26 december 2016 12:40:36
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 164167464
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C13CF6BA-2204-48B5-93F5-F829B42C825F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1007:f350:7d00:ecb1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1007:f350:7d00:ecb1%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 385875968
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-EA-C3-E5-54-AB-3A-99-0F-7E
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 77.67.49.154
77.67.49.155
77.67.49.150
77.67.49.148
77.67.49.153
77.67.49.151
77.67.49.152
77.67.49.149


Pinging google.com [77.67.49.154] with 32 bytes of data:
Reply from 77.67.49.154: bytes=32 time=712ms TTL=52
Reply from 77.67.49.154: bytes=32 time=674ms TTL=52

Ping statistics for 77.67.49.154:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 674ms, Maximum = 712ms, Average = 693ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=807ms TTL=46
Reply from 206.190.36.45: bytes=32 time=797ms TTL=46

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 797ms, Maximum = 807ms, Average = 802ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
7...54 ab 3a 99 0f 7e ......Realtek PCIe GBE Family Controller
5...ca ff 28 fa 94 6f ......Microsoft Wi-Fi Direct Virtual Adapter #2
10...c8 ff 28 fa 94 6f ......Qualcomm Atheros QCA9377 Wireless Network Adapter
1...........................Software Loopback Interface 1
3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.106 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.106 281
192.168.0.106 255.255.255.255 On-link 192.168.0.106 281
192.168.0.255 255.255.255.255 On-link 192.168.0.106 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.106 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.106 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
6 306 ::/0 On-link
1 306 ::1/128 On-link
6 306 2001::/32 On-link
6 306 2001:0:5ef5:79fb:1007:f350:7d00:ecb1/128
On-link
10 281 fe80::/64 On-link
6 306 fe80::/64 On-link
6 306 fe80::1007:f350:7d00:ecb1/128
On-link
10 281 fe80::8c07:269e:ee07:c9b8/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
6 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/25/2016 01:03:56 PM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/25/2016 12:30:54 PM) (Source: Application Hang) (User: )
Description: Het programma setup64.exe, versie 16.0.4266.1003 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: 20f4

Starttijd: 01d25eaaa347809b

Eindtijd: 4294967295

Toepassingspad: C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exe

Rapport-id: edb9f226-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 12:28:42 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.10586.11, tijdstempel: 0x56457cb1
Naam van module met fout: ntdll.dll, versie: 10.0.10586.122, tijdstempel: 0x56cbf9dd
Uitzonderingscode: 0xc0000409
Foutmarge: 0x00000000000953f7
Id van proces met fout: 0x1f3c
Starttijd van toepassing met fout: 0xSystemSettings.exe0
Pad naar toepassing met fout: SystemSettings.exe1
Pad naar module met fout: SystemSettings.exe2
Rapport-id: SystemSettings.exe3
Volledige pakketnaam met fout: SystemSettings.exe4
Relatieve toepassings-id van pakket met fout: SystemSettings.exe5

Error: (12/25/2016 12:27:39 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeC2RClient.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: a6c

Starttijd: 01d25ea75eb588a6

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Rapport-id: 8568c0c4-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 12:27:35 PM) (Source: Application Hang) (User: )
Description: Het programma OfficeClickToRun.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: 213c

Starttijd: 01d25ea75e6ebf8c

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

Rapport-id: 833acb66-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}

Error: (12/25/2016 11:39:32 AM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: EXCEL.EXE, versie: 16.0.4266.1003, tijdstempel: 0x55ceb394
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x133787e0
Id van proces met fout: 0x6d8
Starttijd van toepassing met fout: 0xEXCEL.EXE0
Pad naar toepassing met fout: EXCEL.EXE1
Pad naar module met fout: EXCEL.EXE2
Rapport-id: EXCEL.EXE3
Volledige pakketnaam met fout: EXCEL.EXE4
Relatieve toepassings-id van pakket met fout: EXCEL.EXE5

Error: (12/25/2016 11:25:41 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/24/2016 06:44:24 PM) (Source: Perflib) (User: )
Description: rdyboost4


System errors:
=============
Error: (12/25/2016 04:04:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Adobe Acrobat Update Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Security Assist-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De User Experience Improvement Program-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Intel(R) Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De Dashlane Upgrade Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De CCDMonitorService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (12/25/2016 03:54:21 PM) (Source: Service Control Manager) (User: )
Description: De AtherosSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.


Microsoft Office Sessions:
=========================
Error: (12/25/2016 01:04:17 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1

Error: (12/25/2016 01:03:56 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Root\Office16\UccApi.DLL1

Error: (12/25/2016 12:30:54 PM) (Source: Application Hang)(User: )
Description: setup64.exe16.0.4266.100320f401d25eaaa347809b4294967295C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exeedb9f226-ca9d-11e6-9dad-54ab3a990f7e

Error: (12/25/2016 12:28:42 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.10586.1156457cb1ntdll.dll10.0.10586.12256cbf9ddc000040900000000000953f71f3c01d25ea9ecd33007C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\SYSTEM32\ntdll.dll583082e1-9d97-49b5-a5c7-1d089899e081windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (12/25/2016 12:27:39 PM) (Source: Application Hang)(User: )
Description: OfficeC2RClient.exe16.0.7571.1326a6c01d25ea75eb588a64294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe8568c0c4-ca9d-11e6-9dad-54ab3a990f7e

Error: (12/25/2016 12:27:35 PM) (Source: Application Hang)(User: )
Description: OfficeClickToRun.exe16.0.7571.1326213c01d25ea75e6ebf8c4294967295C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe833acb66-ca9d-11e6-9dad-54ab3a990f7e

