1. #1
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Lots of infected files

    Last sunday, a friend of my sister gave me her laptop because she couldn't access the internet anymore.
    My sister told me that her friend's brother had used the laptop for his own stuff + told me that her brother is not aware of all the mess on the internet when not watching of what you download.

    So, with the problem that there is internet connection, but no browser could access the internet I thought at first sight that it could be caused by bloatware as some causes this.
    After removing 75% of the unnecessary software, no browser was still able to access the internet.
    This let me think of an infection, so I downloaded Malwarebytes (free version), Adwcleaner, ESET Online Scanner (from the infected laptop) and Bitdefender Internet Security 2015(trial).
    First I started with Malwarebytes, but the scan was every time cancelled. Because of this unknown action I thought that Adwcleaner might help with this so I ran Adwcleaner. After Adwcleaner finished the scan I looked at the results (clearly adware) and let Adwcleaner remove everything.
    After Adwcleaner had removed everything I checked if any browser could access the internet and they could.
    So I downloaded ESET and with Microsoft Security Essentials I ran both scans in the morning before I had to go to school. When I came back from school I saw that ESET found about 110 infected files but Microsoft wasn't even on 50% of it, thus after cancelling the scan and removing the infections Microsoft found I removed it and installed Bitdefender.
    In the evening I ran Malwarebytes (trial version, to protect itself) and Malwarebytes found about a 400 infected files. I removed everything after checking them.
    A day later I ran Malwarebytes, ESET and Bitdefender again, Malwarebytes found again a few infected files, ESET found too some files and Bitdefender found also some files.

    This morning I again ran all 3 and again they found infected files.

    To note, in the mean time I updated windows, removed other (malware) programs and cleaned up the space and temporary files.

    Shortly, her brother has messed way too much with this laptop, I had reinstalled Google Chrome because Malwarebytes kept giving messages of blocked stuff, even when I just started Google Chrome. I didn't go too deep in the settings, because I didn't have much time although I knew there was something left.

    The logs (in dutch unfortunately, if you need help with translation please ask, saw too late that the language is not in english):
    Results of screen317's Security Check version 1.009
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Bitdefender Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome (45.0.2454.101)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender 2015 updatesrv.exe
    Bitdefender Bitdefender 2015 vsserv.exe
    Bitdefender Bitdefender 2015 bdagent.exe
    Bitdefender Bitdefender 2015 bdwtxag.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    FRST.txt
    Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:30-09-2015
    Gestart door brechje2 (Beheerder) op BRECHJE-PC (01-10-2015 12:54:14)
    Gestart vanaf C:\Users\brechje2\Desktop
    Geladen Profielen: brechje2 (Beschikbare Profielen: Brechje & brechje2)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
    Internet Explorer Versie 11 (Standaardbrowser: Chrome)
    Boot Modus: Normal
    Handleiding voor Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum


    ==================== Processen (gefilterd) =================


    (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)


    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




    ==================== Register (gefilterd) ===========================


    (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)


    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-06-30] (Bitdefender)
    HKLM-x32\...\Run: [NPSStartup] => [X]
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2010-04-16] (ASUS)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-18] (Bitdefender)
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> none
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
    GroupPolicy: Restrictie - Chrome <======= AANDACHT
    CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT


    ==================== Internet (gefilterd) ====================


    (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)


    ProxyEnable: [.DEFAULT] => Proxy is ingeschakeld.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:60289;https=127.0.0.1:60289
    Tcpip\Parameters: [DhcpNameServer] 88.159.1.200 88.159.1.201
    Tcpip\..\Interfaces\{2A2423F8-0838-48E2-B427-961326C5D6E9}: [DhcpNameServer] 88.159.1.200 88.159.1.201
    Tcpip\..\Interfaces\{E32461DA-D77C-467D-92E1-4FAEF55D24E7}: [DhcpNameServer] 10.17.6.10 10.17.6.11


    Internet Explorer:
    ==================
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-1581742277-3812218998-2531010570-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1581742277-3812218998-2531010570-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1581742277-3812218998-2531010570-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-08-13] (Bitdefender)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-28] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-28] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-08-13] (Bitdefender)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-28] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-28] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-08-13] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-08-13] (Bitdefender)
    Toolbar: HKU\S-1-5-21-1581742277-3812218998-2531010570-1004 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-08-13] (Bitdefender)
    DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe


    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Geen bestand]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-25] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Geen bestand]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-09-30]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-09-30]
    FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-09-30]
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext


    Chrome:
    =======
    CHR Profile: C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]
    CHR Extension: (YouTube) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
    CHR Extension: (Google Search) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]
    CHR Extension: (Offline Documenten) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]
    CHR Extension: (AdBlock) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-01]
    CHR Extension: (Ghostery) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-10-01]
    CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
    CHR Extension: (Gmail) - C:\Users\brechje2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx


    ==================== Services (gefilterd) ========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Bestand niet getekend]
    S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-07-24] (Bitdefender)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2015-04-22] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1540744 2015-07-27] (Bitdefender)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


    ===================== Drivers (gefilterd) ==========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2012-03-12] (Ralink Technology Corp.)
    R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
    R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
    S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-02-24] (BitDefender LLC)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
    S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
    S3 cpuz134; \??\C:\Users\brechje2\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U3 tmlwf; geen ImagePath
    U3 tmwfp; geen ImagePath


    ==================== NetSvcs (gefilterd) ===================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)




