Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 18-07-2017 Gestart door Familie Phillips Vra (Beheerder) op DESKTOP-T6SHBH1 (23-07-2017 12:51:16) Gestart vanaf C:\Users\Familie Phillips Vra\Downloads Geladen Profielen: Familie Phillips Vra (Beschikbare Profielen: Familie Phillips Vra) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Safe Mode (minimal) Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16427256 2016-02-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-02-18] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3352808 2015-11-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] () HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-05-26] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499128 2015-05-26] (CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2195 2016-12-01] () HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-2212958904-674450509-3633931156-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-2212958904-674450509-3633931156-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom) HKU\S-1-5-21-2212958904-674450509-3633931156-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) ProxyEnable: [S-1-5-21-2212958904-674450509-3633931156-1001] => Proxy is ingeschakeld. Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{ccadd94d-2111-464e-a30f-7d1f2ef666cf}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKU\S-1-5-21-2212958904-674450509-3633931156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE HKU\S-1-5-21-2212958904-674450509-3633931156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR NewTab: Default -> Not-active:"chrome-extension://fpeepicldbpmefboahpolegllmiglnai/stubby.html" CHR Profile: C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default [2017-07-23] CHR Extension: (Google Presentaties) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24] CHR Extension: (Google Documenten) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24] CHR Extension: (Google Drive) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24] CHR Extension: (YouTube) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24] CHR Extension: (Google Search) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24] CHR Extension: (Adobe Acrobat) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10] CHR Extension: (Google Spreadsheets) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24] CHR Extension: (Offline Documenten) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14] CHR Extension: (Gmail) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24] CHR Extension: (Chrome Media Router) - C:\Users\Familie Phillips Vra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-02] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-02] (Intel Corporation) S2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [Bestand niet getekend] S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-11-06] (ELAN Microelectronics Corp.) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-06] (NVIDIA Corporation) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) S2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-02] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] () S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-06] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-06] (NVIDIA Corporation) S2 PGFNEXSrv; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [135680 2014-08-07] () [Bestand niet getekend] S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (IntelĀ® Corporation) S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe" [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 ACSSCR; C:\WINDOWS\system32\DRIVERS\a38usb.sys [77832 2016-11-28] (Advanced Card Systems Ltd.) S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [30808 2015-11-06] (ELAN Microelectronic Corp.) S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation) S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-02] (Intel Corporation) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-23] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation) S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpmwu.inf_amd64_3141c1306e24b8d6\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-06] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-11-06] (NVIDIA