Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 06-08-2017 Gestart door melissa (Beheerder) op SCHILLEWAERTM (07-08-2017 19:26:17) Gestart vanaf C:\Users\melissa\Downloads Geladen Profielen: melissa (Beschikbare Profielen: melissa & Administrator) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (RealtekSemiconductor) HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-13] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (SynapticsIncorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (AppleInc.) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (SonyCorporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (SonyCorporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (AdobeSystemsIncorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (AdobeSystemsIncorporated) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (CitrixSystems,Inc.) HKU\S-1-5-21-3332202609-3110749998-3773026092-1001\...\Run: [Flvto YouTube Downloader] => "C:\Users\melissa\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe" /minimize HKU\S-1-5-21-3332202609-3110749998-3773026092-1001\...\MountPoints2: {dc72c940-7aa1-11e7-bede-30f9edc4a5b9} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-18\...\Run: [] => [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk [2015-04-10] ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{3CA72DB3-6D53-474D-98B3-BAE6D091479D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B1A43760-F52C-4622-884E-A07655B0B2A7}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438977598&z=1ef319e26840318fce1862cgbz1cbbet5m3mfw1o2b&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX HKU\S-1-5-21-3332202609-3110749998-3773026092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKU\S-1-5-21-3332202609-3110749998-3773026092-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> DefaultScope {EB1D79F0-1431-4EAC-8144-C397229A2576} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {0EBD0F69-14D4-4379-A982-6D91023DA126} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX&ts=1438977648&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3332202609-3110749998-3773026092-1001 -> {EB1D79F0-1431-4EAC-8144-C397229A2576} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-03] (OracleCorporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-13] (QualcommAtherosCommnucations) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-03] (OracleCorporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-03] (OracleCorporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-03] (OracleCorporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (CitrixSystems,Inc.) FireFox: ======== FF Extension: (Geen Naam) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-09-14] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-22] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-11-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-11-03] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Geen bestand] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-22] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-08-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-08-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-03] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Geen bestand] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3332202609-3110749998-3773026092-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\melissa\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-16] (RocketLife, LLP) FF Plugin HKU\S-1-5-21-3332202609-3110749998-3773026092-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\melissa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-02] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3332202609-3110749998-3773026092-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [Geen bestand] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1438977610&z=41f0cd440387ec9a7a0af64g4zcc3bat8mbmcw1zde&from=cor&uid=HitachiXHTS545050A7E380_121002TEJ51139J26RZPX CHR Profile: C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default [2017-08-06] CHR Extension: (Google Presentaties) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10] CHR Extension: (Libre-ry Book Search) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcgdfcnmbajbagcleijcokdppgbdiol [2015-08-19] CHR Extension: (Google Documenten) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10] CHR Extension: (Google Drive) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Spreadsheets) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10] CHR Extension: (Offline Documenten) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10] ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (AppleInc.) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-13] (QualcommAtherosCommnucations) [Bestand niet getekend] S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (IntelCorporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (IntelCorporation) S4 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee,Inc.) S4 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-08-18] (SonyCorporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-09] (ElectronicArts) S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (SonyCorporation) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [Bestand niet getekend] S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (SonyCorporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1266336 2012-07-25] (SonyCorporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (MicrosoftCorporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (MicrosoftCorporation) S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros) [Bestand niet getekend] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-08-20] (AdvancedMicroDevices) S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-13] (QualcommAtheros) S3 BTATH_VDP; C:\WINDOWS\system32\drivers\btath_vdp.sys [427416 2012-08-13] (QualcommAtheros) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [33240 2012-10-03] (GEARSoftwareInc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee,Inc.) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee,Inc.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (SynapticsIncorporated) R3 SOWS; C:\WINDOWS\System32\drivers\sows.sys [24280 2012-06-11] (SonyCorporation) S0 viaide; C:\WINDOWS\System32\drivers\viaide.sys [19808 2013-08-22] (VIATechnologies,Inc.) S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIATechnologiesInc.,Ltd) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (MicrosoftCorporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (MicrosoftCorporation) S2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (MicrosoftCorporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-08-07 19:26 - 2017-08-07 19:28 - 000022475 _____ C:\Users\melissa\Downloads\FRST.txt 2017-08-07 19:26 - 2017-08-07 19:26 - 000000000 ____D C:\FRST 2017-08-07 19:25 - 2017-08-06 21:30 - 002381312 ____N (Farbar) C:\Users\melissa\Downloads\FRST64.exe 2017-08-06 14:42 - 2017-08-06 14:42 - 000008354 _____ C:\Users\melissa\Desktop\hijackthisnote.txt 2017-08-06 14:30 - 2017-08-06 14:30 - 000003017 _____ C:\Users\melissa\Desktop\HiJackThis.lnk 2017-08-06 14:30 - 2017-08-06 14:30 - 000000000 ____D C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2017-08-06 14:30 - 2017-08-06 14:30 - 000000000 ____D C:\Program Files (x86)\Trend Micro 2017-08-06 14:28 - 2017-08-06 14:27 - 001402880 ____N C:\Users\melissa\Desktop\HiJackThis.msi ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-08-07 19:25 - 2015-05-16 22:38 - 000003986 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6378285D-CBA4-4333-AF6E-38D178AD88AD} 2017-08-07 19:22 - 2015-04-22 19:50 - 000000000 ___RD C:\Users\melissa\OneDrive 2017-08-07 19:22 - 2015-04-10 09:11 - 000001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-08-06 14:22 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-06 14:21 - 2015-04-22 19:16 - 000000000 ____D C:\Users\melissa 2017-08-06 14:21 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2017-08-06 14:17 - 2015-07-23 14:18 - 000000442 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job ==================== Bestanden in de root van sommige mappen ======= 2015-08-07 22:04 - 2015-08-07 22:04 - 000000098 _____ () C:\Users\melissa\AppData\Roaming\settings.xml 2015-04-10 18:43 - 2015-04-10 18:44 - 006026268 _____ () C:\Users\melissa\AppData\Local\10EE09DB_stp.CIS 2015-04-10 18:43 - 2015-04-10 18:43 - 000000343 _____ () C:\Users\melissa\AppData\Local\10EE09DB_stp.CIS.part 2015-04-10 18:43 - 2015-04-10 18:44 - 001597440 _____ () C:\Users\melissa\AppData\Local\355DA349_stp.CIS 2015-04-10 18:43 - 2015-04-10 18:43 - 000000305 _____ () C:\Users\melissa\AppData\Local\355DA349_stp.CIS.part 2015-04-10 18:43 - 2015-04-10 18:43 - 000385602 _____ () C:\Users\melissa\AppData\Local\5D515C96_stp.CIS 2015-04-10 18:43 - 2015-04-10 18:43 - 000000220 _____ () C:\Users\melissa\AppData\Local\5D515C96_stp.CIS.part Sommige bestanden in TEMP: ==================== 2015-08-17 09:29 - 2015-08-17 09:30 - 057560688 _____ ( ) C:\Users\melissa\AppData\Local\Temp\8C85.exe 2015-04-27 19:58 - 2008-05-28 00:29 - 000703552 _____ (Electronic Arts Inc.) C:\Users\melissa\AppData\Local\Temp\AutoRun.exe 2015-04-27 19:58 - 2008-05-28 00:29 - 000662592 _____ (Electronic Arts Inc.) C:\Users\melissa\AppData\Local\Temp\AutoRunGUI.dll 2015-04-27 20:42 - 2015-05-03 21:01 - 000204800 _____ (Sony DADC Austria AG) C:\Users\melissa\AppData\Local\Temp\drm_dyndata_7370007.dll 2001-09-29 02:30 - 2001-09-29 02:30 - 000483386 ____N (Microsoft Corporation) C:\Users\melissa\AppData\Local\Temp\EBUE438.exe 2015-04-27 19:58 - 2009-07-13 22:59 - 000026176 ____R () C:\Users\melissa\AppData\Local\Temp\VP6Install.exe 2015-04-27 19:58 - 2009-07-13 22:59 - 000445504 ____R (On2.com) C:\Users\melissa\AppData\Local\Temp\VP6VFW.dll ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-08-06 14:47 ==================== Eind van FRST.txt ============================