    ==================== Een Maand Aangemaakt bestanden en mappen ========


    (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


    2015-10-01 12:54 - 2015-10-01 12:54 - 00020309 _____ C:\Users\brechje2\Desktop\FRST.txt
    2015-10-01 12:53 - 2015-10-01 12:54 - 00000000 ____D C:\FRST
    2015-10-01 12:52 - 2015-10-01 12:52 - 02192384 _____ (Farbar) C:\Users\brechje2\Desktop\FRST64.exe
    2015-10-01 12:42 - 2015-10-01 12:42 - 00004806 _____ C:\Users\brechje2\Desktop\results.txt
    2015-10-01 09:30 - 2015-10-01 09:30 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-01 09:30 - 2015-10-01 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-10-01 09:28 - 2015-10-01 12:33 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-01 09:28 - 2015-10-01 09:33 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-01 09:28 - 2015-10-01 09:28 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-10-01 09:28 - 2015-10-01 09:28 - 00003804 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-10-01 09:06 - 2015-10-01 09:06 - 00000000 ____D C:\ProgramData\bdch
    2015-09-30 23:32 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-09-30 23:32 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-09-30 23:32 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-09-30 23:32 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-09-30 23:32 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-09-30 23:32 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-09-30 23:32 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-09-30 22:51 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-09-30 22:51 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-09-30 22:51 - 2015-06-03 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-09-30 22:51 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-09-30 21:51 - 2015-09-30 21:51 - 00000000 ____D C:\Program Files (x86)\Intel
    2015-09-30 21:48 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-09-30 21:48 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-09-30 21:48 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-09-30 21:48 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-09-30 21:48 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-09-30 21:48 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-09-30 21:48 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-09-30 21:48 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-09-30 21:48 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-09-30 21:48 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-09-30 21:41 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-09-30 21:41 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2015-09-30 21:41 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-09-30 21:38 - 2015-08-05 20:02 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-09-30 21:38 - 2015-08-05 20:02 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-09-30 21:38 - 2015-08-05 19:56 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2015-09-30 21:38 - 2015-08-05 19:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-09-30 21:38 - 2015-08-05 19:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-09-30 21:38 - 2015-08-05 19:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-09-30 21:38 - 2015-08-05 19:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-09-30 21:38 - 2015-08-05 19:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-09-30 21:38 - 2015-08-05 19:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-09-30 21:38 - 2015-08-05 19:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-09-30 21:38 - 2015-08-05 19:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-09-30 21:38 - 2015-08-05 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-09-30 21:38 - 2015-08-05 19:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-09-30 21:38 - 2015-08-05 19:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-09-30 21:38 - 2015-08-05 19:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-09-30 21:38 - 2015-08-05 19:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-09-30 21:38 - 2015-08-05 19:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-09-30 21:38 - 2015-08-05 19:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-09-30 21:38 - 2015-08-05 19:39 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-09-30 21:38 - 2015-08-05 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-09-30 21:38 - 2015-08-05 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-09-30 21:38 - 2015-08-05 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-09-30 21:38 - 2015-08-05 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-09-30 21:38 - 2015-08-05 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-09-30 21:38 - 2015-08-05 19:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-09-30 21:38 - 2015-08-05 18:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-09-30 21:38 - 2015-08-05 18:37 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-09-30 21:38 - 2015-08-05 18:37 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-09-30 21:36 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-09-30 21:36 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-09-30 18:28 - 2015-09-30 18:28 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2015-09-30 18:26 - 2015-09-30 18:26 - 00432467 _____ C:\ProgramData\1443630074.bdinstall.bin
    2015-09-30 18:25 - 2015-09-30 18:25 - 00000385 _____ C:\Windows\system32\user_gensett.xml
    2015-09-30 18:24 - 2015-09-30 18:24 - 00002128 _____ C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
    2015-09-30 18:24 - 2015-09-30 18:24 - 00000684 ____H C:\bdr-cf02
    2015-09-30 18:24 - 2014-12-15 18:04 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
    2015-09-30 18:23 - 2015-09-30 18:30 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\Bitdefender
    2015-09-30 18:23 - 2015-09-30 18:24 - 00253404 ____H C:\bdr-ld02
    2015-09-30 18:23 - 2015-09-30 18:24 - 00009216 ____H C:\bdr-ld02.mbr
    2015-09-30 18:23 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2015-09-30 18:23 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2015-09-30 18:23 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im02.gz
    2015-09-30 18:23 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
    2015-09-30 18:21 - 2015-09-30 18:25 - 00000000 ____D C:\ProgramData\Bitdefender
    2015-09-30 18:21 - 2015-09-30 18:21 - 00000000 ____D C:\Program Files\Bitdefender
    2015-09-30 18:21 - 2015-02-24 17:52 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2015-09-30 18:21 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2015-09-30 18:20 - 2015-09-30 18:21 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2015-09-30 18:11 - 2015-09-30 18:16 - 381287392 _____ C:\Users\brechje2\Downloads\bitdefender_is_19_64b.exe
    2015-09-30 17:40 - 2015-09-30 17:40 - 00000684 ____H C:\bdr-cf01
    2015-09-30 17:40 - 2015-09-30 17:40 - 00000385 _____ C:\Users\brechje2\AppData\Roaminguser_gensett.xml
    2015-09-30 17:39 - 2015-09-30 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
    2015-09-30 17:39 - 2015-09-30 17:40 - 00253404 ____H C:\bdr-ld01
    2015-09-30 17:39 - 2015-09-30 17:40 - 00009216 ____H C:\bdr-ld01.mbr
    2015-09-30 17:39 - 2015-09-30 17:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-09-30 17:39 - 2015-09-30 17:39 - 00000000 ____D C:\ProgramData\BDLogging
    2015-09-30 17:39 - 2015-05-29 09:50 - 01730304 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
    2015-09-30 17:39 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
    2015-09-30 17:39 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
    2015-09-30 17:39 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
    2015-09-30 17:39 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
    2015-09-30 17:36 - 2015-09-30 17:36 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\QuickScan
    2015-09-29 22:24 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAA.DLL
    2015-09-29 22:08 - 2015-09-29 22:12 - 314199040 _____ C:\Users\brechje2\Downloads\bitdefender_av_19_64b.exe
    2015-09-29 22:01 - 2015-09-29 22:01 - 00489040 _____ C:\Users\brechje2\Pictures\Documents\cc_20150929_220112.reg
    2015-09-29 21:13 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-09-29 21:13 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-09-29 18:06 - 2015-09-29 18:06 - 00125416 _____ C:\Users\brechje2\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-09-29 18:04 - 2015-10-01 09:05 - 00001270 _____ C:\Windows\setupact.log
    2015-09-29 18:04 - 2015-09-29 18:04 - 00000000 _____ C:\Windows\setuperr.log
    2015-09-29 18:03 - 2015-09-30 18:35 - 00195916 _____ C:\Windows\PFRO.log
    2015-09-29 18:03 - 2015-09-29 21:26 - 00478128 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-29 10:13 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-09-29 10:13 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-09-29 10:13 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-09-29 10:13 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-09-29 10:13 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-09-29 10:13 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-09-29 10:13 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-09-29 10:13 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-09-29 10:13 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-09-29 10:13 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-09-29 10:13 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-09-29 10:13 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-09-29 10:13 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-09-29 10:13 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-09-29 10:13 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-09-29 10:13 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-09-29 10:13 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-09-29 10:13 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-09-29 10:13 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-09-29 10:12 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-09-29 10:12 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-09-29 10:12 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-09-29 10:12 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-09-29 10:12 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-09-29 10:12 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-09-29 10:12 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-09-29 10:12 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-09-29 10:12 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-09-29 10:12 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-09-29 10:12 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-09-29 10:12 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-09-29 10:12 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-09-29 10:12 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-09-29 10:12 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-09-29 10:12 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-09-29 10:12 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-09-29 10:12 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-09-29 10:12 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-09-29 10:12 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-09-29 10:12 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-09-29 10:12 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-09-29 10:12 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-09-29 10:12 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-09-29 10:12 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-09-29 10:12 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-09-29 10:12 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-09-29 10:12 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-09-29 10:12 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-09-29 10:12 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-09-29 10:12 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-09-29 10:12 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-09-29 10:12 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-09-29 10:12 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-09-29 10:12 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-09-29 10:12 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-09-29 10:12 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-09-29 10:12 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-09-29 10:12 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-09-29 10:12 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-09-29 10:12 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-09-29 10:11 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-09-29 10:11 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-09-29 10:11 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-09-29 10:11 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-09-29 10:11 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-09-29 10:11 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-09-29 10:11 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-09-29 10:11 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-09-29 10:11 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-09-29 10:06 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-09-29 10:06 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-09-29 10:06 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-09-29 10:06 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-09-29 10:06 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-09-29 10:06 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-09-29 10:06 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-09-29 10:06 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-09-29 10:05 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-09-29 10:05 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-09-29 10:05 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-09-29 09:59 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-09-29 09:58 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-09-29 09:58 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-09-29 09:58 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-09-29 09:56 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-09-29 09:56 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-09-29 09:52 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-09-29 09:52 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-09-29 09:52 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-09-29 09:52 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-09-29 09:51 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2015-09-29 09:48 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-09-29 09:48 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-09-29 09:48 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-09-29 09:48 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-09-29 09:48 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-09-29 09:48 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-09-29 09:48 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-09-29 09:48 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-09-29 09:47 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-09-29 09:47 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-09-29 09:47 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-09-29 09:47 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-09-29 09:47 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-09-29 09:47 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-09-29 09:47 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-09-29 09:47 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-09-29 09:47 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-09-29 09:47 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-09-29 09:47 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-09-29 09:47 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-09-29 09:47 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-09-29 09:47 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-09-29 09:47 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-09-29 09:47 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-09-29 09:47 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-09-29 09:47 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-09-29 09:47 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-09-29 09:47 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-09-29 09:47 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-09-29 09:47 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-09-29 09:47 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-09-29 09:47 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-09-29 09:47 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-09-29 09:47 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-09-29 09:44 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2015-09-29 09:44 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2015-09-29 09:44 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2015-09-29 09:44 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-09-29 09:44 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-09-29 09:44 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-09-29 09:44 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-09-29 09:43 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-09-29 09:43 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-09-29 09:43 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-09-29 09:43 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-09-29 09:43 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-09-29 09:43 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-09-29 09:43 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-09-29 09:43 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-09-29 09:43 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-09-29 09:42 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-09-29 09:42 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-09-29 09:42 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-09-29 09:42 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-09-29 09:42 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-09-29 09:42 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-09-29 09:42 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-09-29 09:42 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-09-29 09:42 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-09-29 09:42 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-09-29 09:42 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-09-29 09:42 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-09-29 09:31 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-09-29 09:31 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-09-29 09:31 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-09-29 09:31 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-09-29 09:31 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-09-29 09:31 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-09-29 09:31 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-09-29 09:31 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-09-29 09:31 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-09-29 09:31 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-09-29 07:45 - 2015-09-29 07:45 - 00000000 ____D C:\Program Files (x86)\ESET
    2015-09-29 07:44 - 2015-09-29 07:44 - 02870984 _____ (ESET) C:\Users\brechje2\Downloads\esetsmartinstaller_enu.exe
    2015-09-28 22:28 - 2015-09-28 22:28 - 00001288 _____ C:\Users\brechje2\Desktop\Auslogics Disk Defrag Professional.lnk
    2015-09-28 22:28 - 2015-09-28 22:28 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\Auslogics
    2015-09-28 22:28 - 2015-09-28 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-09-28 22:28 - 2015-09-28 22:28 - 00000000 ____D C:\ProgramData\Auslogics
    2015-09-28 22:28 - 2015-09-28 22:28 - 00000000 ____D C:\Program Files (x86)\Auslogics
    2015-09-28 22:08 - 2015-09-28 22:08 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-09-28 22:08 - 2015-09-28 22:08 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-09-28 22:08 - 2015-09-28 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-09-28 22:07 - 2015-10-01 12:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-28 22:07 - 2015-09-28 22:08 - 00000000 ____D C:\Program Files\CCleaner
    2015-09-28 22:07 - 2015-09-28 22:07 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-28 22:07 - 2015-09-28 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-28 22:07 - 2015-09-28 22:07 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-09-28 22:07 - 2015-09-28 22:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-28 22:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-09-28 22:07 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-09-28 22:07 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-09-28 20:32 - 2015-09-28 20:32 - 00002994 _____ C:\Windows\System32\Tasks\{58FAC79C-968F-4FCA-8C30-115A0645CA57}
    2015-09-28 20:31 - 2015-09-28 20:31 - 00002994 _____ C:\Windows\System32\Tasks\{D85F83C1-2825-40B4-BF47-CC5E7F44619F}
    2015-09-28 20:30 - 2015-09-28 20:30 - 00002994 _____ C:\Windows\System32\Tasks\{BFDBDADD-7E58-4432-834B-11F2DD1736D0}
    2015-09-28 19:46 - 2015-09-28 19:57 - 00000000 ____D C:\ProgramData\NoextCoup
    2015-09-28 19:31 - 2015-09-28 19:31 - 00020480 ____T C:\Users\brechje2\AppData\Local\uninstall.tmp
    2015-09-27 22:40 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-09-27 22:39 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-09-27 22:39 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-09-27 22:39 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-09-27 22:39 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-09-27 22:39 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2015-09-27 22:39 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2015-09-27 22:39 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2015-09-27 22:38 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-09-27 22:38 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-09-27 22:36 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-09-27 22:36 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2015-09-27 22:36 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-09-27 22:36 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-09-27 22:35 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-09-27 22:35 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-09-27 22:35 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-09-27 22:35 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-09-27 22:35 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-09-27 22:35 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-09-27 22:35 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-09-27 22:35 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


