Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

windows pc popups to backup, advertisement windows popus while surfing

Started by HaraMo , Jul 24 2015 07:47 AM

Please log in to reply

#1
HaraMo

Posted 24 July 2015 - 07:47 AM

Member

Member
456 posts

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Gestart door Leen (Beheerder) op LEEN-LAPTOP op 24-07-2015 15:37:01
Gestart vanaf C:\Users\Leen\Desktop
Geladen Profielen: UpdatusUser & Leen (Beschikbare Profielen: UpdatusUser & Leen)
Platform: Windows 8.1 (X64) OS Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: IE)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HEMA Fotoservice\dd.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\core\mchost.exe

==================== Register (gefilterd) ==================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2987884760-4082260352-1451519778-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\Run: [uTorrent] => C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-06-24] (BitTorrent Inc.)
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\Run: [Device Detection] => C:\Program Files (x86)\HEMA Fotoservice\dd.exe [861264 2014-10-01] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
GroupPolicy: Groepsbeleid op Chrome gedetecteerd <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= ATTENTION

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
URLSearchHook: [S-1-5-21-2987884760-4082260352-1451519778-1001] ATTENTION ==> Standaard URLSearchHook ontbreekt
URLSearchHook: [S-1-5-21-2987884760-4082260352-1451519778-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Standaard URLSearchHook ontbreekt
SearchScopes: HKU\S-1-5-21-2987884760-4082260352-1451519778-1002 -> DefaultScope {EBFAF7D4-567D-4899-AD5B-DEEEBDC0F1AE} URL =
SearchScopes: HKU\S-1-5-21-2987884760-4082260352-1451519778-1002 -> {EBFAF7D4-567D-4899-AD5B-DEEEBDC0F1AE} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4417344B-1467-4B47-BC35-C949FF00B749}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1B335EA-1128-49F0-8FFA-1B4CD77FD1B0}: [DhcpNameServer] 192.168.136.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-25] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll Geen bestand
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: vasco.com/VascoCardReaderPlugin -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll [2013-10-28] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll [2013-10-28] (VASCO Data Security)
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-29]

Chrome:
=======
CHR dev: Chrome dev build gedetecteerd! <======= ATTENTION
CHR Profile: C:\Users\Leen\AppData\Local\Google\Chrome\User Data\Default