Error: (12/25/2016 12:20:51 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}

Error: (12/25/2016 11:39:32 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE16.0.4266.100355ceb394unknown0.0.0.000000000c0000005133787e06d801d25ea35495cd0aC:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEunknownccf59c8d-ca96-11e6-9dad-54ab3a990f7e

Error: (12/25/2016 11:25:41 AM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

Error: (12/24/2016 06:44:24 PM) (Source: Perflib)(User: )
Description: rdyboost4


CodeIntegrity Errors:
===================================
Date: 2016-12-25 13:10:43.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 12:43:35.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 11:48:40.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 11:40:57.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 11:39:15.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 11:25:23.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 18:32:56.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 18:30:45.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 18:27:35.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 18:24:07.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKCU\...\Host App Service) (Version: 0.272.1.357 - SweetLabs)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{60865E78-1AC5-4532-A6B0-4B028DE8A076}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{e4e126a8-f29e-4b56-947d-fe8bbdce8b1b}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.1.0.4242 - Avira Operations GmbH & Co. KG)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Malwarebytes versie 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7773 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 8065.9 MB
Available physical RAM: 3433.81 MB
Total Virtual: 9985.9 MB
Available Virtual: 4385.07 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:414.09 GB) NTFS

========================= Users: ========================================

Gebruikersaccounts voor \\LAPTOP-BTTGC2PJ

Administrador DefaultAccount Invitado
niebo Rolf & Erna
De opdracht is voltooid.


**** End of log ****
=================================



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Rolf & Erna (Administrator) on zo 25-12-2016 at 18:57:17,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1B0B107-1559-4C88-8A91-D5A3FA966DE1} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 25-12-2016 at 18:58:58,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Broni

Posts: 55,918   +506
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

OMWeesie

Posts: 8   +0
Hi Broni,

Super thanks for the swift reply. Please refer down below for the FRST and Addition logs!