    ==================== Een Maand Gewijzigd bestanden en mappen ========


    (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


    2015-10-01 10:44 - 2010-04-16 21:55 - 01338128 _____ C:\Windows\WindowsUpdate.log
    2015-10-01 09:31 - 2012-02-05 20:37 - 00000000 ____D C:\Users\brechje2\AppData\Local\Google
    2015-10-01 09:30 - 2010-04-16 22:21 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-01 09:27 - 2012-07-17 19:23 - 00000000 ____D C:\Users\brechje2\AppData\Local\Deployment
    2015-10-01 09:21 - 2009-07-14 06:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-01 09:21 - 2009-07-14 06:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-01 09:13 - 2013-01-24 16:34 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\Skype
    2015-10-01 09:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-30 22:33 - 2014-10-04 15:10 - 00000262 __RSH C:\ProgramData\ntuser.pol
    2015-09-30 21:56 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-09-30 21:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-09-30 21:44 - 2011-01-26 11:24 - 01658804 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-09-30 21:44 - 2009-08-04 12:15 - 00750566 _____ C:\Windows\system32\perfh013.dat
    2015-09-30 21:44 - 2009-08-04 12:15 - 00156256 _____ C:\Windows\system32\perfc013.dat
    2015-09-30 21:44 - 2009-07-14 07:13 - 01658804 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-09-30 21:25 - 2014-09-01 10:18 - 00000365 _____ C:\Users\brechje2\AppData\Roaming\YISAU
    2015-09-30 17:30 - 2011-01-26 11:25 - 00001912 _____ C:\Windows\epplauncher.mif
    2015-09-30 17:16 - 2009-07-14 07:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-09-29 21:24 - 2013-03-14 11:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-09-29 21:24 - 2013-03-14 11:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-09-29 21:21 - 2014-12-11 22:05 - 00000000 ____D C:\Windows\system32\appraiser
    2015-09-29 21:21 - 2014-05-06 16:41 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-09-29 21:21 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-29 21:17 - 2010-04-16 22:03 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-09-29 21:12 - 2013-03-14 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-09-29 21:00 - 2014-04-27 12:43 - 00000000 ____D C:\Windows\system32\MRT
    2015-09-29 18:03 - 2012-06-20 16:01 - 00000000 ____D C:\Windows\nl
    2015-09-29 11:31 - 2015-06-10 20:05 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\498BBA00-1433959555-81DF-3515-485B394A710B
    2015-09-29 07:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
    2015-09-28 22:14 - 2012-02-05 19:45 - 00000000 ____D C:\Users\brechje2
    2015-09-28 20:07 - 2012-02-05 19:47 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\Asus WebStorage
    2015-09-28 20:07 - 2010-04-16 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-09-28 20:06 - 2010-04-16 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
    2015-09-28 20:06 - 2010-04-16 22:15 - 00000000 ____D C:\Program Files\ASUS
    2015-09-28 19:53 - 2012-07-17 19:24 - 00000000 ____D C:\Users\brechje2\AppData\Local\Unity
    2015-09-28 19:47 - 2014-10-04 15:11 - 00000000 ____D C:\ProgramData\GooSavve
    2015-09-28 19:43 - 2010-04-16 22:15 - 00000000 ____D C:\Program Files (x86)\ASUS
    2015-09-28 19:31 - 2010-04-16 22:48 - 00000000 ____D C:\Windows\SysWOW64\Asus_Camera_ScreenSaver dir
    2015-09-28 19:04 - 2014-10-05 13:13 - 00000000 ____D C:\Windows\pss
    2015-09-28 18:00 - 2014-09-25 11:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-09-28 17:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-09-28 17:21 - 2015-04-05 12:25 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-09-28 17:21 - 2015-04-05 12:25 - 00000000 ___SD C:\Windows\system32\GWX
    2015-09-28 17:13 - 2012-02-09 21:18 - 00000000 ____D C:\Users\brechje2\AppData\Roaming\uTorrent
    2015-09-27 22:31 - 2010-04-16 22:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information


    ==================== Bestanden in de root van sommige mappen =======


    2014-10-04 14:16 - 2014-10-04 14:16 - 0000043 _____ () C:\Users\brechje2\AppData\Roaming\WB.CFG
    2014-09-01 10:18 - 2015-09-30 21:25 - 0000365 _____ () C:\Users\brechje2\AppData\Roaming\YISAU
    2013-01-09 19:32 - 2014-01-16 13:24 - 0011264 _____ () C:\Users\brechje2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-10-05 12:45 - 2014-10-05 16:23 - 0007608 _____ () C:\Users\brechje2\AppData\Local\Resmon.ResmonCfg
    2015-09-28 19:31 - 2015-09-28 19:31 - 0020480 ____T () C:\Users\brechje2\AppData\Local\uninstall.tmp
    2015-09-30 18:26 - 2015-09-30 18:26 - 0432467 _____ () C:\ProgramData\1443630074.bdinstall.bin
    2011-11-09 19:31 - 2011-11-09 19:31 - 0000000 _____ () C:\ProgramData\3df1baa087d8311049b8610c765e09f4_c
    2013-01-02 17:52 - 2013-04-17 16:59 - 0000081 _____ () C:\ProgramData\anwblog2011.cfg
    2010-04-16 22:32 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
    2010-04-16 22:16 - 2010-04-16 22:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-04-16 22:16 - 2010-04-16 22:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log


    ==================== Bamital & volsnap =================


    (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)


    C:\Windows\system32\winlogon.exe => Bestand is getekend
    C:\Windows\system32\wininit.exe => Bestand is getekend
    C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
    C:\Windows\explorer.exe => Bestand is getekend
    C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
    C:\Windows\system32\svchost.exe => Bestand is getekend
    C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
    C:\Windows\system32\services.exe => Bestand is getekend
    C:\Windows\system32\User32.dll => Bestand is getekend
    C:\Windows\SysWOW64\User32.dll => Bestand is getekend
    C:\Windows\system32\userinit.exe => Bestand is getekend
    C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
    C:\Windows\system32\rpcss.dll => Bestand is getekend
    C:\Windows\system32\dnsapi.dll => Bestand is getekend
    C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
    C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend




    LastRegBack: 2015-06-07 12:42


    ==================== Eind van FRST.txt ============================

  3. #3
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    Addition.txt

    Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:30-09-2015
    Gestart door brechje2 (2015-10-01 12:55:59)
    Gestart vanaf C:\Users\brechje2\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2010-08-11 10:42:32)
    Boot Modus: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-1581742277-3812218998-2531010570-500 - Administrator - Disabled)
    Brechje (S-1-5-21-1581742277-3812218998-2531010570-1000 - Administrator - Enabled) => C:\Users\Brechje
    brechje2 (S-1-5-21-1581742277-3812218998-2531010570-1004 - Administrator - Enabled) => C:\Users\brechje2
    Gast (S-1-5-21-1581742277-3812218998-2531010570-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1581742277-3812218998-2531010570-1002 - Limited - Enabled)


    ==================== Security Center ========================


    (Als een item is opgenomen in de fixlist, zal het worden verwijderd.)


    AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
    AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}


    ==================== Genstalleerde programma's ======================


    (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)


    2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
    Actualizao do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version: - Microsoft)
    Actualizao do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version: - Microsoft)
    Actualizao do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version: - Microsoft)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.7 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
    Adobe Reader 9.5.0 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
    Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{08A4BDB3-7A63-4F59-B9FA-EE80ADE88DC2}) (Version: - Microsoft)
    Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{C52A655D-F8AE-485D-908D-62CEC754B6A4}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{054186C0-F351-472E-84E8-D5E16FA08241}) (Version: - Microsoft)
    Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
    ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.6.0.0 - Auslogics Software Pty Ltd)
    Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware versie 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4753.1003 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version: - Microsoft)
    Microsoft Office Excel 2007 Help s{ (KB963678) (HKLM-x32\...\{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{15EEA099-97F0-4952-8597-88472FF062D2}) (Version: - Microsoft)
    Microsoft Office Excel 2007 Help Actualizacin (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
    Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}) (Version: - Microsoft)
    Microsoft Office Outlook 2007 Help Actualizacin (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version: - Microsoft)
    Microsoft Office Powerpoint 2007 Help s{ (KB963669) (HKLM-x32\...\{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{A7688131-70CB-4945-BAFA-11053AC34D75}) (Version: - Microsoft)
    Microsoft Office Powerpoint 2007 Help Actualizacin (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help s{ (KB963665) (HKLM-x32\...\{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{AD30F628-2AAE-43E0-A0D8-CDFA976E6A9E}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help Actualizacin (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mise jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
    Mise jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
    Mise jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
    Mise jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version: - Microsoft)
    Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version: - Microsoft)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    ROC de Leijgraaf - configuratie draadloos netwerk (verwijderen) (HKLM-x32\...\ROC de Leijgraaf - configuratie draadloos netwerk) (Version: - )
    SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
    Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
    SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
    SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
    Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
    Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
    Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
    Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
    Ulead Photo Explorer 8.5 SE Basic (HKLM-x32\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: - Ulead Systems, Inc.)
    Uninstall Dual Mode Camera (HKLM-x32\...\Dual Mode Camera_is1) (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update fr Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
    Update fr Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
    Update fr Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
    Update fr Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
    Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft)
    Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft)
    Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft)
    Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Cisco Consumer Products LLC (AM10) Net (05/11/2010 3.00.10.0000) (HKLM\...\D0A8021141D0DC83FB524DE6BDADDA7E87E399B6) (Version: 05/11/2010 3.00.10.0000 - Cisco Consumer Products LLC)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Windows Phone app for desktop (HKLM-x32\...\{54EC61F0-6D02-450E-9F1B-9506EAE9F23C}) (Version: 1.1.2726.0 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)


    ==================== Aangepaste CLSID (gefilterd): ==========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)




    ==================== Herstelpunten =========================


    30-09-2015 17:20:56 Windows Update
    30-09-2015 21:39:09 Windows Update
    30-09-2015 22:20:26 Windows Update
    30-09-2015 22:58:43 Windows Update
    30-09-2015 23:37:17 Windows Update


    ==================== Hosts inhoud: ===============================


    (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)


    2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Geplande Taken (gefilterd) =============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    Task: {0A4FC301-A132-4906-A610-937CB2A052E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {35575FD9-538F-4799-A656-A4C82EFB03DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
    Task: {443C4FF0-4D3C-4FBF-9BB8-3C6B40E1F0E3} - System32\Tasks\{D51225D4-8F53-4E1E-B3DA-A49EB4726EFE} => pcalua.exe -a E:\Install.exe -d E:\
    Task: {497A7DE7-7F0E-445B-806E-C7248879C2F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-28] (Microsoft Corporation)
    Task: {4B38C476-F37C-4187-8433-520E5EB939A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
    Task: {542E959B-EB51-4B1C-A273-64E6004F7AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {6C4FBD10-07A1-4CFF-8C2E-EB2001500392} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
    Task: {7492FE9A-00DD-4D51-8E69-5C85398EACBA} - System32\Tasks\su1x-auth-start-tool => C:\Program Files (x86)\ROC de Leijgraaf\draadloos-config\Leijgraaf-Wireless-config.exe [2012-04-03] ()
    Task: {7CF036A5-296E-4656-842C-B601262008F1} - System32\Tasks\{BFDBDADD-7E58-4432-834B-11F2DD1736D0} => Chrome.exe
    Task: {7E010587-3232-4DAD-AD6E-3F716C27C5DE} - System32\Tasks\{0966620A-B19C-46A2-AEC7-0E040510C5C0} => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    Task: {8259BAE1-B6C9-46EE-A02A-1266E02C91E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
    Task: {89DEC503-B532-41DE-A504-72A9C68B7055} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {9722FB4A-37B5-4D28-B37B-058D769BFFD9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
    Task: {99EF6585-BEF5-43C6-87DA-9F5582299F20} - System32\Tasks\{ADA01923-2A02-4F62-8C1E-B3A16C023747} => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    Task: {BC8D4A4F-3AEF-4760-9BA0-EF1D7827D982} - System32\Tasks\{748DA3DB-26F6-4662-81CB-C4048B23ABD2} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {C350D7C7-660C-451C-8D9D-76ADCD8A8D1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
    Task: {C8D9A1DC-40BB-4A62-B88D-3BDADF0F2955} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {CBC564DC-F28A-46B5-B3CA-FC49F0BB0B96} - System32\Tasks\{3F5538BE-1C4B-439F-AC89-325C73234D06} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {CCAD2CE6-4C90-4A15-9253-43981590DB0F} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {DADE9FE8-97EE-4F49-9B06-FA27AF843EAD} - System32\Tasks\{D85F83C1-2825-40B4-BF47-CC5E7F44619F} => Chrome.exe
    Task: {E92353EE-5E75-41A2-8AB1-A45CDEE956CD} - System32\Tasks\{483804D1-750F-4E01-9CBD-2B73295541F4} => pcalua.exe -a C:\Users\brechje2\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
    Task: {E9332A30-A1D0-4614-AE49-E0C138AEEEA7} - System32\Tasks\{58FAC79C-968F-4FCA-8C30-115A0645CA57} => Chrome.exe
    Task: {F56E0FE1-8AC4-4029-B5D2-C7A20362A902} - System32\Tasks\{3DA8E73E-E1C8-43CF-A783-EAACAF2EFA89} => pcalua.exe -a C:\ProgramData\YooutuebeAdiBloccke\T1NFaWyeJkyX2Ff.exe -c !x:1 /s /n /i:"ExecuteCommands;UninstallCommands"
    Task: {F759C1EA-C6F4-4D6A-9531-428D51055675} - System32\Tasks\{7CD137DF-51C4-414C-B488-3F425BC7121C} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe


    (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)


    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Geladen Modules (gefilterd) ==============


    2010-04-16 22:47 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    2014-09-25 11:29 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-09-30 18:24 - 2015-04-22 16:55 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
    2015-09-30 18:23 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
    2015-09-30 18:24 - 2015-08-13 18:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
    2015-09-30 18:24 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
    2015-09-30 18:33 - 2015-09-30 18:33 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_002\ashttpbr.mdl
    2015-09-30 18:33 - 2015-09-30 18:33 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_002\ashttpdsp.mdl
    2015-09-30 18:33 - 2015-09-30 18:33 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_002\ashttpph.mdl
    2015-09-30 18:33 - 2015-09-30 18:33 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_002\ashttprbl.mdl
    2009-07-24 19:32 - 2009-07-24 19:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2010-04-16 22:46 - 2009-05-07 10:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2010-04-16 22:46 - 2009-05-07 10:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
    2010-04-16 22:46 - 2008-01-18 08:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
    2010-04-16 22:46 - 2009-07-06 08:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
    2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-10-01 09:30 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
    2015-10-01 09:30 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll


    ==================== Alternate Data Streams (gefilterd) =========


    (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
    AlternateDataStreams: C:\Users\brechje2\Desktop\FRST64.exe:BDU


    ==================== Veilige Modus (gefilterd) ===================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)




    ==================== EXE Bestandskoppeling (gefilterd) ===============


    (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)




    ==================== Internet Explorer vertrouwde/beperkte toegang ===============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)




    ==================== Andere gebieden ============================


    (Momenteel is er geen automatische fix voor dit onderdeel.)


