Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 02.08.2018 Gestart door User (Beheerder) op USER-PC (15-08-2018 23:20:14) Gestart vanaf C:\Users\User\Downloads Geladen Profielen: User (Beschikbare Profielen: User) Platform: Windows 7 Professional Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111488 2012-10-25] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-01] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3674009154-3536187646-573794863-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-3674009154-3536187646-573794863-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3674009154-3536187646-573794863-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-07-21] (Spotify Ltd) HKU\S-1-5-21-3674009154-3536187646-573794863-1000\...\Policies\Explorer: [NoSaveSettings] 0 Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-08-01] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1A5293A2-CB64-4FA3-B7FE-92806D39653F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{73194AF3-A4E0-405D-959D-80F47F85783D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{B482859C-FD01-4F88-BBDB-ED1183F45747}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: eyz47ncc.default FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eyz47ncc.default [2018-08-15] FF Extension: (Geen Naam) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [niet gevonden] FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-08-15] CHR Extension: (Presentaties) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Documenten) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02] CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-17] CHR Extension: (Spreadsheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Offline Documenten) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02] CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11] CHR HKU\S-1-5-21-3674009154-3536187646-573794863-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-04-25] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation) S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.) S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation) S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation) S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-09-20] (Disc Soft Ltd) S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-09-20] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-21] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-29] (Malwarebytes) S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-29] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-13] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-30] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated) S3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI) S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated) S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-08-15 23:15 - 2018-08-15 23:21 - 000016753 _____ C:\Users\User\Downloads\FRST.txt 2018-08-15 23:14 - 2018-08-15 23:15 - 000000000 ____D C:\FRST 2018-08-15 23:13 - 2018-08-15 23:13 - 002412544 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2018-08-14 19:10 - 2018-08-14 19:14 - 159695665 ____R C:\Users\User\Downloads\Brooklyn.Nine-Nine.S05E08.HDTV.x264-SVA[eztv].mkv 2018-08-14 19:08 - 2018-08-14 19:11 - 156895134 ____R C:\Users\User\Downloads\Brooklyn.Nine-Nine.S05E09.HDTV.x264-SVA[eztv].mkv 2018-08-14 19:07 - 2018-08-14 19:10 - 164531592 ____R C:\Users\User\Downloads\Brooklyn.Nine-Nine.S05E07.HDTV.x264-SVA[eztv].mkv 2018-08-05 21:03 - 2018-08-05 21:25 - 159384810 _____ C:\Users\User\Downloads\Brooklyn.Nine-Nine.S05E05.HDTV.x264-SVA[eztv].mkv 2018-08-02 00:58 - 2018-08-02 00:58 - 000089922 _____ C:\Users\User\Desktop\betalingsbevestiging_BFH8NE.pdf 2018-08-02 00:42 - 2018-08-02 00:43 - 000239768 _____ C:\Users\User\Desktop\ID Merijn.pdf 2018-08-01 09:42 - 2018-08-01 09:42 - 000000000 ____D C:\Users\User\Documents\OneNote Notebooks 2018-07-30 22:05 - 2018-08-14 19:06 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent 2018-07-30 17:04 - 2018-08-02 00:10 - 000000000 ____D C:\Users\User\Documents\vakaveilingen 2018-07-30 15:38 - 2018-07-30 15:38 - 000062445 _____ C:\Users\User\Downloads\rooster week 33.pdf 2018-07-30 14:56 - 2018-07-30 14:56 - 000063808 _____ C:\Users\User\Downloads\rooster week 31 (1).pdf 2018-07-30 14:56 - 2018-07-30 14:56 - 000062905 _____ C:\Users\User\Downloads\rooster week 32.pdf 2018-07-30 14:44 - 2018-07-30 14:44 - 000063808 _____ C:\Users\User\Downloads\rooster week 31.pdf 2018-07-21 13:43 - 2018-08-03 00:35 - 000000000 ____D C:\Users\User\AppData\Local\Spotify 2018-07-21 13:43 - 2018-07-21 13:43 - 000001799 _____ C:\Users\User\Desktop\Spotify.lnk 2018-07-21 13:43 - 2018-07-21 13:43 - 000001785 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2018-07-21 13:42 - 2018-08-03 00:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify 2018-07-21 13:42 - 2018-07-21 13:42 - 000735728 _____ (Spotify Ltd) C:\Users\User\Downloads\SpotifySetup.exe 2018-07-21 12:54 - 2018-08-13 18:13 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-08-15 23:22 - 2017-09-20 21:54 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2018-08-15 23:20 - 2018-01-23 00:23 - 000000000 ____D C:\Users\User\Documents\Scito Media 2018-08-15 23:19 - 2011-04-12 15:00 - 000745674 _____ C:\Windows\system32\perfh013.dat 2018-08-15 23:19 - 2011-04-12 15:00 - 000153594 _____ C:\Windows\system32\perfc013.dat 2018-08-15 23:19 - 2009-07-14 07:13 - 001669560 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-15 23:19 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-08-15 23:13 - 2009-07-14 06:45 - 000025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-15 23:13 - 2009-07-14 06:45 - 000025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-15 22:35 - 2017-09-20 21:43 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2018-08-15 20:28 - 2017-09-20 21:42 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-15 20:28 - 2017-09-20 21:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-15 19:35 - 2015-04-26 09:42 - 001644228 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-08-14 22:26 - 2017-08-02 15:46 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-14 21:36 - 2017-09-14 11:35 - 000000000 ____D C:\Users\User\Documents\railcatering 2018-08-14 19:11 - 2017-09-24 21:51 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc 2018-08-13 18:26 - 2017-08-02 15:43 - 000000000 ____D C:\Users\User\AppData\Local\Adobe 2018-08-13 18:12 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-11 10:26 - 2017-09-14 10:56 - 000000000 ____D C:\Users\User\Documents\3voor12 2018-08-11 09:03 - 2017-08-02 15:04 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-11 09:03 - 2017-08-02 15:04 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-07-30 16:22 - 2017-09-14 11:59 - 000000000 ____D C:\Users\User\Documents\Uren BoS 2018-07-26 00:55 - 2017-09-14 11:33 - 000000000 ____D C:\Users\User\Documents\music stuff 2018-07-23 11:22 - 2017-09-20 22:35 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft Help 2018-07-21 12:53 - 2018-06-16 13:50 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-07-17 00:02 - 2010-11-21 05:27 - 000563832 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Sommige bestanden in TEMP: ==================== 2018-07-21 13:39 - 2018-06-18 14:50 - 024023440 _____ (Spotify Ltd) C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-12-05 17:59 ==================== Eind van FRST.txt ============================