Regards,

Olmo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Rolf & Erna (administrator) on LAPTOP-BTTGC2PJ (26-12-2016 12:05:46)
Running from C:\Users\Rolf & Erna\Desktop
Loaded Profiles: Rolf & Erna (Available Profiles: Rolf & Erna)
Platform: Windows 10 Home (X64) Language: Spaans (Spanje, Internationaal gesorteerd)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(SweetLabs, Inc) C:\Users\Rolf & Erna\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16481560 2016-03-22] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [26832 2016-12-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup Tray] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [159568 2016-12-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
Startup: C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2016-12-26]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8ba9c00d-86d7-4a0e-ad38-57da2aa8b3c9}: [DhcpNameServer] 40.32.1.55
Tcpip\..\Interfaces\{c13cf6ba-2204-48b5-93f5-f829b42c825f}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1526291379-3962787630-1188329440-1001 -> DefaultScope {A1B0B107-1559-4C88-8A91-D5A3FA966DE1} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default
FF DefaultSearchEngine: Google
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Extension: Amazon Assistant for Firefox - C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default\Extensions\abb-acer@amazon.com [2016-12-24]
FF Extension: No Name - C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default\Extensions\abs@avira.com [2016-12-24]
FF Extension: Mozilla Partner Defaults - C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default\Extensions\partnerdefaults@mozilla.com [2016-12-24]
FF Extension: Nederlands (NL) Language Pack - C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2016-12-25]
FF Extension: Adblock Plus - C:\Users\Rolf & Erna\AppData\Roaming\Mozilla\Firefox\Profiles\zwft5di6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-12-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-16] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [299440 2016-12-20] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3019968 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [603256 2016-03-02] (Intel Corporation)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [82968 2016-04-08] (Dashlane SAS)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-03-02] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-02-05] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-12-02] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-02-05] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2ca8e; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2ca8e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_2ca8e; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_2ca8e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2ce52; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2ce52; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2ff7e; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2ff7e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3afda; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3afda; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3c0b4; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3c0b4; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_2ca8e; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_2ca8e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-10] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-10] (Acer Incorporated)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [35416 2016-12-13] (Avira Operations GmbH & Co. KG)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-02-13] (Microsoft Corporation)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
S3 UnistoreSvc_2ca8e; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_2ca8e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_2ca8e; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_2ca8e; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [151352 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153904 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [28272 2016-12-06] (Avira Operations GmbH & Co. KG)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245760 2016-02-13] (Microsoft Corporation)
R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [185416 2015-09-06] (ELAN Microelectronic Corp.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-07-20] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21408 2016-03-10] (Acer Incorporated)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185896 2016-02-03] (Intel Corporation)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2394288 2015-11-26] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14752 2016-03-10] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 12:05 - 2016-12-26 12:06 - 00020098 _____ C:\Users\Rolf & Erna\Desktop\FRST.txt
2016-12-26 12:05 - 2016-12-26 12:05 - 00000000 ____D C:\FRST
2016-12-26 12:03 - 2016-12-26 12:03 - 02193920 _____ (Farbar) C:\Users\Rolf & Erna\Desktop\FRST64.exe
2016-12-26 12:00 - 2016-12-26 12:00 - 00000000 ____D C:\Users\Rolf & Erna\Desktop\Scanners
2016-12-25 19:09 - 2016-12-25 19:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\185F1C6D.sys
2016-12-25 18:36 - 2016-12-25 18:36 - 00000000 ____H C:\Users\Rolf & Erna\Documents\Default.rdp
2016-12-25 18:29 - 2016-12-25 18:29 - 00000017 _____ C:\Users\Rolf & Erna\AppData\Local\resmon.resmoncfg
2016-12-25 17:34 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-12-25 17:15 - 2016-12-25 17:15 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\ESET
2016-12-25 17:07 - 2016-12-25 17:07 - 04656523 _____ C:\Users\Rolf & Erna\Downloads\tdsskiller.zip
2016-12-25 17:07 - 2016-11-07 08:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Rolf & Erna\Downloads\TDSSKiller.exe
2016-12-25 16:56 - 2016-12-26 12:01 - 00000000 ____D C:\Users\Rolf & Erna\AppData\LocalLow\Mozilla
2016-12-25 16:10 - 2016-12-25 16:17 - 00000000 ____D C:\AdwCleaner
2016-12-25 15:13 - 2016-12-25 15:13 - 03977168 _____ C:\Users\Rolf & Erna\Downloads\adwcleaner_6.041.exe
2016-12-25 14:57 - 2016-12-25 14:57 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\CEF
2016-12-25 14:56 - 2016-12-25 14:56 - 00000000 ____D C:\Users\Rolf & Erna\AppData\LocalLow\Adobe
2016-12-25 14:55 - 2016-12-25 15:11 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-12-25 14:52 - 2016-12-25 15:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-25 14:52 - 2016-12-25 14:52 - 00002088 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-25 14:50 - 2016-12-25 14:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-25 14:49 - 2016-12-25 14:58 - 00000000 ____D C:\ProgramData\Adobe
2016-12-25 14:47 - 2016-12-25 14:57 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Adobe
2016-12-25 14:45 - 2016-12-25 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-25 14:12 - 2016-12-25 14:12 - 00081408 _____ C:\Users\Rolf & Erna\Documents\Test4.pub
2016-12-25 14:09 - 2016-12-25 14:09 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Apps\2.0
2016-12-25 13:55 - 2016-12-25 13:55 - 00423424 _____ C:\Users\Rolf & Erna\Documents\test2.ppt
2016-12-25 13:46 - 2016-12-25 13:46 - 00002234 _____ C:\Users\Rolf & Erna\Desktop\Word 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002226 _____ C:\Users\Rolf & Erna\Desktop\PowerPoint 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002184 _____ C:\Users\Rolf & Erna\Desktop\Access 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002172 _____ C:\Users\Rolf & Erna\Desktop\Outlook 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002172 _____ C:\Users\Rolf & Erna\Desktop\OneNote 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002170 _____ C:\Users\Rolf & Erna\Desktop\Excel 2016.lnk
2016-12-25 13:46 - 2016-12-25 13:46 - 00002148 _____ C:\Users\Rolf & Erna\Desktop\Publisher 2016.lnk
2016-12-25 13:38 - 2016-12-25 13:38 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-25 13:29 - 2016-12-25 13:29 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Acer Incorporated
2016-12-25 13:27 - 2016-12-25 13:28 - 00000000 ___HD C:\$WINDOWS.~BT
2016-12-25 13:06 - 2016-12-25 13:06 - 00002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk
2016-12-25 13:06 - 2016-12-25 13:06 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype voor Bedrijven 2016.lnk
2016-12-25 13:06 - 2016-12-25 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-hulpprogramma's
2016-12-25 13:00 - 2016-12-25 13:01 - 03815728 _____ (Microsoft Corporation) C:\Users\Rolf & Erna\Downloads\setuplanguagepack.x86.de-de_.exe
2016-12-25 12:59 - 2016-12-25 12:59 - 03813672 _____ (Microsoft Corporation) C:\Users\Rolf & Erna\Downloads\setuplanguagepack.x86.nl-nl_.exe
2016-12-25 12:57 - 2016-12-25 12:57 - 05542192 _____ (Microsoft Corporation) C:\Users\Rolf & Erna\Downloads\setuplanguagepack.x64.nl-nl_.exe
2016-12-25 12:51 - 2016-12-25 12:51 - 00008041 _____ C:\Users\Rolf & Erna\Documents\Test1.xlsx
2016-12-25 12:42 - 2016-12-25 17:47 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-12-25 12:42 - 2016-12-25 12:42 - 00003786 _____ C:\Windows\System32\Tasks\KMSAutoNet
2016-12-25 12:39 - 2016-12-26 12:05 - 00004220 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3FBBAD09-54B3-41F1-ABAE-ADB089F797FD}
2016-12-25 12:36 - 2016-12-25 12:48 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\MSfree Inc
2016-12-25 12:32 - 2016-12-25 12:32 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-25 12:31 - 2016-12-26 11:59 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-25 12:31 - 2016-12-25 12:31 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-25 12:31 - 2016-12-25 12:31 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-25 12:31 - 2016-12-25 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-25 12:31 - 2016-12-25 12:31 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-25 12:31 - 2016-11-29 07:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-25 12:29 - 2016-12-25 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-25 12:25 - 2016-12-25 13:06 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-25 12:25 - 2016-12-25 13:06 - 00002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-12-25 12:19 - 2016-12-25 13:51 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-25 11:41 - 2016-12-25 11:41 - 00000000 ____D C:\Users\Rolf & Erna\Downloads\MICROSOFT Office PRO Plus 2016 Ac
