Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 15-11-2017 Gestart door jan (Beheerder) op BUREAU-PC (15-11-2017 22:40:39) Gestart vanaf C:\Users\jan\Dropbox\Downloads Geladen Profielen: jan (Beschikbare Profielen: jan & Charlotte & hilde & administrator001) Platform: Microsoft Windows 10 Home Versie 1703 15063.674 (X86) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AMD) C:\Windows\System32\atiesrxx.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (McAfee, Inc.) C:\Program Files\TrueKey\McT4E6F.tmp (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Users\jan\AppData\Local\Dropbox\Update\DropboxUpdate.exe (© 2015 Microsoft Corporation) C:\Users\jan\AppData\Local\Microsoft\BingSvc\BingSvc.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Farbar) C:\Users\jan\Dropbox\Downloads\FRST (1).exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-03] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-11-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-10] (Google Inc.) HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\...\Run: [Dropbox Update] => C:\Users\jan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\...\Run: [BingSvc] => C:\Users\jan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-27] (© 2015 Microsoft Corporation) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10] ShortcutTarget: Dropbox.lnk -> C:\Users\jan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.1 192.168.2.1 Tcpip\..\Interfaces\{52da2fd8-d1bc-43c7-9ead-3e44c7e195d9}: [DhcpNameServer] 195.130.131.1 192.168.2.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=nl-be SearchScopes: HKU\S-1-5-21-2578272341-3324075177-2043743870-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLL_nlBE374 SearchScopes: HKU\S-1-5-21-2578272341-3324075177-2043743870-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2578272341-3324075177-2043743870-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLL_nlBE374 BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-02] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-02] (Oracle Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKU\S-1-5-21-2578272341-3324075177-2043743870-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\krl48z5a.default [2015-12-27] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\krl48z5a.default -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\krl48z5a.default -> FF Homepage: Mozilla\Firefox\Profiles\krl48z5a.default -> hxxps://addons.mozilla.org/nl/firefox/extensions/bookmarks/ FF Extension: (Adblock Plus) - C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\krl48z5a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-15] [Legacy] [niet getekend] FF HKLM\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF Extension: (Belgium eID) - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2015-06-27] [Legacy] [niet getekend] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-11-02] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2578272341-3324075177-2043743870-1001: @citrixonline.com/appdetectorplugin -> C:\Users\jan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-29] (Citrix Online) FF Plugin HKU\S-1-5-21-2578272341-3324075177-2043743870-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=nl-nl CHR StartupUrls: Default -> "chrome://newtab/" CHR Profile: C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default [2017-11-15] CHR Extension: (Google Drive) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Adobe Acrobat) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04] CHR Extension: (Offline Documenten) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11] CHR Extension: (Chrome Media Router) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26] CHR HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2578272341-3324075177-2043743870-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 0283821510260248mcinstcleanup; C:\WINDOWS\TEMP\028382~1.EXE [1027864 2016-11-28] (McAfee, Inc.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284872 2015-11-04] (Advanced Micro Devices, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Bestand niet getekend] R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1002472 2017-06-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17992 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [74816 2017-06-26] (McAfee, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-11] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R0 amdide; C:\WINDOWS\System32\drivers\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.) R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [26360 2015-06-03] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices) S3 BrSerIf; C:\WINDOWS\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [Bestand niet getekend] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.) R1 