==================== Services (gefilterd) =================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S2 0143381437737622mcinstcleanup; C:\WINDOWS\TEMP\014338~1.EXE [883024 2015-05-04] () [Bestand niet getekend]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [Bestand niet getekend]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [72208 2015-07-10] (Advanced Card Systems Ltd.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-07-24 15:37 - 2015-07-24 15:37 - 00019761 _____ C:\Users\Leen\Desktop\FRST.txt
2015-07-24 15:36 - 2015-07-24 15:37 - 00000000 ____D C:\FRST
2015-07-24 15:34 - 2015-07-24 15:34 - 02135552 _____ (Farbar) C:\Users\Leen\Desktop\FRST64.exe
2015-07-24 15:02 - 2015-07-24 15:02 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Sjablonen
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Netwerkprinteromgeving
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Mijn documenten
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Menu Start
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Documents\Mijn video's
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Documents\Mijn muziek
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\Documents\Mijn afbeeldingen
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Geschiedenis
2015-07-24 15:02 - 2015-07-24 15:02 - 00000000 ____D C:\Users\TEMP
2015-07-24 15:02 - 2015-06-25 21:00 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-24 15:02 - 2014-12-28 23:08 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-24 15:02 - 2014-02-22 06:37 - 00000369 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-24 15:02 - 2014-02-22 06:37 - 00000369 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-24 15:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-24 15:02 - 2013-08-22 17:36 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-24 14:56 - 2015-07-24 15:08 - 00000000 ____D C:\Users\Leen\Desktop\laptop schoonmaken
2015-07-24 14:56 - 2015-07-24 14:56 - 00000000 ____D C:\Users\Leen\Desktop\Nieuwe map
2015-07-24 14:15 - 2015-07-24 15:01 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-24 14:15 - 2015-07-24 14:15 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-24 14:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-24 14:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-24 14:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-24 14:06 - 2015-07-24 14:07 - 00000000 ____D C:\Nieuwe map
2015-07-24 14:06 - 2015-07-24 14:06 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Leen\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-24 14:02 - 2015-07-24 14:02 - 00000000 ____D C:\WINDOWS\pss
2015-07-24 13:33 - 2015-07-24 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 09:22 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-07-15 09:20 - 2015-07-15 09:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-07-10 12:35 - 2015-07-10 12:35 - 00072208 _____ (Advanced Card Systems Ltd.) C:\WINDOWS\system32\Drivers\a38ccid.sys
2015-06-25 21:00 - 2015-07-15 09:12 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-25 21:00 - 2015-06-25 21:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-25 20:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 20:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-07-24 15:35 - 2013-12-13 17:20 - 02022006 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-24 15:21 - 2013-10-26 18:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2987884760-4082260352-1451519778-1002
2015-07-24 15:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-24 15:03 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Leen\AppData\Roaming\uTorrent
2015-07-24 15:01 - 2015-04-08 18:56 - 00001312 _____ C:\WINDOWS\Tasks\fun4us_notification_service.job
2015-07-24 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-24 14:59 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 14:58 - 2013-09-29 21:06 - 00185224 _____ C:\WINDOWS\PFRO.log
2015-07-24 14:58 - 2013-08-22 16:46 - 00346061 _____ C:\WINDOWS\setupact.log
2015-07-24 14:58 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-24 14:57 - 2014-09-20 22:45 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-24 14:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-24 14:56 - 2014-03-07 19:35 - 00000000 ____D C:\ProgramData\websAve
2015-07-24 14:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-24 14:13 - 2015-04-08 19:56 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-24 14:02 - 2013-12-13 17:28 - 00000000 ____D C:\Users\Leen
2015-07-24 13:33 - 2013-08-29 13:19 - 00000000 ____D C:\ProgramData\McAfee
2015-07-24 13:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-24 13:30 - 2013-08-29 13:19 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-24 13:29 - 2013-08-29 13:19 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-24 13:16 - 2013-11-25 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-24 13:16 - 2013-11-25 10:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-24 13:07 - 2013-12-16 13:00 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19D3C54B-E382-4DAB-BC28-66829940755A}
2015-07-15 10:36 - 2013-10-26 12:46 - 00000000 ____D C:\Users\Leen\AppData\Local\Packages
2015-07-15 09:22 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-27 09:06 - 2013-10-27 23:00 - 00000000 ____D C:\Users\Leen\AppData\Roaming\vlc
2015-06-25 21:10 - 2013-09-30 06:15 - 01823174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 21:10 - 2013-09-30 05:59 - 00806704 _____ C:\WINDOWS\system32\perfh013.dat
2015-06-25 21:10 - 2013-09-30 05:59 - 00162170 _____ C:\WINDOWS\system32\perfc013.dat
2015-06-25 21:00 - 2014-12-28 23:08 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-25 21:00 - 2014-07-16 19:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-25 20:58 - 2013-10-28 11:33 - 00000000 ____D C:\WINDOWS\system32\MRT

Sommige bestanden in TEMP:
====================
C:\Users\Leen\AppData\Local\Temp\Tsu3D905AEF.dll
C:\Users\Leen\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Leen\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Leen\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap Check =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\System32\winlogon.exe => Bestand is getekend
C:\Windows\System32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\System32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\System32\services.exe => Bestand is getekend
C:\Windows\System32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\System32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\System32\rpcss.dll => Bestand is getekend
C:\Windows\System32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2015-07-24 15:14