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Public\Documents\Mi música
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Reciente
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Plantillas
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Mis documentos
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Menú Inicio
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Impresoras
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Entorno de red
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Documents\Mi música
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\Datos de programa
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historial
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\Documents\Mi música
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Plantillas
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Menú Inicio
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Escritorio
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Documentos
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\ProgramData\Datos de programa
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Program Files\Archivos comunes
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 _SHDL C:\Archivos de programa
2016-12-24 19:23 - 2016-12-24 19:33 - 00000000 ____D C:\Program Files\KMSpico
2016-12-24 19:18 - 2016-12-24 19:18 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\WinRAR
2016-12-24 19:18 - 2016-12-24 19:18 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-24 19:18 - 2016-12-24 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-24 19:17 - 2016-12-24 19:18 - 00000000 ____D C:\Program Files\WinRAR
2016-12-24 18:55 - 2016-12-24 18:55 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\MicrosoftEdge
2016-12-24 18:54 - 2016-12-24 18:54 - 00002712 _____ C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-12-24 18:53 - 2016-12-24 18:53 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\AviraSpeedup
2016-12-24 18:52 - 2016-12-25 18:10 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\uTorrent
2016-12-24 18:43 - 2016-12-25 13:28 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\CrashDumps
2016-12-24 18:43 - 2016-12-24 18:43 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\NetworkTiles
2016-12-24 18:40 - 2016-12-24 18:40 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Avira
2016-12-24 18:37 - 2016-12-24 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-12-24 18:36 - 2016-12-06 16:01 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-12-24 18:36 - 2016-12-06 16:01 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-12-24 18:36 - 2016-12-06 16:01 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-12-24 18:36 - 2016-12-06 16:01 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-12-24 18:36 - 2016-12-06 16:01 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-12-24 18:35 - 2016-12-24 18:35 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\WildTangent
2016-12-24 18:34 - 2016-12-26 12:00 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-12-24 18:34 - 2016-12-24 18:34 - 00001220 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-12-24 18:34 - 2016-12-24 18:34 - 00001117 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-12-24 18:34 - 2016-12-24 18:34 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Avira
2016-12-24 18:33 - 2016-12-24 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-24 18:33 - 2016-12-24 18:36 - 00000000 ____D C:\ProgramData\Avira
2016-12-24 18:33 - 2016-12-24 18:36 - 00000000 ____D C:\Program Files (x86)\Avira
2016-12-24 18:33 - 2016-12-24 18:33 - 00001285 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-12-24 18:28 - 2016-12-24 18:28 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Mozilla
2016-12-24 18:28 - 2016-12-24 18:28 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Mozilla
2016-12-24 18:27 - 2016-12-24 18:27 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Comms
2016-12-24 18:21 - 2016-12-26 12:04 - 00818858 _____ C:\Windows\system32\perfh013.dat
2016-12-24 18:21 - 2016-12-26 12:04 - 00159472 _____ C:\Windows\system32\perfc013.dat
2016-12-24 18:21 - 2016-12-24 18:19 - 00347468 _____ C:\Windows\system32\perfi013.dat
2016-12-24 18:21 - 2016-12-24 18:19 - 00045378 _____ C:\Windows\system32\perfd013.dat
2016-12-24 18:21 - 2015-10-29 19:43 - 09893888 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons000a.dll
2016-12-24 18:21 - 2015-10-29 19:42 - 09893888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons000a.dll
2016-12-24 18:21 - 2015-10-29 19:26 - 09687552 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000a.dll
2016-12-24 18:21 - 2015-10-29 19:24 - 09566208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData000a.dll
2016-12-24 18:19 - 2016-12-24 18:19 - 00000000 ____D C:\Windows\SysWOW64\nl
2016-12-24 18:19 - 2016-12-24 18:19 - 00000000 ____D C:\Windows\system32\nl
2016-12-24 18:11 - 2016-12-24 18:11 - 00001055 _____ C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funciones opcionales.lnk
2016-12-24 18:11 - 2015-10-29 19:43 - 09482240 _____ (Microsoft Corporation) C:\Windows\system32\prm0013.dll
2016-12-24 18:10 - 2016-12-24 18:10 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Macromedia
2016-12-24 18:08 - 2016-12-24 18:08 - 00003310 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-24 18:08 - 2016-12-24 18:08 - 00000000 ____D C:\Users\Public\App Explorer
2016-12-24 18:07 - 2016-12-24 18:08 - 00002421 _____ C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-24 18:07 - 2016-12-24 18:08 - 00000000 ___RD C:\Users\Rolf & Erna\OneDrive
2016-12-24 18:07 - 2016-12-24 18:07 - 00003400 _____ C:\Windows\System32\Tasks\App Explorer
2016-12-24 18:07 - 2016-12-24 18:07 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Skype
2016-12-24 18:07 - 2016-12-24 18:07 - 00000000 ____D C:\Users\Public\Pokki
2016-12-24 18:06 - 2016-12-24 18:06 - 00001337 _____ C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrador de sonido HD.lnk
2016-12-24 18:06 - 2016-12-24 18:06 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\CareCenter
2016-12-24 18:05 - 2016-12-24 18:09 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\clear.fi
2016-12-24 18:05 - 2016-12-24 18:05 - 00001895 _____ C:\Users\Public\Desktop\Documentos de Acer.lnk
2016-12-24 18:05 - 2016-12-24 18:05 - 00000000 ____D C:\Users\Rolf & Erna\PicStream
2016-12-24 18:05 - 2016-12-24 18:05 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\AOP SDK
2016-12-24 18:05 - 2016-12-24 18:05 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\ActiveSync
2016-12-24 18:04 - 2016-12-24 18:04 - 00004890 _____ C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258
2016-12-24 18:04 - 2016-12-24 18:04 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Publishers
2016-12-24 18:03 - 2016-12-25 14:56 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Adobe
2016-12-24 18:03 - 2016-12-25 14:25 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Packages
2016-12-24 18:03 - 2016-12-24 18:04 - 00000000 ___HD C:\ProgramData\O949
2016-12-24 18:03 - 2016-12-24 18:03 - 00001788 _____ C:\Users\Public\Desktop\Compra Online.lnk
2016-12-24 18:03 - 2016-12-24 18:03 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\VirtualStore
2016-12-24 18:03 - 2016-12-24 18:03 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\TileDataLayer
2016-12-24 18:03 - 2016-12-24 18:03 - 00000000 ____D C:\Program Files\Accessory Store
2016-12-24 18:02 - 2016-12-26 12:03 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Local\Host App Service
2016-12-24 18:02 - 2016-12-24 18:07 - 00000000 ____D C:\Users\Rolf & Erna
2016-12-24 18:02 - 2016-12-24 18:03 - 00000000 ___RD C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 18:02 - 2016-12-24 18:02 - 00000020 ___SH C:\Users\Rolf & Erna\ntuser.ini
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Reciente
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Plantillas
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Mis documentos
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Menú Inicio
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Impresoras
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Entorno de red
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Documents\Mis vídeos
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Documents\Mis imágenes
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Documents\Mi música
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\Datos de programa
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\AppData\Local\Historial
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\AppData\Local\Datos de programa
2016-12-24 18:02 - 2016-12-24 18:02 - 00000000 _SHDL C:\Users\Rolf & Erna\AppData\Local\Archivos temporales de Internet
2016-12-24 18:02 - 2015-10-30 08:24 - 00000000 __RSD C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-24 18:02 - 2015-10-30 08:24 - 00000000 ___RD C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-24 18:02 - 2015-10-30 08:24 - 00000000 ___RD C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-24 18:02 - 2015-10-30 08:24 - 00000000 ____D C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-24 18:02 - 2015-03-21 01:28 - 00003236 _____ C:\Users\Rolf & Erna\Desktop\App Explorer.lnk
2016-12-24 17:59 - 2016-12-24 17:59 - 00000000 ___HD C:\ProgramData\{E4FEB43E-F69B-4D80-8F7F-D58114A44D4B}
2016-12-24 17:59 - 2016-12-24 17:59 - 00000000 ____D C:\ProgramData\miaB886.tmp
2016-12-24 17:59 - 2016-12-24 17:59 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-12-24 17:58 - 2016-12-26 11:59 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-24 17:58 - 2016-12-24 17:58 - 00000000 ____D C:\Windows\oem
2016-12-24 17:58 - 2016-12-24 17:58 - 00000000 ____D C:\ProgramData\Dashlane
2016-12-09 01:36 - 2016-12-09 01:36 - 00000040 _____ C:\Windows\spotify.preload