    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\brechje2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 88.159.1.200 - 88.159.1.201
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is uitgeschakeld.


    ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


    (Momenteel is er geen automatische fix voor dit onderdeel.)


    MSCONFIG\Services: WindowsMangerProtect => 2


    ==================== Firewall regels (gefilterd) ===============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    FirewallRules: [{E43D7ABE-A6C1-47E0-BFD9-A6DC5C43CC41}] => (Allow) svchost.exe
    FirewallRules: [{18590715-C1EC-42B9-8CE7-7ADC4DB16C95}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{E034264E-2A56-4B20-9FFD-52ED00629737}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{510D7DC0-CB20-479B-8F7F-6E390323594D}] => (Allow) LPort=2869
    FirewallRules: [{348A498A-6729-4ED3-8D6E-3457EACEE15B}] => (Allow) LPort=1900
    FirewallRules: [{2C5E0D93-84CB-4571-9AAB-F83B3FA7904A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{64ADF872-756E-42D1-80DD-FF3A33725271}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{9D30C11B-38C0-47A9-B421-D46CAD3033BF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{991014AF-3DE1-4169-9C2D-252332E5F14F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{39BF4359-8BD1-4029-A852-CCD24911BA87}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{DADC64AC-A2D8-4579-BF00-62868BF39884}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{AD51EE01-3965-4DA6-8C73-4EF851E3A60E}C:\users\brechje2\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\brechje2\appdata\local\temp\rarsfx1\x32\pcsftool.exe
    FirewallRules: [UDP Query User{FC34FBD6-92E9-4977-A4C6-5885C66D3806}C:\users\brechje2\appdata\local\temp\rarsfx1\x32\pcsftool.exe] => (Allow) C:\users\brechje2\appdata\local\temp\rarsfx1\x32\pcsftool.exe
    FirewallRules: [TCP Query User{2CED3498-64AF-4F98-8ABB-FD3DBF43CE8A}C:\users\brechje2\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\brechje2\appdata\local\temp\rarsfx1\x64\pcsftool.exe
    FirewallRules: [UDP Query User{205160A1-312A-453B-9354-87C583DE411A}C:\users\brechje2\appdata\local\temp\rarsfx1\x64\pcsftool.exe] => (Allow) C:\users\brechje2\appdata\local\temp\rarsfx1\x64\pcsftool.exe
    FirewallRules: [{B52358E0-5C7E-4848-86DB-636D960EB04A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Defecte Apparaatbeheer Apparaten =============




    ==================== Eventlog fouten: =========================


    Applicatiefouten:
    ==================
    Error: (10/01/2015 09:18:15 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
    Conflicterende onderdelen zijn:
    Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    Error: (10/01/2015 09:18:07 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
    Conflicterende onderdelen zijn:
    Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    Error: (10/01/2015 09:18:05 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
    Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
    Conflicterende onderdelen zijn:
    Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    Error: (10/01/2015 08:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Naam van toepassing met fout: CompatTelRunner.exe, versie: 10.0.10208.0, tijdstempel: 0x55b5cf7a
    Naam van module met fout: devinv.dll, versie: 10.0.10208.0, tijdstempel: 0x55b5cb74
    Uitzonderingscode: 0xc0000005
    Foutoffset: 0x000000000001ff94
    Id van proces met fout: 0xcf8
    Starttijd van toepassing met fout: 0xCompatTelRunner.exe0
    Pad naar toepassing met fout: CompatTelRunner.exe1
    Pad naar module met fout: CompatTelRunner.exe2
    Rapport-id: CompatTelRunner.exe3


    Error: (09/30/2015 09:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Naam van toepassing met fout: mbam.exe, versie: 2.3.55.0, tijdstempel: 0x557a2a02
    Naam van module met fout: MSVCR100.dll, versie: 10.0.40219.325, tijdstempel: 0x4df2be1e
    Uitzonderingscode: 0x40000015
    Foutoffset: 0x0008d6fd
    Id van proces met fout: 0xdb8
    Starttijd van toepassing met fout: 0xmbam.exe0
    Pad naar toepassing met fout: mbam.exe1
    Pad naar module met fout: mbam.exe2
    Rapport-id: mbam.exe3


    Error: (09/30/2015 07:41:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161


    Error: (09/29/2015 10:15:00 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Brechje-PC)
    Description: HRESULT:0x8004FF0A
    Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.


    Error: (09/29/2015 09:22:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile ReachFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil because of the following error: Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. (Exception from HRESULT: 0x80070020).


    Error: (09/29/2015 09:22:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil because of the following error: Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. (Exception from HRESULT: 0x80070020).


    Error: (09/29/2015 09:22:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil because of the following error: Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. (Exception from HRESULT: 0x80070020).




    Systeemfouten:
    =============
    Error: (10/01/2015 09:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
    %%1275


    Error: (10/01/2015 09:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\brechje2\AppData\Local\Temp\ehdrv.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.


    Error: (10/01/2015 09:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
    %%1275


    Error: (10/01/2015 09:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\brechje2\AppData\Local\Temp\ehdrv.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.


    Error: (10/01/2015 09:29:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
    %%1275


    Error: (10/01/2015 09:29:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\brechje2\AppData\Local\Temp\ehdrv.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.


    Error: (10/01/2015 09:20:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
    %%1275


    Error: (10/01/2015 09:20:47 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\brechje2\AppData\Local\Temp\ehdrv.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.


    Error: (10/01/2015 09:20:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De eapihdrv-service kan vanwege de volgende fout niet worden gestart:
    %%1275


    Error: (10/01/2015 09:20:47 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\brechje2\AppData\Local\Temp\ehdrv.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.




    ==================== Geheugen info ===========================


    Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
    Percentage geheugen in gebruik: 71%
    Totaal fysiek RAM-geheugen: 4061.09 MB
    Beschikbaar fysiek RAM-geheugen: 1166.21 MB
    Totaal Virtueel geheugen: 8120.38 MB
    Beschikbaar Virtual geheugen: 5278.61 MB


    ==================== Schijven ================================


    Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:22.15 GB) NTFS ==>[schijf met boot componenten (verkregen van BCD)]
    Drive d: (DATA) (Fixed) (Total:332.72 GB) (Free:332.29 GB) NTFS
    Drive f: (HERSTEL) (Removable) (Total:1.87 GB) (Free:1.45 GB) FAT32


    ==================== MBR & Partitietabel ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
    Partition 1: (Not Active) - (Size=16.6 GB) - (Type=1C)
    Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=332.7 GB) - (Type=OF Extended)


    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1.9 GB) (Disk ID: 00000000)


    Partition: GPT.


    ==================== Eind van Addition.txt ============================

  4. #4
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    A new log from checkup.txt, updated/removed Adobe software and I cannot update my previous post anymore.
    Results of screen317's Security Check version 1.009
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Bitdefender Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (45.0.2454.101)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender 2015 updatesrv.exe
    Bitdefender Bitdefender 2015 vsserv.exe
    Bitdefender Bitdefender 2015 bdagent.exe
    Bitdefender Bitdefender 2015 bdwtxag.exe
    Bitdefender Bitdefender 2015 bdtkexec.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Lots of infected files

    Hi, azw0.