==================== Eind van log ============================

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Version:20-07-2015
Gestart door Leen om 2015-07-24 15:37:31
Gestart vanaf C:\Users\Leen\Desktop
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2987884760-4082260352-1451519778-500 - Administrator - Disabled)
Gast (S-1-5-21-2987884760-4082260352-1451519778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2987884760-4082260352-1451519778-1006 - Limited - Enabled)
Leen (S-1-5-21-2987884760-4082260352-1451519778-1002 - Administrator - Enabled) => C:\Users\Leen
UpdatusUser (S-1-5-21-2987884760-4082260352-1451519778-1001 - Limited - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Antivirus en antispyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Antivirus en antispyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

µTorrent (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adblock Plus voor IE (32-bit en 64-bit) (HKLM\...\{3156E6CF-341C-4BAB-BF93-DCE3B598C80D}) (Version: 1.4 - Eyeo GmbH)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belgium e-ID middleware 4.0.6 (build 7416) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207416}) (Version: 4.0.7416 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free Zip Viewer (HKLM-x32\...\Free Zip Viewer) (Version: 1.0 - Free Zip Viewer)
HEMA fotoalbum be-nl (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\{7530DFEF-DCB8-4231-99C9-AE9062CBE425}_is1) (Version:  - Hema)
HEMA Fotoservice (HKLM-x32\...\HEMA Fotoservice_is1) (Version:  - )
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
iMesh (HKLM-x32\...\iMesh) (Version: 12.5.0.134600 - iMesh Inc) <==== ATTENTION
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Grafisch stuurprogramma 327.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.be (HKLM-x32\...\PokerStars.be) (Version:  - PokerStars.be)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
pricechhop (HKLM-x32\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 3.1.0.1433 - pricechop) <==== ATTENTION
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (09/23/2013 4.0.6.0) (HKLM\...\E05133A29ECEFEA49458B2C4CC3377FE49ED72B4) (Version: 09/23/2013 4.0.6.0 - Fedict)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Yahoo! Search (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\Yahoo! Search) (Version:  - Pay-By-Ads) <==== ATTENTION

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-2987884760-4082260352-1451519778-1002_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)

==================== Herstelpunten =========================

04-03-2015 22:14:46 Installed Adblock Plus for IE (32-bit and 64-bit)
08-04-2015 20:39:13 Windows Update
18-04-2015 22:49:55 Windows Update
24-06-2015 09:40:08 Windows Update

==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {038761E5-0CE9-4CD4-85FC-752A2B4F45BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-07-24] (Microsoft Corporation)
Task: {178159EA-B9D2-4C9F-B093-02A004BE284C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {32286C83-3D76-4DBD-A94D-1937A96FE44D} - System32\Tasks\fun4us_notification_service => C:\Program Files (x86)\fun4us\fun4us_notification_service.exe <==== ATTENTION
Task: {35AC17E4-CCA7-47BC-8A43-ECF03001C31B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {41E578F7-AFB5-4339-9EC9-DA43794A07FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {63AD6E23-A41B-412C-A157-9F185A960D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-07-24] (Microsoft Corporation)
Task: {7E8C7B7B-A480-43A1-9387-16567BF5EE42} - \Yahoo! Search Updater No Task File <==== ATTENTION
Task: {A2A6D9F9-6062-4418-BD4D-79B744BBE8C8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {AEBB4ED8-22CC-49DF-8F57-B095B5CA49F0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {B8F7574C-2208-4210-981F-00AFC1B0CBDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B94034AA-1A51-4318-BC8B-B97918835C41} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {E39290F5-2638-4C64-A4C6-D1BA906442C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E572CB1B-A2AF-4B08-88A1-DCA71DE9F5FE} - \Yahoo! Search No Task File <==== ATTENTION

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\WINDOWS\Tasks\fun4us_notification_service.job => C:\Program Files (x86)\fun4us\fun4us_notification_service.exeǢ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='fun4us' /appid='73143' /srcid='2913' /bic='1a0c96da59a11a438d2a7d3a27341875' /verifier='acbdadbff90cddee38a9be9e619fa89b' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION

==================== Geladen Modules (gefilterd) ==============

2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-27 23:53 - 2013-03-27 23:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-03-27 17:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-09 18:49 - 2013-05-09 18:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-12-28 21:48 - 2014-10-01 18:06 - 00861264 _____ () C:\Program Files (x86)\HEMA Fotoservice\dd.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-29 12:47 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