Corporation) S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PegaRadioSwitch; C:\WINDOWS\System32\drivers\PegaRadioSwitch.sys [33560 2015-06-05] (Windows (R) Win 7 DDK provider) S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-07-17] (Realsil Semiconductor Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-07-23 12:51 - 2017-07-23 12:51 - 00013875 _____ C:\Users\Familie Phillips Vra\Downloads\FRST.txt 2017-07-23 12:51 - 2017-07-23 12:51 - 00000000 ____D C:\FRST 2017-07-23 12:47 - 2017-07-23 12:47 - 02382336 _____ (Farbar) C:\Users\Familie Phillips Vra\Downloads\FRST64.exe 2017-07-23 11:47 - 2017-07-23 11:47 - 02455584 _____ (Kaspersky Lab) C:\Users\Familie Phillips Vra\Downloads\kis17.0.0.611nl_fr_11112.exe 2017-07-23 11:47 - 2017-07-23 11:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-07-23 11:38 - 2017-07-23 11:38 - 00000562 _____ C:\Users\Familie Phillips Vra\Desktop\JRT.txt 2017-07-23 11:32 - 2017-07-23 11:32 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\Familie Phillips Vra\Downloads\SpyHunter-Installer.exe 2017-07-23 11:08 - 2017-07-23 11:08 - 01130328 _____ (Google Inc.) C:\Users\Familie Phillips Vra\Downloads\GoogleEarthSetup (1).exe 2017-07-23 11:07 - 2017-07-23 11:07 - 01130328 _____ (Google Inc.) C:\Users\Familie Phillips Vra\Downloads\GoogleEarthSetup.exe 2017-07-23 09:57 - 2017-07-23 09:57 - 00137868 _____ C:\Users\Familie Phillips Vra\Downloads\deutsche-alpenstrasse-1.gpx 2017-07-22 18:24 - 2017-07-22 18:30 - 2048196608 _____ C:\Users\Familie Phillips Vra\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso 2017-07-22 17:59 - 2017-07-22 18:03 - 00000000 ____D C:\AVG_Remover 2017-07-22 17:57 - 2017-07-22 17:57 - 07986864 _____ ( ) C:\Users\Familie Phillips Vra\Downloads\AVG_Remover.exe 2017-07-22 17:35 - 2017-07-22 17:36 - 00000000 ____D C:\Users\Familie Phillips Vra\Downloads\SysinternalsSuite 2017-07-22 17:33 - 2017-07-22 17:33 - 23557589 _____ C:\Users\Familie Phillips Vra\Downloads\SysinternalsSuite.zip 2017-07-22 17:20 - 2017-07-22 17:20 - 00002259 _____ C:\WINDOWS\epplauncher.mif 2017-07-22 17:16 - 2017-07-22 17:18 - 00000000 ____D C:\a28aae054bdeb229ce1241 2017-07-22 17:11 - 2017-07-22 17:12 - 00376528 _____ (Microsoft Corporation) C:\Users\Familie Phillips Vra\Downloads\RefreshWindowsTool (2).exe 2017-07-22 16:59 - 2017-07-23 12:50 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-07-22 16:59 - 2017-07-22 16:59 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-07-22 16:59 - 2017-07-22 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-07-22 16:59 - 2017-07-22 16:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-07-22 16:59 - 2017-07-22 16:59 - 00000000 ____D C:\Program Files\Malwarebytes 2017-07-22 16:59 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-07-22 13:36 - 2017-07-22 13:37 - 01790024 _____ (Malwarebytes) C:\Users\Familie Phillips Vra\Downloads\JRT.exe 2017-07-22 13:32 - 2017-07-22 13:32 - 00000000 ___HD C:\$SysReset 2017-07-22 13:23 - 2017-07-22 13:25 - 110739456 _____ C:\Users\Familie Phillips Vra\Downloads\SoundTouch-app-installer-14.80.6.708 (1).msi 2017-07-22 13:10 - 2017-07-22 13:10 - 00221662 _____ C:\Users\Familie Phillips Vra\Downloads\MicrosoftProgram_Install_and_Uninstall.meta (1).diagcab 2017-07-22 10:21 - 2017-07-22 10:28 - 65033984 _____ (Malwarebytes ) C:\Users\Familie Phillips Vra\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe 2017-07-22 10:13 - 2017-07-22 10:13 - 00738880 _____ (Oracle Corporation) C:\Users\Familie Phillips Vra\Downloads\JavaSetup8u141.exe 2017-07-22 10:07 - 2017-07-22 10:08 - 110739456 _____ C:\Users\Familie Phillips Vra\Downloads\SoundTouch-app-installer-14.80.6.708.msi 2017-07-22 09:15 - 2017-07-22 09:16 - 15082688 _____ (Microsoft Corporation) C:\Users\Familie Phillips Vra\Downloads\MSEInstall.exe 2017-07-20 23:28 - 2017-07-20 23:28 - 00003406 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2212958904-674450509-3633931156-1001 2017-07-20 16:22 - 2017-07-20 16:56 - 00000000 ____D C:\Users\Familie Phillips Vra\Desktop\20072017 2017-07-16 09:48 - 2017-07-16 11:45 - 00000000 ____D C:\$WINDOWS.