Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 11-09-2017 02 Gestart door ruski_000 (Beheerder) op RUSKICSUBASA (12-09-2017 06:50:17) Gestart vanaf C:\Users\ruski_000\Desktop\ANTI Geladen Profielen: ruski_000 (Beschikbare Profielen: ruski_000) Platform: Windows 10 Home Versie 1703 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (PDFConverter.com) C:\Program Files\PDFConverter.com\PDF Converter Elite 5.0\PDFConverterElite.PrnDisp.exe (© 2015 Microsoft Corporation) C:\Users\ruski_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe () C:\Program Files (x86)\Winamp\winampa.exe (MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (Nullsoft) C:\Program Files (x86)\Winamp\winamp.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3352808 2015-11-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\Run: [PDF Converter Elite 5.0 Print Dispatcher] => C:\Program Files\PDFConverter.com\PDF Converter Elite 5.0\PDFConverterElite.PrnDisp.exe [5241544 2017-02-06] (PDFConverter.com) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] () HKLM-x32\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\SysWOW64\\PSDrvCheck.exe [406016 2004-03-11] () HKLM-x32\...\Run: [MyBackupPC] => C:\Program Files (x86)\Rerware\MyBackupPC\mybackuppc.exe [170791 2015-11-02] (Rerware LLC) HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [17487536 2017-07-09] (MyHeritage) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\Run: [BingSvc] => C:\Users\ruski_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\Run: [Spotify Web Helper] => C:\Users\ruski_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-17] (Spotify Ltd) HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\Run: [Spotify] => C:\Users\ruski_000\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-17] (Spotify Ltd) HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.) HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\RunOnce: [Uninstall 17.3.6943.0625\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ruski_000\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64" HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\RunOnce: [Uninstall 17.3.6943.0625] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ruski_000\AppData\Local\Microsoft\OneDrive\17.3.6943.0625" HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\MountPoints2: {ab109996-7067-11e7-8330-34de1a71cfdb} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\MountPoints2: {ab10999a-7067-11e7-8330-34de1a71cfdb} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-677268874-3307230616-387958917-1001\...\MountPoints2: {ab10a114-7067-11e7-8330-34de1a71cfdb} - "F:\HiSuiteDownLoader.exe" Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-09-29] ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\Users\ruski_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-06-05] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1b667ceb-09a6-4164-ba3d-1f5d3945000d}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7297f4b0-238b-4084-8750-126a969c4bbb}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-677268874-3307230616-387958917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKU\S-1-5-21-677268874-3307230616-387958917-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-09-29] (McAfee) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-08-15] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-03] (Oracle Corporation) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-09-29] (McAfee) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-08-15] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-03] (Oracle Corporation) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-09-29] (McAfee) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-09-29] (McAfee) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKU\S-1-5-21-677268874-3307230616-387958917-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-08-15] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-08-15] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-08-27] [ niet getekend] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-03] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 0087531505026335mcinstcleanup; C:\WINDOWS\TEMP\008753~1.EXE [1031928 2017-05-31] (McAfee, Inc.) R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-11-06] (ELAN Microelectronics Corp.