==================== Veilige Modus (gefilterd) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer trusted/restricted ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-2987884760-4082260352-1451519778-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)


==================== FirewallRules (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4071688-3E89-41BF-A86D-9938FCA39CBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{4E38AA5A-E13D-4E58-96D6-5CB19B38F17A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7CAB35CC-7818-44C6-8E38-C58D8A3E495D}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49495588-277F-46D1-AEE5-A18B9DDADE77}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9FB34FD-69F3-4E1A-8DB4-F1025EB9C6EC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9F610C2D-53CB-4353-B41F-90A4817581D4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{C20E948C-3345-4F9C-A927-130E656EAF7B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{27788F24-0603-4D95-B024-AF4595197B86}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5E45970D-B470-4859-A099-836B909DFF94}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F1EA1AE6-E3CC-435E-AFF0-CD8BD7FE6793}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1065E794-0C5E-4218-9B6A-33171018FEA2}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{8A588BB1-86D9-4D55-A6A4-A33C1EF6C2F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F7C44B7F-610D-42EC-A038-50C47C1764AA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{100E64B3-E3E6-4D39-9ADA-350209E5C05C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B3C6BC28-B475-4941-AA79-E5C1D52D6553}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED8B2328-2CD0-48A7-8C91-CBC60AD21376}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1D39FEC-8E5B-4ED2-A287-BD810613C2CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C52E198C-05DB-4AE8-85DD-4460BAF45A77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BCB6CBF-3680-464C-903E-23F6BAF6D4B1}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{60624ECC-7AF6-4A6E-B350-F179CD9B9523}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34756F03-AC86-461A-8B4D-95AED9655AFF}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B77F0AA4-7707-418F-B559-023B35F73768}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DD4B4F1-518C-4306-8CD8-E4DEBB3BA265}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{350DE22D-0A67-4E7E-859F-DA0C5157B67A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B905C28B-9485-425B-9281-8239A5094EBB}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{60249612-FDA0-4DD0-ADD3-9D4DAD5BE206}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{590258D9-BC04-45EE-9ACA-DB0BCE67EEBA}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{41D6BAEF-5C8C-4247-A5BE-82C3C837CE6A}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{A139867D-B24B-4210-9163-223BAB966614}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E47EE469-F937-41D7-8CA0-C1941A49CB4A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Defecte Apparaatbeheer Apparaten =============


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: leen-laptop)
Description: Kan het lokale profiel niet vinden. U wordt aangemeld met een tijdelijk profiel. Wijzigingen die u in dit profiel aanbrengt gaan verloren wanneer u zich afmeldt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: leen-laptop)
Description: Er is een back-up gemaakt van dit gebruikersprofiel. Dit back-upprofiel wordt automatisch gebruikt als deze gebruiker zich weer aanmeldt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: leen-laptop)
Description: Het lokaal opgeslagen profiel kan niet worden geladen. Dit wordt mogelijk veroorzaakt door onvoldoende toegangsrechten of een beschadigd lokaal profiel. 

 DETAIL - Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Het register kan niet worden geladen. Dit probleem wordt vaak veroorzaakt door onvoldoende geheugen of onvoldoende beveiligingsrechten. 

 DETAIL - Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
 voor C:\Users\UpdatusUser\ntuser.dat

Error: (07/24/2015 02:18:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma wwahost.exe, versie 6.3.9600.17031 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: e28

Starttijd: 01d0c60a29d2a9b0

Eindtijd: 4294967295

Toepassingspad: C:\WINDOWS\syswow64\wwahost.exe

Rapport-id: 221ce5d8-31fe-11e5-bea6-48d224180fec

Volledige pakketnaam met fout: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Relatieve toepassings-id van pakket met fout: App

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Gebeurtenisprovider $Core heeft geprobeerd query select * from __InstanceOperationEvent te registreren, waarvan doelklasse __InstanceOperationEvent in naamruimte //./root niet bestaat. De query wordt genegeerd.