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 12:04 - 2016-06-09 16:46 - 00809538 _____ C:\Windows\system32\perfh00A.dat
2016-12-26 12:04 - 2016-06-09 16:46 - 00160672 _____ C:\Windows\system32\perfc00A.dat
2016-12-26 12:04 - 2016-03-18 14:40 - 02818060 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-26 12:03 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-12-26 12:02 - 2016-03-18 14:32 - 00000275 _____ C:\Windows\WindowsUpdate.log
2016-12-26 12:01 - 2016-06-09 08:02 - 00009135 _____ C:\Windows\SysWOW64\Gms.log
2016-12-26 11:58 - 2016-02-13 14:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-25 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\sru
2016-12-25 19:19 - 2016-03-18 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-25 19:19 - 2016-03-18 14:24 - 00161406 _____ C:\Windows\PFRO.log
2016-12-25 19:18 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-25 16:08 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-12-25 14:00 - 2016-06-09 07:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-25 13:30 - 2015-10-30 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 13:28 - 2016-03-18 15:23 - 00000000 ____D C:\Windows\Panther
2016-12-25 12:43 - 2016-02-13 14:12 - 00199036 _____ C:\Windows\setupact.log
2016-12-25 12:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-24 23:47 - 2016-06-09 08:03 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2016-12-24 23:46 - 2016-06-09 09:03 - 00002074 _____ C:\Windows\System32\Tasks\FUBTrackingByPLD
2016-12-24 23:46 - 2016-06-09 08:52 - 00002256 _____ C:\Windows\System32\Tasks\Power Button
2016-12-24 23:46 - 2016-06-09 08:52 - 00002180 _____ C:\Windows\System32\Tasks\Quick Access
2016-12-24 23:46 - 2016-03-18 14:40 - 00002706 _____ C:\Windows\System32\Tasks\UbtFrameworkService
2016-12-24 23:46 - 2016-03-18 14:35 - 00004302 _____ C:\Windows\System32\Tasks\Software Update Application
2016-12-24 23:46 - 2016-03-18 14:34 - 00003852 _____ C:\Windows\System32\Tasks\ACCAgent
2016-12-24 23:46 - 2016-03-18 14:34 - 00002820 _____ C:\Windows\System32\Tasks\ACC
2016-12-24 23:46 - 2016-03-18 14:34 - 00002328 _____ C:\Windows\System32\Tasks\ACCBackgroundApplication
2016-12-24 23:46 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2016-12-24 23:46 - 2015-10-30 07:28 - 00000000 __RHD C:\Users\Default
2016-12-24 18:56 - 2016-02-13 14:11 - 00341272 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-24 18:51 - 2016-03-18 14:41 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-12-24 18:51 - 2015-10-30 08:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-12-24 18:51 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-12-24 18:36 - 2016-03-18 14:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-24 18:36 - 2016-03-18 14:35 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-12-24 18:35 - 2016-03-18 14:34 - 00000000 ____D C:\Program Files (x86)\Acer
2016-12-24 18:33 - 2016-03-18 14:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-24 18:21 - 2016-02-13 13:55 - 00000000 ____D C:\Windows\OCR
2016-12-24 18:19 - 2016-06-09 16:46 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\system32\winrm
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\system32\WCN
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\system32\slmgr
2016-12-24 18:19 - 2016-02-13 13:51 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\F12
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\dsc
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\MiracastView
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\oobe
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\MUI
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\migwiz
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\Com
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\IME
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Help
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-24 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-24 18:19 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-24 18:19 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-12-24 18:19 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Dism
2016-12-24 18:19 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\servicing
2016-12-24 18:18 - 2016-03-18 14:34 - 00000000 ____D C:\ProgramData\Acer
2016-12-24 18:10 - 2016-03-18 14:45 - 00003388 _____ C:\Windows\System32\Tasks\AcerCloud
2016-12-24 18:09 - 2016-03-18 15:19 - 00000000 ___HD C:\OEM
2016-12-24 18:09 - 2016-03-18 14:45 - 00003508 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2016-12-24 18:09 - 2016-03-18 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-12-24 18:04 - 2016-03-18 14:39 - 00000000 ____D C:\Program Files\Acer
2016-12-24 18:03 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-12-24 18:00 - 2016-03-18 14:35 - 00000000 ____D C:\ProgramData\OEM
2016-12-24 17:57 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\restore
2016-12-24 17:55 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2016-12-25 18:29 - 2016-12-25 18:29 - 0000017 _____ () C:\Users\Rolf & Erna\AppData\Local\resmon.resmoncfg
2016-06-09 08:11 - 2016-06-09 08:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Rolf & Erna\AppData\Local\Temp\libeay32.dll
C:\Users\Rolf & Erna\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Rolf & Erna\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Rolf & Erna\AppData\Local\Temp\msvcr120.dll
C:\Users\Rolf & Erna\AppData\Local\Temp\oct644C.tmp.exe
C:\Users\Rolf & Erna\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-18 14:24