    Thank you for providing the background indicating what you've already done along with the updated checkup.txt. Seeing as how you did all the preliminary work, let's hope I can find what is remaining.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [NPSStartup] => [X]
    GroupPolicy: Restrictie - Chrome <======= AANDACHT
    CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Geen bestand]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Geen bestand]
    S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
    S3 cpuz134; \??\C:\Users\brechje2\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U3 tmlwf; geen ImagePath
    U3 tmwfp; geen ImagePath
    2013-01-09 19:32 - 2014-01-16 13:24 - 0011264 _____ () C:\Users\brechje2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Task: {BC8D4A4F-3AEF-4760-9BA0-EF1D7827D982} - System32\Tasks\{748DA3DB-26F6-4662-81CB-C4048B23ABD2} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    C:\Program Files (x86)\BitTorrent
    Task: {CBC564DC-F28A-46B5-B3CA-FC49F0BB0B96} - System32\Tasks\{3F5538BE-1C4B-439F-AC89-325C73234D06} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {F759C1EA-C6F4-4D6A-9531-428D51055675} - System32\Tasks\{7CD137DF-51C4-414C-B488-3F425BC7121C} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {F56E0FE1-8AC4-4029-B5D2-C7A20362A902} - System32\Tasks\{3DA8E73E-E1C8-43CF-A783-EAACAF2EFA89} => pcalua.exe -a C:\ProgramData\YooutuebeAdiBloccke\T1NFaWyeJkyX2Ff.exe -c !x:1 /s /n /i:"ExecuteCommands;UninstallCommands"
    C:\ProgramData\Temp:4CF61E54
    AlternateDataStreams: C:\Users\brechje2\Desktop\FRST64.exe:BDU
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    axe0 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    The fixlog.txt
    Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:30-09-2015
    Gestart door brechje2 (2015-10-01 21:29:15) Run:1
    Gestart vanaf C:\Users\brechje2\Desktop
    Geladen Profielen: brechje2 (Beschikbare Profielen: Brechje & brechje2)
    Boot Modus: Normal
    ==============================================


    fixlist inhoud:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [NPSStartup] => [X]
    GroupPolicy: Restrictie - Chrome <======= AANDACHT
    CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
    HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand
    FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Geen bestand]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Geen bestand]
    S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
    S3 cpuz134; \??\C:\Users\brechje2\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U3 tmlwf; geen ImagePath
    U3 tmwfp; geen ImagePath
    2013-01-09 19:32 - 2014-01-16 13:24 - 0011264 _____ () C:\Users\brechje2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Task: {BC8D4A4F-3AEF-4760-9BA0-EF1D7827D982} - System32\Tasks\{748DA3DB-26F6-4662-81CB-C4048B23ABD2} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    C:\Program Files (x86)\BitTorrent
    Task: {CBC564DC-F28A-46B5-B3CA-FC49F0BB0B96} - System32\Tasks\{3F5538BE-1C4B-439F-AC89-325C73234D06} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {F759C1EA-C6F4-4D6A-9531-428D51055675} - System32\Tasks\{7CD137DF-51C4-414C-B488-3F425BC7121C} => C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    Task: {F56E0FE1-8AC4-4029-B5D2-C7A20362A902} - System32\Tasks\{3DA8E73E-E1C8-43CF-A783-EAACAF2EFA89} => pcalua.exe -a C:\ProgramData\YooutuebeAdiBloccke\T1NFaWyeJkyX2Ff.exe -c !x:1 /s /n /i:"ExecuteCommands;UninstallCommands"
    C:\ProgramData\Temp:4CF61E54
    AlternateDataStreams: C:\Users\brechje2\Desktop\FRST64.exe:BDU
    EmptyTemp:
    end
    *****************


    Herstelpunt is succesfol gemaakt.
    Proces succesvol afgesloten.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => waarde is succesvol verwijderd.
    C:\Windows\system32\GroupPolicy\Machine => is succesvol verplaatst.
    C:\Windows\system32\GroupPolicy\GPT.ini => is succesvol verplaatst.
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst.
    "HKLM\SOFTWARE\Policies\Google" => sleutel is succesvol verwijderd.
    "HKU\S-1-5-21-1581742277-3812218998-2531010570-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => sleutel is succesvol verwijderd.
    "HKCR\PROTOCOLS\Handler\livecall" => sleutel is succesvol verwijderd.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => sleutel niet gevonden.
    "HKCR\PROTOCOLS\Handler\msnim" => sleutel is succesvol verwijderd.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => sleutel niet gevonden.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => sleutel is succesvol verwijderd.
    HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => sleutel niet gevonden.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => sleutel is succesvol verwijderd.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1" => sleutel is succesvol verwijderd.
    b06bdrv => dienst is succesvol verwijderd.
    cpuz134 => dienst is succesvol verwijderd.
    tmlwf => dienst is succesvol verwijderd.
    tmwfp => dienst is succesvol verwijderd.
    C:\Users\brechje2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => is succesvol verplaatst.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC8D4A4F-3AEF-4760-9BA0-EF1D7827D982}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC8D4A4F-3AEF-4760-9BA0-EF1D7827D982}" => sleutel is succesvol verwijderd.
    C:\Windows\System32\Tasks\{748DA3DB-26F6-4662-81CB-C4048B23ABD2} => is succesvol verplaatst.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{748DA3DB-26F6-4662-81CB-C4048B23ABD2}" => sleutel is succesvol verwijderd.
    "C:\Program Files (x86)\BitTorrent" => bestand/map niet gevonden.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBC564DC-F28A-46B5-B3CA-FC49F0BB0B96}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBC564DC-F28A-46B5-B3CA-FC49F0BB0B96}" => sleutel is succesvol verwijderd.
    C:\Windows\System32\Tasks\{3F5538BE-1C4B-439F-AC89-325C73234D06} => is succesvol verplaatst.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F5538BE-1C4B-439F-AC89-325C73234D06}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F759C1EA-C6F4-4D6A-9531-428D51055675}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F759C1EA-C6F4-4D6A-9531-428D51055675}" => sleutel is succesvol verwijderd.
    C:\Windows\System32\Tasks\{7CD137DF-51C4-414C-B488-3F425BC7121C} => is succesvol verplaatst.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7CD137DF-51C4-414C-B488-3F425BC7121C}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F56E0FE1-8AC4-4029-B5D2-C7A20362A902}" => sleutel is succesvol verwijderd.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F56E0FE1-8AC4-4029-B5D2-C7A20362A902}" => sleutel is succesvol verwijderd.
    C:\Windows\System32\Tasks\{3DA8E73E-E1C8-43CF-A783-EAACAF2EFA89} => is succesvol verplaatst.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DA8E73E-E1C8-43CF-A783-EAACAF2EFA89}" => sleutel is succesvol verwijderd.
    Kon niet verplaatsen "C:\ProgramData\Temp:4CF61E54" => Gepland te verplaatsen bij herstart.
    C:\Users\brechje2\Desktop\FRST64.exe => ":BDU" ADS is succesvol verwijderd..
    EmptyTemp: => 935.7 MB tijdelijke gegevens verwijderd.

  7. #7
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    The JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by brechje2 on do 01-10-2015 at 21:48:16,77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    ~~~ Services






    ~~~ Tasks






    ~~~ Registry Values


    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant






    ~~~ Registry Keys






    ~~~ Files


    Successfully deleted: [File] C:\Users\brechje2\Appdata\Local\uninstall.tmp
    Successfully deleted: [File] C:\ProgramData\1443630074.bdinstall.bin