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2016-02-16] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-06-24] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-08-15] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.) R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.) R3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Bestand niet getekend] R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (Intel Security, Inc.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-23] (Microsoft Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.) S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [30952 2015-10-08] (ELAN Microelectronic Corp.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.) S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [Bestand niet getekend] R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-28] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-07] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.) U3 mfeavfk01; geen ImagePath S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation) R3 PegaRadioSwitch; C:\WINDOWS\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-09-12 06:27 - 2017-09-12 06:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-09-12 06:23 - 2017-09-12 06:23 - 000000000 ___HD C:\OneDriveTemp 2017-09-10 08:52 - 2017-09-10 22:10 - 000004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-09-03 21:49 - 2017-09-12 06:50 - 000000000 ____D C:\FRST 2017-09-03 13:42 - 2017-09-03 13:58 - 000000000 ____D C:\Users\ruski_000\AppData\Roaming\ZHP 2017-09-03 13:42 - 2017-09-03 13:42 - 000000000 ____D C:\Users\ruski_000\AppData\Local\ZHP 2017-09-03 10:09 - 2017-09-12 06:22 - 000004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-08-28 20:49 - 2017-08-28 20:50 - 048023336 _____ C:\Users\ruski_000\Downloads\Halid Beslic 1981-2 - Sijedi starac.zip 2017-08-27 17:40 - 2017-09-12 06:24 - 000000000 ____D C:\Users\ruski_000\AppData\Local\tkdata 2017-08-27 17:40 - 2017-08-27 17:40 - 000000000 ____D C:\ProgramData\TrueKey 2017-08-27 17:39 - 2017-08-27 17:39 - 000001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-08-27 17:39 - 2017-08-27 17:39 - 000000000 ____D C:\Program Files\Common Files\Intel 2017-08-27 17:38 - 2017-08-27 17:40 - 000000000 ____D C:\Program Files\TrueKey 2017-08-27 17:38 - 2017-08-27 17:38 - 000000000 ____D C:\Program Files\Intel Security 2017-08-27 17:37 - 2017-08-27 17:37 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-27 16:59 - 2017-05-31 13:06 - 000209608 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2017-08-27 16:58 - 2017-08-27 16:58 - 000003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2017-08-27 16:58 - 2017-08-27 16:58 - 000000000 ____D C:\ProgramData\Intel Security 2017-08-27 16:57 - 2017-08-27 16:57 - 000000000 ____D C:\Program Files\McAfee.com 2017-08-27 16:56 - 2017-08-27 16:56 - 000000000 ____D C:\Program Files\Common Files\Intel Security 2017-08-27 16:56 - 2017-08-27 16:56 - 000000000 ____D C:\Program Files\Common Files\AV 2017-08-27 16:53 - 2017-08-27 17:00 - 000000000 ____D C:\Program Files\Common Files\McAfee 2017-08-27 16:53 - 2017-04-30 14:12 - 000343544 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe 2017-08-26 09:50 - 2017-08-26 09:50 - 000376212 _____ C:\Users\ruski_000\Desktop\8 0402 00 1701 Dispuutformulier SNS Creditcard.pdf 2017-08-26 09:23 - 2017-08-26 09:23 - 000080727 _____ C:\Users\ruski_000\Downloads\8 0402 00 1701 Dispuutformulier SNS Creditcard.pdf 2017-08-13 11:34 - 2017-08-13 11:34 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-09-12 06:50 - 2017-03-18 09:59 - 000000000 ____D C:\Users\ruski_000\Desktop\ANTI 2017-09-12 06:41 - 2017-07-23 11:30 - 000004198 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AB0628B3-0F27-4491-BE37-861CEC7474B0} 2017-09-12 06:40 - 2017-07-23 10:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-12 06:31 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-12 06:31 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-12 06:23 - 2017-07-26 09:47 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-677268874-3307230616-387958917-1001 2017-09-12 06:23 - 2015-09-01 08:15 - 000002441 _____ C:\Users\ruski_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-12 06:23 - 2015-06-29 19:30 - 000000000 ___RD C:\Users\ruski_000\OneDrive 2017-09-10 09:08 - 2017-07-23 11:04 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-09-10 09:08 - 2015-06-29 19:23 - 000000000 __SHD C:\Users\ruski_000\IntelGraphicsProfiles 2017-09-10 08:52 - 2015-09-19 10:15 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-09-10 08:45 - 2017-07-23 11:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-10 08:45 - 2015-11-23 21:27 