==================== End of FRST.txt ============================
 

OMWeesie

Posts: 8   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Rolf & Erna (2016-12-26 12:06:54)
Running from C:\Users\Rolf & Erna\Desktop
Windows 10 Home (X64) (2016-12-24 16:57:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1526291379-3962787630-1188329440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1526291379-3962787630-1188329440-503 - Limited - Disabled)
Invitado (S-1-5-21-1526291379-3962787630-1188329440-501 - Limited - Disabled)
Rolf & Erna (S-1-5-21-1526291379-3962787630-1188329440-1001 - Administrator - Enabled) => C:\Users\Rolf & Erna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3003 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\...\Host App Service) (Version: 0.272.1.357 - SweetLabs)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e4e126a8-f29e-4b56-947d-fe8bbdce8b1b}) (Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.32054 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.1.0.4242 - Avira Operations GmbH & Co. KG)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.0.14.0 - Dashlane SAS)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.4.1_WHQL (HKLM\...\Elantech) (Version: 13.6.4.1 - ELAN Microelectronic Corp.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{CCBE9F01-C2C3-469C-A508-2E23A7495E91}) (Version: 1.0.0.609 - Intel Corporation)
Malwarebytes versie 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7773 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1526291379-3962787630-1188329440-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Rolf & Erna\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

24-12-2016 17:57:17 Instalador de Módulos de Windows
24-12-2016 18:53:50 Avira System Speedup Optimization
25-12-2016 18:57:18 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {080D582C-1A89-4086-9949-61018C292A21} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {097B7AF5-9553-4D8A-8B01-F10D71A31F42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {0D29EBB0-B2E6-4098-9784-80FE625C6156} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-25] (Microsoft Corporation)
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {2BCB521A-D05F-4B92-B00F-B92C4FCBE16F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {2C1AF155-E0DB-447A-94D2-80D18FF2279C} - System32\Tasks\App Explorer => %LOCALAPPDATA%\Host App Service\Engine\HostAppServiceUpdater.exe
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {32A873C5-1CD0-4306-8F0A-4DCFA19C7902} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-03-10] (Acer Incorporated)
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {356CFF81-B02D-4D31-9AFF-383E4CE547C5} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {414AEF78-CA45-4A1A-9C28-A91686C08126} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()
Task: {41A63994-F476-4D2E-B049-9EA3DBB1B19E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-03-10] (Acer Incorporated)
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-02-13] (Microsoft Corporation)
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4B85836D-85EC-40D0-9867-93EE65F636E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {593CBC70-96AF-4386-82B5-8E6B8E8DD340} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {6B817AC4-8DDB-45A8-B8B2-620EF0AD61CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-25] (Microsoft Corporation)
Task: {6EAF93DF-B1DD-4BD0-96FA-7CBEED5935BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {8467184E-3CFD-4D4E-A7E4-58BE216BDA24} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {BCC5E6D3-D9B3-404C-9A2D-E691B4EB0863} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {CD0E4A9C-8AAD-4E2E-BD27-6676DE5F6AF0} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-03-10] (Acer Incorporated)
Task: {CEBBA8BB-AEEB-4C2C-AD12-DD7E40DD0E9F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {DF69CF96-4610-4061-8271-721F2F4A6C60} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel(R) Corporation)
Task: {E024BD6C-D6DC-4670-9C02-681DFBED5CE5} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {F65E67D6-C793-456B-AA19-383A95457A49} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-02 16:37 - 2015-12-02 16:37 - 05570064 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-12-25 12:31 - 2016-11-29 07:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-06-09 17:15 - 2016-06-09 17:15 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-06-09 17:15 - 2016-06-09 17:15 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-12-24 18:07 - 2016-12-24 18:07 - 01678560 _____ () C:\Users\Rolf & Erna\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-03-18 14:47 - 2015-05-08 18:41 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-09 17:15 - 2016-06-09 17:15 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 13:54 - 2016-02-13 13:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-09 03:45 - 2016-03-02 11:02 - 00384120 _____ () C:\Windows\system32\igfxTray.exe
2016-06-09 09:03 - 2015-05-14 08:10 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2016-01-20 19:50 - 2016-01-20 19:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-12-24 18:07 - 2016-12-24 18:07 - 01244376 _____ () C:\Users\Rolf & Erna\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-02-11 16:47 - 2016-02-11 16:47 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-12-24 18:09 - 2016-12-24 18:09 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1526291379-3962787630-1188329440-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B2563815-0116-4F47-B729-72F7CCF50205}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76587F56-337F-4995-ACE4-43E7D31A81C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C79F57A7-741A-49D6-8564-7172F3B58C12}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{9CDD2A51-6253-40EB-8D39-D052BBD659C0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{85B70559-54A5-4675-86DA-B67600A0A3D8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{C551A7E3-B7D2-4156-9250-8023D072A40B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{77880D48-B9A0-430D-9CC1-04239CF12FEA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{9B9EF959-E997-456B-8C1B-39780577E29E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D842B310-EC86-43ED-8B45-793CCB9F208A}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91D32380-1BF1-4595-B9FC-A02790710F0B}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F06393EF-34B0-4E43-8CE3-CB315DC47FB9}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{77D4F6BB-7D72-4DA5-8DB9-40883628FC6F}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D7B8855A-A228-49B8-9ED1-9B2D69B3225E}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{998D50C5-4E34-40EC-8B74-908000BE2D19}] => (Allow) C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E190053-505E-4D57-840C-3F86000B76DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{161F7985-6673-4F72-A790-B94E7BE62813}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DDB11246-4CD4-493E-9805-6C4D64571699}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{20BC3053-3E60-4F6C-A716-28749158F61F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{39340681-4BD4-4C31-9DA3-B941AD8EDBA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2016 12:00:27 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/26/2016 12:00:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/25/2016 06:57:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Toegang geweigerd.
.