MpKsl406b71f6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8B4DF9F-138A-446D-8028-D206E60302AA}\MpKsl406b71f6.sys [40776 2017-10-29] (Microsoft Corporation) R1 MpKsl6520507b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AFEF668-F956-49C8-AB66-F7F0B02AAD02}\MpKsl6520507b.sys [49504 2017-11-15] (Microsoft Corporation) R1 MpKslcf641c59; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C68EE7A4-5E48-4437-BD9E-017483DA57C9}\MpKslcf641c59.sys [49504 2017-11-05] (Microsoft Corporation) S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [216632 2017-03-15] (QUALCOMM Incorporated) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-03-18] (Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation) U4 aspnet_state; geen ImagePath ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Gemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-11-15 22:40 - 2017-11-15 22:40 - 000000000 ____D C:\FRST 2017-11-15 22:24 - 2017-11-15 22:40 - 000001123 _____ C:\Users\jan\Desktop\FRST (1).exe - Snelkoppeling.lnk 2017-11-02 12:51 - 2017-11-02 12:51 - 000000000 ____D C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-11-01 14:29 - 2017-11-01 14:29 - 000000000 ___RD C:\Users\jan\3D Objects 2017-10-29 14:28 - 2017-10-29 14:28 - 000490647 _____ C:\Users\jan\Documents\expenses_aug&sept&okt2017.pdf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-11-15 22:36 - 2017-03-18 19:14 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-11-15 20:30 - 2015-12-30 18:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-15 19:55 - 2017-10-11 06:01 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-15 19:54 - 2010-02-18 12:20 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-15 08:59 - 2015-11-08 22:04 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-15 07:46 - 2016-06-07 06:24 - 000000000 ____D C:\Program Files\TrueKey 2017-11-15 07:45 - 2016-06-07 06:34 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-11-15 07:45 - 2016-06-07 06:34 - 000001232 _____ C:\Users\Public\Desktop\True Key.lnk 2017-11-15 07:16 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-11-15 07:14 - 2017-03-18 19:23 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-14 06:58 - 2017-03-18 19:23 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-14 06:53 - 2013-08-27 20:38 - 000000000 ____D C:\Users\jan\Documents\charlotte 2017-11-12 22:57 - 2017-08-24 06:32 - 000000000 ____D C:\Users\jan 2017-11-12 20:50 - 2017-08-24 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-11-12 18:38 - 2013-05-15 20:35 - 000000000 ____D C:\Users\jan\AppData\Local\AMD 2017-11-11 08:41 - 2017-07-09 08:10 - 000000000 ____D C:\Users\jan\AppData\Local\GoToMeeting 2017-11-09 21:43 - 2016-06-07 06:33 - 000000000 ____D C:\Program Files\McAfee 2017-11-08 07:46 - 2010-07-13 22:14 - 000000000 ____D C:\Users\jan\AppData\Local\ElevatedDiagnostics 2017-11-07 20:29 - 2017-02-18 14:56 - 000000000 ____D C:\Users\jan\Documents\PJ 2017 2017-11-07 19:00 - 2015-12-30 15:33 - 000002424 _____ C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-11-07 19:00 - 2015-11-02 18:02 - 000000000 ___RD C:\Users\jan\OneDrive 2017-11-05 21:54 - 2016-12-29 21:05 - 000000638 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2578272341-3324075177-2043743870-1001.job 2017-11-05 21:54 - 2016-12-29 21:05 - 000000542 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2578272341-3324075177-2043743870-1001.job 2017-11-05 21:30 - 2017-08-24 06:57 - 002127726 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-11-05 21:30 - 2017-03-19 10:34 - 000944884 _____ C:\WINDOWS\system32\perfh013.dat 2017-11-05 21:30 - 2017-03-19 10:34 - 000203096 _____ C:\WINDOWS\system32\perfc013.dat 2017-11-05 21:24 - 2017-08-24 07:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-05 02:40 - 2017-03-18 19:25 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-11-05 02:40 - 2017-03-18 19:25 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-11-02 12:52 - 2011-06-01 21:49 - 000000000 ____D C:\Users\jan\AppData\Roaming\Dropbox 2017-11-01 15:21 - 2010-07-03 09:41 - 000000000 ___RD C:\Users\jan\Documents\Scanned Documents 2017-10-29 20:17 - 2017-03-18 07:02 - 002359296 _____ C:\WINDOWS\system32\config\BBI 2017-10-22 15:16 - 2017-03-18 19:21 - 000000000 ____D C:\WINDOWS\INF 2017-10-21 08:47 - 2010-04-10 18:11 - 000010850 _____ C:\Users\jan\AppData\Roaming\wklnhst.dat ==================== Bestanden in de root van sommige mappen ======= 2010-04-10 18:11 - 2017-10-21 08:47 - 000010850 _____ () C:\Users\jan\AppData\Roaming\wklnhst.dat 2013-07-03 06:29 - 2013-07-03 06:29 - 000000017 _____ () C:\Users\jan\AppData\Local\resmon.resmoncfg 2010-04-10 11:56 - 2016-03-27 15:04 - 000000952 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-11-02 19:09 - 2015-11-02 19:09 - 000000016 _____ () C:\ProgramData\mntemp ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-11-09 07:22 ==================== Eind van FRST.txt ============================