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-10 08:44 - 2017-07-23 11:06 - 000000000 ____D C:\Users\ruski_000 2017-09-10 08:44 - 2017-03-18 13:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2017-09-10 08:41 - 2015-08-08 09:06 - 000000000 ____D C:\Users\ruski_000\AppData\Roaming\Skype 2017-09-06 21:33 - 2017-07-23 11:30 - 000005242 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for RUSKICSUBASA-ruski_000 RuskicSubasa 2017-09-06 20:03 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-09-03 21:41 - 2016-12-17 11:23 - 000000000 ____D C:\AdwCleaner 2017-09-03 10:25 - 2015-11-28 13:55 - 000000000 ____D C:\ProgramData\Oracle 2017-09-03 10:24 - 2015-11-28 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-09-03 10:24 - 2015-11-28 13:55 - 000000000 ____D C:\Program Files (x86)\Java 2017-09-03 10:23 - 2015-11-28 13:56 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-08-31 20:14 - 2014-04-25 10:12 - 000000000 ____D C:\ProgramData\McAfee 2017-08-31 16:54 - 2015-11-08 19:44 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-27 18:38 - 2015-11-07 19:55 - 000000000 ____D C:\Program Files (x86)\NETTV4 2017-08-27 17:41 - 2014-12-10 15:17 - 000000000 ____D C:\ProgramData\Intel 2017-08-27 17:00 - 2014-09-24 22:28 - 000000000 ____D C:\Program Files\mcafee 2017-08-27 16:57 - 2017-03-18 23:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2017-08-27 16:56 - 2017-07-23 11:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-08-27 16:52 - 2014-04-24 18:11 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-08-27 16:46 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-08-27 16:42 - 2015-10-30 08:28 - 000000000 ____D C:\Users\Default.migrated 2017-08-25 20:25 - 2015-06-30 05:40 - 000019456 _____ C:\Users\ruski_000\Documents\Hey.xlsx 2017-08-23 18:45 - 2017-07-23 11:27 - 001993790 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-23 18:45 - 2017-03-20 05:54 - 000891084 _____ C:\WINDOWS\system32\perfh013.dat 2017-08-23 18:45 - 2017-03-20 05:54 - 000180930 _____ C:\WINDOWS\system32\perfc013.dat 2017-08-23 18:45 - 2015-08-08 09:06 - 000000000 ____D C:\ProgramData\Skype 2017-08-20 23:26 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-08-20 15:42 - 2015-07-06 09:59 - 000000000 ____D C:\Users\ruski_000\AppData\Roaming\Mp3tag 2017-08-19 10:33 - 2016-11-21 20:08 - 000000000 ____D C:\Program Files (x86)\MyHeritage 2017-08-17 19:09 - 2017-05-27 17:27 - 000000000 ____D C:\Users\ruski_000\Desktop\WILIM HUIS 2017-08-17 19:07 - 2015-06-29 19:23 - 000000000 ____D C:\Users\ruski_000\AppData\Local\Packages 2017-08-15 19:29 - 2015-11-09 19:29 - 000000000 ____D C:\Users\ruski_000\Documents\Anna 2017-08-13 11:34 - 2016-12-17 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes ==================== Bestanden in de root van sommige mappen ======= 2015-09-29 19:42 - 2015-09-29 19:42 - 032372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2017-07-23 11:04 - 2017-07-23 11:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2015-09-25 09:38 - 2015-09-25 09:38 - 000000032 _____ () C:\ProgramData\Temp.log 2014-12-09 14:37 - 2014-12-09 14:37 - 000000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-12-09 14:35 - 2014-12-09 14:35 - 000000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-12-09 14:36 - 2014-12-09 14:37 - 000000111 _____ () C:\ProgramData\{44510C84-AE2A-4079-A75B-D44E68D73B9A}.log 2014-12-09 14:36 - 2014-12-09 14:36 - 000000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log 2014-12-09 14:36 - 2014-12-09 14:36 - 000000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-12-09 14:33 - 2014-12-09 14:34 - 000000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2014-12-09 14:34 - 2014-12-09 14:35 - 000000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log 2014-12-09 14:35 - 2014-12-09 14:35 - 000000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log Sommige bestanden in TEMP: ==================== 2017-09-03 10:20 - 2017-09-03 10:20 - 000740416 _____ (Oracle Corporation) C:\Users\ruski_000\AppData\Local\Temp\jre-8u144-windows-au.exe 2017-05-31 03:21 - 2017-05-31 03:21 - 000243240 _____ (McAfee, Inc.) C:\Users\ruski_000\AppData\Local\Temp\McCSPInstall.dll 2017-08-19 10:31 - 2017-08-19 10:31 - 051060288 _____ () C:\Users\ruski_000\AppData\Local\Temp\MyHeritage_Version_8_0_0_8397_Size_51060288.exe 2017-08-23 18:44 - 2017-08-23 18:44 - 058782680 _____ (Skype Technologies S.A.) C:\Users\ruski_000\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-08-31 20:36 ==================== Eind van FRST.txt ============================