Error: (12/25/2016 02:04:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/25/2016 02:03:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/25/2016 01:30:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma setup64.exe, versie 16.0.4266.1003 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: 20f4

Starttijd: 01d25eaaa347809b

Eindtijd: 4294967295

Toepassingspad: C:\Users\Rolf & Erna\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003\office\setup64.exe

Rapport-id: edb9f226-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 01:28:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.10586.11, tijdstempel: 0x56457cb1
Naam van module met fout: ntdll.dll, versie: 10.0.10586.122, tijdstempel: 0x56cbf9dd
Uitzonderingscode: 0xc0000409
Foutmarge: 0x00000000000953f7
Id van proces met fout: 0x1f3c
Starttijd van toepassing met fout: 0xSystemSettings.exe0
Pad naar toepassing met fout: SystemSettings.exe1
Pad naar module met fout: SystemSettings.exe2
Rapport-id: SystemSettings.exe3
Volledige pakketnaam met fout: SystemSettings.exe4
Relatieve toepassings-id van pakket met fout: SystemSettings.exe5

Error: (12/25/2016 01:27:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma OfficeC2RClient.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: a6c

Starttijd: 01d25ea75eb588a6

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Rapport-id: 8568c0c4-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 01:27:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma OfficeClickToRun.exe, versie 16.0.7571.1326 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.

Proces-id: 213c

Starttijd: 01d25ea75e6ebf8c

Eindtijd: 4294967295

Toepassingspad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

Rapport-id: 833acb66-ca9d-11e6-9dad-54ab3a990f7e

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (12/25/2016 01:20:51 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {61CCC35C-77F9-45E5-83B1-01E173265DF3}


System errors:
=============
Error: (12/26/2016 12:04:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (12/26/2016 11:58:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 19:19:21 op ‎25-‎12-‎2016 is onverwacht gebeurd.

Error: (12/26/2016 11:58:04 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841193824

Error: (12/25/2016 07:18:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Access_f9a18-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 07:18:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Storage_f9a18-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 07:18:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Contact Data_f9a18-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 07:18:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Host synchroniseren_f9a18-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (12/25/2016 07:18:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (12/25/2016 05:37:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalActiveren{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (via LRPC)Niet beschikbaarNiet beschikbaar

Error: (12/25/2016 05:21:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
%%1275


CodeIntegrity:
===================================
Date: 2016-12-25 14:10:43.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 13:43:35.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 12:48:40.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 12:40:57.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 12:39:15.822
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-25 12:25:23.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 19:32:56.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 19:30:45.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 19:27:35.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-24 19:24:07.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8065.9 MB
Available physical RAM: 5661.32 MB
Total Virtual: 9985.9 MB
Available Virtual: 7349.51 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:465.16 GB) (Free:412.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A74E165E)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Posts: 55,918   +506
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 

OMWeesie

Posts: 8   +0
Hi Broni,

Thanks again, I followed your instructions and you can find the logs below. The AdwCleaner link is broken and some of the instructions seem a bit outdated with the versions of the progs provided, but it was still clear enough to manage easily.