    ~~~ Folders


    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{00AC01C3-ED85-43CE-A192-82A68825FE54}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{01D4C476-6EAC-496B-94AE-F43C29382F36}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{03ABC67A-10EB-4D5F-8E3C-578FAC6CEEB6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{053828D0-66C1-464A-AEBB-E64AC57B0425}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{061D0A8E-21BE-4E2A-A978-CD27780B14B4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0653F188-F1DB-4447-B294-EAC9A09E47FE}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{07564D77-7895-4F83-8192-FD278FC74068}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{07961FF5-F668-4DF1-9189-6A6F6176F558}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{082C1117-31C7-482F-A839-823735A5B309}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{09B672FC-5F74-4626-9F9C-3F44D75A4107}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0BD88832-25C6-4474-A08E-54AE735D8FEB}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0CE14E9D-9442-42AC-96E6-071A79D2DCFA}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0D2BF7AF-3F77-490E-8D08-AEF26D593093}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0EC41B3E-6A2D-448C-8235-0689999A5BAB}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{0F14D4DB-7F47-4EA6-8BB4-E0181044A029}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{10FAA39A-0FA9-471D-8246-BFD580ED31BE}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1210232B-277F-4399-8403-97D5E6B95F70}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{143E9E31-F1A8-4E35-A1DD-F87F2293C5DF}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{15C0CB60-E5BE-4E0F-B14C-39253F8E63FE}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1716410E-4F8A-40F4-978F-DB1928C15075}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{18DF433C-6D05-4E65-8306-880BCBC987A6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1914379A-0DC3-4A21-A7AA-DC19B0291B91}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1A0B9100-0F43-4635-B357-65A03778CACC}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1CD020F8-4017-49D8-A2A7-E9CC988844C5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1D487B2B-B335-4C01-80FC-DBB79B849E72}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{1D8BF411-6EDC-45D7-BD00-7C5D60F415E7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{23BC2FD6-075F-4061-AFF8-B1C3CAA2E0E4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{25B5328F-C56B-487D-85FA-F7D94661D322}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{26CCC408-D4A6-45CA-AEE9-189E555F1C58}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2B1FE633-D588-4AEF-8890-7A90F646B090}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2B6E7C8C-FA54-4BA5-A380-ADF79BFA2AE5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2BC1F267-7907-4C5B-BC2B-4E8AA67F6023}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2CA50736-AC78-4502-8650-64EF0BFD5793}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2CDBFDE5-86BC-41AB-B432-85D4DDD6C7A7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2E3A25A1-65DE-47FC-BB82-CF3ADEEFAFC2}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2E96F0A9-9FB4-4193-A770-282615A49BA9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{2F7E3FF3-8242-4A04-89DB-4F1F392813D9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{30DEB7EE-040A-4018-A9C1-7C28AA4426F7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{31F20156-715D-4173-9313-B83599ADCAB4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{31F43342-8266-49EB-AB3A-329770969963}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{35FA965C-9B47-450C-923F-075F39EF00C4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{36D7256C-D54F-4CC9-933D-23792E658DF4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{38010746-0046-4A22-87AF-5202590AE03A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{3C8E3074-182F-4E3B-8671-CB9872DF2A81}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{3CF5A761-6ED3-42E2-8E9F-16F7E437701A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{3D59E269-F14B-488D-BC15-32BD9D8061B7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{3DFF5E72-B9AD-498A-A5B0-2F4DA6F2B7A3}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{3E668402-A7FC-4154-A00C-5E397133CFAA}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4020397B-7D51-4F8F-A389-17C7BD731D68}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{41EAE2B1-0EF4-4951-98DA-EB5683FFCD50}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{42218979-F644-4079-9291-015D83F7D435}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{42A989D6-A744-46F2-81B5-ED99E31AACEE}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4487F38E-AF79-42DF-B1A9-FCA331B7316C}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4601B500-07AA-4E90-9AE4-5F7D09789C21}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{46C171DC-D0B7-41FB-ADDF-6EB32DD1DA0A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{47DB8781-331D-444D-8E40-FC1319D7E643}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{48EC4D61-B351-4012-8282-B5346ACF2085}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4A721943-C60E-4471-80D6-1FD600D7A5C2}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4B5FCEC3-AB76-4D06-BCC6-54605FD5426B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4B78BA8A-9378-4E71-A196-B9557AC7F39E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4BBD0253-BB62-4F73-912E-914B1CCC284D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4CF9DFBD-22C9-4D2F-8E85-669B9F56C8A0}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4D1397CF-4D59-4B44-A885-EA9F56AE3881}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4D32AACE-497E-4660-A2C9-3F07E74A084F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{4F2D16BE-A0E9-4A71-AFF8-684FF7349615}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{507892D1-ED01-4D42-9824-7794B39C5D53}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5106C077-D009-4BD8-B049-67CDB202871B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{51807E8B-FD12-4891-BC4C-A8896217F18B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5259AD46-E7C9-4F01-8FA3-42B293E5A784}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{528098C7-7940-469B-9A02-F8B94824EC3B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{53690664-22E4-4923-8CE0-A41BE7C9B172}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{55E4EE8E-8EF1-48C4-A18E-59B1B89D19E9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{568825F9-30B5-4EE7-AE63-A1294C695545}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{583F2002-580E-4BBA-9A58-2FC97155E1CE}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{58562E6A-16EC-48A4-A253-25A27C70CCE4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{586FB9C0-135D-4061-B06E-773AD7B2CED2}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5973AAB8-EDDB-4AAD-87C6-054695BCB490}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{59E9AA73-3095-4563-A950-4233E5B3EB07}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5A0872B9-1659-4FB3-8AA7-09D6792F2FF2}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5A6441A8-8CC5-43DC-B836-99EA5F15040D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5B65651B-9CAE-4DC6-8051-E06CB8D7AC49}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{5EB6E5DF-51E4-46ED-9961-5ABADA606A52}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{60EF1E5D-DA50-4D32-8728-0B6CAE0B94F6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6185C620-4EFE-4EE0-9725-2D27C6D11B69}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{618B674E-A379-4486-B6B4-F0362D384EB3}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{61A9B673-D2F5-4B2F-B685-657CD0EA95B6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{63C1500F-5FDF-4A35-BF2D-B2F0290A6C3C}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6482DBBA-945D-40F7-88F6-74B2D397A0E8}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{64C7BF39-88C3-4BF2-9438-E26E03A8593D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{64CB8E5F-2F8B-494F-B843-478B090C0C42}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{65899319-04F4-4E5B-B00B-1CEA1F31A603}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6635D071-D69C-46DE-B7D7-6EEDD7F21A41}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{66E2CE8B-2A2A-4C8B-BB7E-2B5FA4885AD3}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{676E83A3-BAEF-48E6-8BD3-77191C47B176}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{68E189DD-1431-44C4-B1D9-5E8B3E0903CB}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6AF1AD12-C1F6-4E52-96D5-CDF333045302}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6C81441D-C369-418C-A469-994734CDF32A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{6E44C80B-D36B-4221-8CE5-37E1C43A1C18}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{70B2E121-9D4F-4131-B55A-0D0D1FE7157A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{71D6F753-9604-40DC-A45E-23796197FC21}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{71EF7852-B812-4110-A92D-9FE462750541}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7206F541-9DD9-455D-A664-3A9AEA18E64F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{75754B10-12D6-4D83-AEAB-C56A30BE5317}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{75BE772A-D689-4D0E-8628-4AC47DC69FBA}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{78D5424E-5B70-45EA-A4EE-B1A6D01F9DE8}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7969E1D4-4358-4C20-AE55-37230700D706}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7B4BD9DA-D065-4E22-80D7-83D667F17241}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7B77DC23-0BDB-4D1F-97B9-C3E8C44E257E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7CA37CEA-42D9-49BC-A7CB-9D8DCCE09A27}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7DB57EE2-E68C-485C-8C77-B1C082A03FD5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{7E8F9F07-5B20-4E23-A325-83DAAB2A16E7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{8092E2C1-0551-4DC0-A495-C2C769001642}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{810CBEE8-E79A-43FB-84F3-CC55F0482E3B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{8271775D-FE07-4F08-B73C-44C33E66CC07}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{849FD73A-82A1-45A5-A6B6-00237C0E57FB}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{85B476B3-50BC-42F3-8E32-2C3919A036D5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{88A6060B-2225-4636-B979-F7ACA2A2F3A1}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{8C4F8FB9-FCA3-4512-A0FA-E54C16DB2A8D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{8E74012B-5324-40A3-BBE4-8FFFA4B35831}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{8FC3CC8D-451E-4C4A-B04A-78C81F34BCC3}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{9203E98F-EF0B-430E-AEA3-83F2BF72230B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{923CBF51-A66D-4373-9790-0B5024DC62DA}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{924991C7-3C3B-4EB2-A692-BF5478B7DE3B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{93ED4751-E226-4DEC-95B3-B23268307E6E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{956C04A0-1077-49BB-BB2C-EA6475B43C9F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{97B9B1CB-3172-463C-8207-6A6D02C86FC6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{9AE071C2-ABB4-4107-9073-6A6C201A61A9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{9B7A81CA-D899-483F-BAD7-8FD94CC51219}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{9DA0FE9E-A3D4-42C7-BE01-5AE395A4EE23}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{9E367425-AD27-4977-AAC7-1A06440EBB9B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{A034CA25-B367-4140-8BD7-BDA5C97BC713}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{A206F560-4A02-4896-BAF5-C90E8244FBBF}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{A6E5617C-D2C7-4DA2-BA1D-EE6E44CE106B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{A886F20B-5B05-4FDD-957C-E633DD6F2AA4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{A9566519-7931-4C4D-B874-EFDE7565FF2E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AA060B33-40F5-4C0F-A86E-8BEBB78918C6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AB21FDF2-3667-4D99-9A23-1EBD92B63AB1}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AB3240E4-B861-4519-8675-062D96EA6333}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{ABDA4D78-3EFC-498C-A2F8-1D3CDB3F1622}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AC1159FA-6FBC-408A-9DD9-052801FDBB2D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AD4A7126-0051-43AF-8CF1-2387D8579A18}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AE0F5C78-3A02-4F81-9C83-D6D65D0FC735}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AF349482-5151-46D5-9DCF-FBC30BFA76E8}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{AF3BFF01-E19E-4A97-88C9-D799CD607C2E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B123DC11-D833-4660-A3FA-B7098A20F937}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B1FED363-A1C5-40B2-BA71-F85134B8501F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B27CFF27-0030-4D83-8BB8-5DA7924BABB9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B3BAEAA8-AF96-4F24-9240-2DC1304D2AF7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B5DEB41C-5F36-4FF1-A8C8-817293C13FC9}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B7C19569-CFD0-4F77-8CA1-BE15AB5CEDDC}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B8AB89F0-263F-45F8-8D23-7BE0ADDA3949}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B8C8B55E-7059-42D2-8FAF-3C444D820522}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{B9D1B3EA-12C8-4AB6-BA9A-5BB44815FFA2}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C08ECDB8-AE05-4640-B50A-3884384DF9F6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C4435BE6-24CA-44CF-BED8-CD8814800D87}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C4497E53-5D51-4501-8178-116759C9A8E4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C45C5059-5DCE-4379-BBA0-B01473E79515}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C46341AD-963D-4C24-B870-66C22FC6E30F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C754B7B2-5614-4079-B197-166FA0F56C4A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{C8E17E33-E093-491F-8FFF-682929F2002B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{CA34D79E-3CC8-41F7-951A-07108DF5646D}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{CB3E2771-1B60-45E4-AE2D-754822DD322F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{CBBB405C-98E3-4E83-9519-4ECDC2AED4A5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{CCDD2B66-C61C-4D6E-A3CA-B0ED651F53A7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D2EAB8A8-6706-4DC4-AFEF-DD3E49C77F63}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D507A925-7F90-48F6-BF41-0F891D808B3E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D561E3F2-4FF7-417F-A573-86F353623A84}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D562015E-C60C-4FCF-B824-362EB2ADA160}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D5705A1E-0312-466D-9690-8429A6A1A21F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D5BD5C3A-3E8C-4ECF-87C8-F0EB137E1F7E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D7034DE0-835D-48C2-BD61-A23281DF5EDF}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{D9327DCE-AA36-4429-9F9E-AE0C0E3C5BB0}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{DC3C72E5-5CF3-41C0-8D21-51B2B27A854A}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{DF691111-9284-46DD-90D8-A8CEBBC01087}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E08F8BA3-23CD-4AA7-B1A7-190CCA6595D3}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E12424A1-E05E-4752-9CB5-0714A8D3B1CD}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E48119AF-FF9F-4936-BE3D-C0E9324EC913}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E4F769B3-C655-400F-B445-FD813C5418D6}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E58E92D2-2AB7-48BE-B913-0894388229D4}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E5987EFC-25BD-43FE-B431-F6E9585DAF5E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{E5992B02-E9B4-4F59-9554-B543FE38E61B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EA3FA2B7-C941-43F1-8EB4-97290C03E74B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EA909E73-AC5D-48A8-BEFA-151CEE1BC22F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EB2DF43C-C553-4536-983A-29126284D110}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EC8FC604-E52E-4B24-8861-B58B897FB3B0}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EDD15C76-A8BC-414C-B8D7-15D72FF3E4D5}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EDD2327B-993A-4924-95B9-095481479EA7}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{EF90E3A7-F9B4-42F1-B400-94361C39B963}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F0A5CEBE-3BFB-43B5-981C-4964E54C4B08}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F4B2303D-A773-4162-8715-181D33373480}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F57987FC-9801-4B23-84C8-08C94AB1003B}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F6BC5B93-2875-4C0E-AEBE-1D591F30B073}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F6DA45FE-F210-4CEC-B7F1-572938D70650}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F7445DA6-E0AE-4E62-AECF-DEC0E713A687}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F7C97986-9510-42D4-B488-7CA46B1E957E}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F84E77DF-1DCF-467D-A9AE-A19CFF56D832}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F86CB3E3-E0A0-4B69-9B52-73BA693F4A06}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{F886A10F-D142-4FEE-ABE7-E16EA579E9C1}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{FB3D89FE-4EAE-4E4C-9A36-DF6E84ABC489}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{FB759D3F-396C-43EE-A3B3-C6B0D3C0AC9F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{FC6A1B6D-E9CD-403B-A8EA-23F8FDE6DA14}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{FEC282B4-548E-42F5-A1AA-AB534A16C79F}
    Successfully deleted: [Empty Folder] C:\Users\brechje2\Appdata\Local\{FF854C4D-1F13-4087-8786-F4A9C18039BD}