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Gebeurtenisprovider $Core heeft geprobeerd query select * from __InstanceOperationEvent te registreren, waarvan doelklasse __InstanceOperationEvent in naamruimte //./root/CIMV2 niet bestaat. De query wordt genegeerd.

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Gebeurtenisprovider $Core heeft geprobeerd query select * from __InstanceOperationEvent te registreren, waarvan doelklasse __InstanceOperationEvent in naamruimte //./root/subscription niet bestaat. De query wordt genegeerd.

Error: (07/24/2015 02:10:25 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

Error: (07/24/2015 02:10:25 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003


Systeemfouten:
=============
Error: (07/24/2015 03:15:14 PM) (Source: DCOM) (EventID: 10010) (User: leen-laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/24/2015 03:14:44 PM) (Source: DCOM) (EventID: 10010) (User: leen-laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.

Error: (07/24/2015 03:04:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: De volgende melding van een onherstelbare fout is gegenereerd en verzonden naar het externe eindpunt. Dit kan resulteren in het beëindigen van de verbinding. De door het TLS-protocol gedefinieerde code van de onherstelbare fout 10. De foutstatus van Windows SChannel is 10.


Microsoft Office:
=========================
Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: leen-laptop)
Description: 

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: leen-laptop)
Description: 

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: leen-laptop)
Description: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
C:\Users\UpdatusUser\ntuser.dat

Error: (07/24/2015 02:18:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031e2801d0c60a29d2a9b04294967295C:\WINDOWS\syswow64\wwahost.exe221ce5d8-31fe-11e5-bea6-48d224180fecMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root/CIMV2

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root/subscription

Error: (07/24/2015 02:10:25 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

Error: (07/24/2015 02:10:25 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: a7f42003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 6019.27 MB
Available physical RAM: 3985.83 MB
Total Virtual: 6979.27 MB
Available Virtual: 4759.61 MB

==================== Drives ================================

Drive c: (TI31128200B) (Fixed) (Total:685.57 GB) (Free:581.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== Eind van log ============================

#2
HaraMo

Posted 24 July 2015 - 08:00 AM

Member

Topic Starter
Member
456 posts

hmm,my description is gone?

again: advertisement popups showed up, a lot very annoying. I downloaded and installed mbam, with realtime enabled. It found a lot of threats, deleted them, reboot.

I don't see any advertisement, but still I receive a message at the bottom of the browser (IE) : when I go to google dot be, the message says that google want to show a popup. something later, mbam blocks a certain ipadress (two different ip adresses).

Because of this, I stil think that there is still somethiing on the laptop.

at startup a programm named windows pc , want me to start a backup.

ads by prricEchop appear and others.

while I tried to download mbam, internet very slow, even once whole system blocked ,could not move the mouse, had to press power button after waiting.

mbam found 653 threats, one of is mypcbackup, that is that program that comes up at startup , I don't see it anymore.

I have adblock plus installed, but those windows advertisement, did show up anyway.

Now after mbam has finisched and rebooted no windows, anymore.