I unfortunately have to leave tomorrow and see there's still some infections being found. The culprit has to be kmspico, an activator used to activate ms office. We didn't understand the guy in the store who didn't speak English and I told my folks I'd hook them up. This was a bit of a stupid decision in hindsight... Anyway, I would appreciate it if you could tell me if further steps are really necessary to be taken, as I'd would have to find a way to remotely access this laptop from home. My folks are in no way able to follow your instructions so that would be the only option :). Please tell me what steps are absolutely necessary to remove everything malicious and I'll be sure to pursue. I cannot however promise to respond within 5 days after this, as I'm quite busy untill the new year and will have to access this computer remotely.

Thanks so much and happy holidays,

OMW

RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) door Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 10 (10.0.10586) 64 bits version
Gestart in : Normale mode
Gebruiker : Rolf & Erna [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Verwijder -- Datum : 12/27/2016 12:40:52 (Duration : 00:23:04)

¤¤¤ Processen : 0 ¤¤¤

¤¤¤ Register : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer15.msn.com/?pc=ACTE -> Niet geselecteerd
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer15.msn.com/?pc=ACTE -> Niet geselecteerd
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer15.msn.com/?pc=ACTE -> Niet geselecteerd
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1526291379-3962787630-1188329440-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer15.msn.com/?pc=ACTE -> Niet geselecteerd

¤¤¤ Taken : 1 ¤¤¤
[Suspicious.Path] \Software Update Application -- "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" -> Niet geselecteerd

¤¤¤ Bestanden : 9 ¤¤¤
[PUP.Gen1][Map] C:\ProgramData\DriverSetupUtility -> Verwijderd
[PUP.Gen1][Bestand] C:\ProgramData\DriverSetupUtility\FUB\ts.xml -> Verwijderd
[PUP.Gen1][Map] C:\ProgramData\DriverSetupUtility\FUB -> Verwijderd
[PUP.Gen1][Bestand] C:\ProgramData\DriverSetupUtility\updater2\task.bat -> Verwijderd
[PUP.Gen1][Bestand] C:\ProgramData\DriverSetupUtility\updater2\ts.xml -> Verwijderd
[PUP.Gen1][Map] C:\ProgramData\DriverSetupUtility\updater2 -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1 -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2 -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS\bin\driver\x64WDV -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS\bin\driver -> Verwijderd
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS\bin -> Verwijderd
[PUP.HackTool][Bestand] C:\ProgramData\KMSAutoS\kmsauto.ini -> Verwijderd
[PUP.HackTool][Bestand] C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Recent\Keys.lnk [LNK@] C:\PROGRA~1\KMSpico\TOKENS~1\Keys.txt -> Verwijderd
[PUP.HackTool][Bestand] C:\Users\Rolf & Erna\AppData\Roaming\Microsoft\Windows\Recent\TokensBackup.lnk [LNK@] C:\PROGRA~1\KMSpico\TOKENS~1 -> Verwijderd
[Tr.Gen0][Bestand] C:\Users\Rolf & Erna\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Verwijderd
[PUP.Gen1][Map] C:\ProgramData\DriverSetupUtility -> ERROR [3]
[PUP.HackTool][Map] C:\ProgramData\KMSAutoS -> ERROR [3]
[PUP.Gen1][Map] C:\Program Files\DriverSetupUtility -> Verwijderd bij heropstart [91]
[PUP.Gen1][Map] C:\Program Files\DriverSetupUtility\FUB -> ERROR [5]
[PUP.HackTool][Map] C:\Program Files\KMSpico -> Verwijderd
[PUP.HackTool][Bestand] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Verwijderd
[PUP.HackTool][Bestand] C:\Program Files\KMSpico\TokensBackup\Windows\cache\cache.dat -> Verwijderd
[PUP.HackTool][Map] C:\Program Files\KMSpico\TokensBackup\Windows\cache -> Verwijderd
[PUP.HackTool][Bestand] C:\Program Files\KMSpico\TokensBackup\Windows\data.dat -> Verwijderd
[PUP.HackTool][Bestand] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Verwijderd
[PUP.HackTool][Bestand] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Verwijderd
[PUP.HackTool][Map] C:\Program Files\KMSpico\TokensBackup\Windows -> Verwijderd
[PUP.HackTool][Map] C:\Program Files\KMSpico\TokensBackup -> Verwijderd

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host-bestand : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤

¤¤¤ Web Browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPCX-21VHAT0 +++++
--- User ---
[MBR] 9707ed27b2d462c7f94172a2dc67cf51
[BSP] 9d9fb60e6dd180bd4aa2abdbb8786260 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 476323 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 975749120 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK
 

OMWeesie

Posts: 8   +0
Mbam found nothing...\

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/27/16
Scan Time: 1:42 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.869
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LAPTOP-BTTGC2PJ\Rolf & Erna

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362724
Time Elapsed: 2 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 

OMWeesie

Posts: 8   +0
# AdwCleaner v6.041 - Logfile created 27/12/2016 at 13:54:47
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-26.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Rolf & Erna - LAPTOP-BTTGC2PJ
# Running from : C:\Users\Rolf & Erna\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files\DriverSetupUtility
[-] Folder deleted: C:\Users\Public\Pokki


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Software Update Application


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2054 Bytes] - [27/12/2016 13:54:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [2273 Bytes] - [27/12/2016 13:53:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2200 Bytes] ##########
 

OMWeesie

Posts: 8   +0
JRT also found nothing


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Rolf & Erna (Administrator) on di 27-12-2016 at 19:32:15,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 27-12-2016 at 19:34:27,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Broni

Posts: 55,918   +506
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

OMWeesie

Posts: 8   +0
Hi Broni,

Yes I am, but as said I'm in another country right now. I will probably be back at the relevant computer within the month though. You can close this topic if you want and I'll start a new one when I'm back over!

Thanks so much
 
Status
Not open for further replies.