~BT 2017-07-11 08:27 - 2017-07-11 08:27 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-07-08 16:29 - 2017-07-08 16:29 - 00376528 _____ (Microsoft Corporation) C:\Users\Familie Phillips Vra\Downloads\RefreshWindowsTool (1).exe 2017-07-08 15:16 - 2017-07-08 16:30 - 136490768 _____ (Microsoft Corporation) C:\Users\Familie Phillips Vra\Downloads\msert.exe 2017-07-08 14:31 - 2017-07-08 16:29 - 65033984 _____ (Malwarebytes ) C:\Users\Familie Phillips Vra\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-07-08 14:26 - 2017-07-08 14:26 - 11732709 _____ C:\Users\Familie Phillips Vra\Downloads\RansomwareFileDecryptor 1.0.1664 MUI.zip 2017-07-08 10:53 - 2017-07-08 10:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-06-28 22:53 - 2017-06-28 22:56 - 443914120 _____ (NVIDIA Corporation) C:\Users\Familie Phillips Vra\Downloads\382.53-notebook-win10-64bit-international-whql.exe 2017-06-28 22:45 - 2017-06-28 22:45 - 00221662 _____ C:\Users\Familie Phillips Vra\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-28 10:49 - 2017-06-28 10:50 - 03146880 _____ (ESET) C:\Users\Familie Phillips Vra\Downloads\eset_internet_security_live_installer (2).exe 2017-06-28 10:49 - 2017-06-28 10:49 - 03146880 _____ (ESET) C:\Users\Familie Phillips Vra\Downloads\eset_internet_security_live_installer (1).exe 2017-06-28 10:48 - 2017-06-28 10:48 - 03146880 _____ (ESET) C:\Users\Familie Phillips Vra\Downloads\eset_internet_security_live_installer.exe 2017-06-28 10:33 - 2017-06-28 10:33 - 00716448 _____ (Sysinternals - www.sysinternals.com) C:\Users\Familie Phillips Vra\Downloads\autoruns.exe 2017-06-28 08:08 - 2017-06-28 08:09 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Familie Phillips Vra\Downloads\Antivirus_Free_1896.exe 2017-06-27 10:54 - 2017-06-27 10:56 - 104822528 _____ C:\Users\Familie Phillips Vra\Downloads\BaseCamp_462 (1).exe 2017-06-27 10:34 - 2017-06-27 10:35 - 00234192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-06-27 10:32 - 2017-06-27 10:32 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Roaming\Garmin 2017-06-27 10:30 - 2017-06-27 10:30 - 00000000 ____D C:\Program Files (x86)\Wise 2017-06-27 10:28 - 2017-06-27 10:28 - 00175964 _____ C:\Users\Familie Phillips Vra\Documents\cc_20170627_102805.reg 2017-06-27 10:23 - 2017-07-23 12:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-27 10:18 - 2017-07-23 12:49 - 00000000 ____D C:\WINDOWS\pss 2017-06-27 09:44 - 2017-06-27 09:45 - 00376528 _____ (Microsoft Corporation) C:\Users\Familie Phillips Vra\Downloads\RefreshWindowsTool.exe 2017-06-26 22:48 - 2017-06-26 22:49 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Local\FSDART 2017-06-26 22:48 - 2017-06-26 22:48 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Local\F-Secure 2017-06-26 22:48 - 2017-06-26 22:48 - 00000000 ____D C:\ProgramData\F-Secure 2017-06-26 22:20 - 2017-06-26 22:20 - 09598376 _____ (Piriform Ltd) C:\Users\Familie Phillips Vra\Downloads\ccsetup531.exe 2017-06-26 22:11 - 2017-06-26 22:21 - 104822528 _____ C:\Users\Familie Phillips Vra\Desktop\BaseCamp_462.exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-07-23 12:49 - 2016-10-16 19:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-07-23 12:49 - 2016-07-17 00:15 - 01485936 _____ C:\WINDOWS\system32\perfh013.dat 2017-07-23 12:49 - 2016-07-17 00:15 - 00377018 _____ C:\WINDOWS\system32\perfc013.dat 2017-07-23 12:49 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-07-23 12:49 - 2015-11-09 12:55 - 03350530 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-07-23 12:46 - 2016-10-16 18:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-07-23 11:44 - 2016-03-09 19:35 - 00000000 ____D C:\Users\Familie Phillips Vra\Documents\YouCam 2017-07-23 11:43 - 2016-10-16 18:42 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-23 11:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-07-23 11:43 - 2016-02-17 19:09 - 00000000 __SHD C:\Users\Familie Phillips Vra\IntelGraphicsProfiles 2017-07-23 11:12 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-23 11:12 - 