    ~~~ Chrome




    [C:\Users\brechje2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


    [C:\Users\brechje2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


    [C:\Users\brechje2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


    [C:\Users\brechje2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on do 01-10-2015 at 21:57:31,30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Lots of infected files

    How is your sister's friend's laptop working now?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    Hard to say, I don't know what has been modified and so cannot specific test because I don't know what the modificated stuff might had affected.

    In general, a little slow because of the hardware, since I reinstalled Google Chrome there are no notifications of blocked stuff and it looks like it is working fine.
    Although, I would like to make sure there are no infected files left.

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Lots of infected files

    There is never a guarantee after a system has been infected to the extent you described. It would be advisable to set up a full system scan with BitDefender and let it run to completion, even if it takes a long time. After doing that, let me know if anything is found and we'll clean up the tools used.
    axe0 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    Malwarebytes just finished the full scan and found nothing.
    Bitdefender just started scanning, I expect it to finish within a few hours and will report back.

  12. #12
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    Bitdefender finished in about 2 hours and reported
    Lots of infected files-img_20151002_171913013-jpg

  13. #13
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Lots of infected files

    Excellent, axe0. I don't believe that your sister's friend will be letting her brother near her laptop again!

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
    axe0 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  14. #14
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    The output of DelFix.txt
    # DelFix v1.011 - Logfile created 02/10/2015 at 18:02:14
    # Updated 18/08/2015 by Xplode
    # Username : brechje2 - BRECHJE-PC
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)


    ~ Removing disinfection tools ...


    Deleted : C:\FRST
    Deleted : C:\Users\brechje2\Desktop\Fixlog.txt
    Deleted : C:\Users\brechje2\Desktop\frst64.exe
    Deleted : C:\Users\brechje2\Desktop\JRT.exe
    Deleted : C:\Users\brechje2\Desktop\JRT.txt
    Deleted : C:\Users\brechje2\Desktop\SecurityCheck.exe


    ########## - EOF - ##########

  15. #15
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    407
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        1920 x 1080 @ 60 Hz
      • Operating System:
        Windows 10 Pro

    Re: Lots of infected files

    I have removed Bitdefender and am currently reverting back to MSE, the owner won't understand Bitdefender as it likely is too complicated.

    Thank you very much for your help Corrine, it is very much appreciated

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: Lots of infected files

    You are very welcome, axe0. I am happy I was able to help with the remainders after you did so much of the "grunt work".
    axe0 and Evyatar say thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Lots of help here...this tells you where to find it
    By Corrine in forum Sysnative News & Announcements
    Replies: 3
    Last Post: 01-11-2016, 05:00 PM
  2. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  3. [SOLVED] Lots of BSOD
    By Kreebons in forum BSOD, Crashes, Kernel Debugging
    Replies: 8
    Last Post: 11-06-2012, 03:53 PM

Log in

Log in