2016-02-17 19:09 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Local\Packages 2017-07-22 19:03 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-07-22 17:46 - 2016-02-25 22:38 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Local\CrashDumps 2017-07-22 17:18 - 2016-02-25 11:05 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Local\ElevatedDiagnostics 2017-07-22 16:55 - 2016-10-16 18:45 - 00000000 ____D C:\Users\Familie Phillips Vra 2017-07-22 16:49 - 2016-02-26 11:06 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Roaming\SoundTouch 2017-07-20 23:28 - 2016-02-17 19:13 - 00002432 _____ C:\Users\Familie Phillips Vra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-07-20 23:28 - 2016-02-17 19:13 - 00000000 ___RD C:\Users\Familie Phillips Vra\OneDrive 2017-07-16 11:45 - 2016-10-16 19:37 - 00000000 ___DC C:\WINDOWS\Panther 2017-07-12 00:22 - 2016-02-19 00:58 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-07-12 00:20 - 2016-02-19 00:57 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-07-11 19:01 - 2016-11-19 13:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-07-11 08:28 - 2017-05-24 21:18 - 00000000 ____D C:\Program Files\UNP 2017-07-10 22:33 - 2016-12-02 10:35 - 00000000 ____D C:\Users\Familie Phillips Vra\AppData\Roaming\vlc 2017-07-08 17:49 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-07-08 16:11 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-07-08 10:53 - 2016-03-13 12:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-07-08 09:13 - 2016-04-11 21:02 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-07-08 09:13 - 2016-04-11 21:02 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-30 16:46 - 2017-05-23 11:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-30 16:46 - 2017-05-23 11:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-28 10:58 - 2015-12-08 10:24 - 00000000 ____D C:\ProgramData\McAfee 2017-06-28 10:58 - 2015-12-08 10:24 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-06-28 10:57 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-06-28 10:57 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-06-28 10:56 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated 2017-06-27 22:26 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration 2017-06-27 10:31 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2017-06-27 10:31 - 2016-02-18 00:25 - 00000000 ____D C:\Users\Familie Phillips Vra\Tracing 2017-06-26 22:44 - 2016-12-05 17:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-26 22:44 - 2016-12-05 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-26 22:22 - 2016-12-05 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Bestanden in de root van sommige mappen ======= 2016-02-17 19:47 - 2016-02-17 19:47 - 0007605 _____ () C:\Users\Familie Phillips Vra\AppData\Local\Resmon.ResmonCfg 2016-02-27 15:16 - 2016-02-27 15:16 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-10-16 18:40 - 2016-10-16 18:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-10-16 18:40 - 2016-10-16 18:40 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc Sommige bestanden in TEMP: ==================== 2017-07-22 17:44 - 2017-07-22 17:44 - 0580480 _____ (Sysinternals - www.sysinternals.com) C:\Users\Familie Phillips Vra\AppData\Local\Temp\DYDYFJP.exe 2017-07-08 14:29 - 2017-07-08 14:29 - 0739904 _____ (Oracle Corporation) C:\Users\Familie Phillips Vra\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-22 17:13 - 2017-07-22 17:13 - 0739904 _____ (Oracle Corporation) C:\Users\Familie Phillips Vra\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-07-22 17:46 - 2017-07-22 17:46 - 0387968 _____ (Sysinternals - www.sysinternals.com) C:\Users\Familie Phillips Vra\AppData\Local\Temp\LFY.exe 2017-07-10 22:32 - 2017-07-10 22:32 - 30950664 _____ () C:\Users\Familie Phillips Vra\AppData\Local\Temp\vlc-2.2.6-win32.exe 2017-07-22 17:45 - 2017-07-22 17:45 - 0510848 _____ (Sysinternals - www.sysinternals.com) C:\Users\Familie Phillips Vra\AppData\Local\Temp\WMYKYOA.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-07-22 18:30 ==================== Eind van FRST.txt ============================