#3
RKinner

Posted 24 July 2015 - 09:10 AM

Malware Expert

Expert
24,624 posts

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

#4
HaraMo

Posted 24 July 2015 - 09:24 AM

Member

Topic Starter
Member
456 posts

Fix resultaat van Farbar Recovery Scan Tool (x64) Version:20-07-2015
Gestart door Leen om 2015-07-24 17:19:12 Run:1
Gestart vanaf C:\Users\Leen\Desktop
Geladen Profielen: UpdatusUser & Leen (Beschikbare Profielen: UpdatusUser & Leen)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
URLSearchHook: [S-1-5-21-2987884760-4082260352-1451519778-1001] ATTENTION ==> Standaard URLSearchHook ontbreekt
URLSearchHook: [S-1-5-21-2987884760-4082260352-1451519778-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Standaard URLSearchHook ontbreekt
S2 0143381437737622mcinstcleanup; C:\WINDOWS\TEMP\014338~1.EXE [883024 2015-05-04] () [Bestand niet getekend]
2015-07-24 15:01 - 2015-04-08 18:56 - 00001312 _____ C:\WINDOWS\Tasks\fun4us_notification_service.job
2015-07-24 14:58 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-24 14:57 - 2014-09-20 22:45 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-24 14:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-24 14:56 - 2014-03-07 19:35 - 00000000 ____D C:\ProgramData\websAve
2015-07-24 14:13 - 2015-04-08 19:56 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
Task: {32286C83-3D76-4DBD-A94D-1937A96FE44D} - System32\Tasks\fun4us_notification_service => C:\Program Files (x86)\fun4us\fun4us_notification_service.exe <==== ATTENTION
Task: {7E8C7B7B-A480-43A1-9387-16567BF5EE42} - \Yahoo! Search Updater No Task File <==== ATTENTION
Task: {AEBB4ED8-22CC-49DF-8F57-B095B5CA49F0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E572CB1B-A2AF-4B08-88A1-DCA71DE9F5FE} - \Yahoo! Search No Task File <==== ATTENTION
C:\Program Files (x86)\fun4us
C:\Program Files (x86)\MyPC Backup
EmptyTemp:

*****************

\\URLSearchHook: [S-1-5-21-2987884760-4082260352-1451519778-1001] ATTENTION ==> Standaard URLSearchHook ontbreekt => waarde niet gevonden.
\\{637FE20B-9A5B-4F51-B1BE-D10045625B40} => waarde niet gevonden.
0143381437737622mcinstcleanup => Service is succesvol verwijderd.
C:\WINDOWS\Tasks\fun4us_notification_service.job => is succesvol verplaatst..
Kon niet verplaatsen "C:\WINDOWS\system32\config\BBI" => Gepland te verplaatsen bij herstart.
C:\Program Files (x86)\globalUpdate => is succesvol verplaatst..

"C:\WINDOWS\AppCompat" map verplaatsing:

Kon niet verplaatsen "C:\WINDOWS\AppCompat" map => Gepland te verplaatsen bij herstart.

C:\ProgramData\websAve => is succesvol verplaatst..
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => is succesvol verplaatst..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32286C83-3D76-4DBD-A94D-1937A96FE44D}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32286C83-3D76-4DBD-A94D-1937A96FE44D}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\fun4us_notification_service => is succesvol verplaatst..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fun4us_notification_service" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E8C7B7B-A480-43A1-9387-16567BF5EE42}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E8C7B7B-A480-43A1-9387-16567BF5EE42}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEBB4ED8-22CC-49DF-8F57-B095B5CA49F0}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEBB4ED8-22CC-49DF-8F57-B095B5CA49F0}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\LaunchSignup => is succesvol verplaatst..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E572CB1B-A2AF-4B08-88A1-DCA71DE9F5FE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E572CB1B-A2AF-4B08-88A1-DCA71DE9F5FE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => sleutel is succesvol verwijderd.
"C:\Program Files (x86)\fun4us" => bestand/map niet gevonden.
"C:\Program Files (x86)\MyPC Backup" => bestand/map niet gevonden.
EmptyTemp: => 3.5 GB tijdelijke gegevens verwijderd.

Resultaat van geplande bestanden te verplaatsen (Boot Modus: Normal) (Datum&Tijd: 2015-07-24 17:21:59)<=

"C:\WINDOWS\system32\config\BBI" => Kon niet verplaatsen
C:\WINDOWS\AppCompat => is succesvol verplaatst.

==== Eind van Fixlog 17:21:59 ====

#5
HaraMo

Posted 24 July 2015 - 09:31 AM

Member

Topic Starter
Member
456 posts

# AdwCleaner v4.208 - Logbestand aangemaakt 24/07/2015 op 17:28:19
# Laatste update 09/07/2015 door Xplode
# Database : 2015-07-15.1 [Server]
# Besturingssysteem : Windows 8.1 (x64)
# Gebruikersnaam : Leen - LEEN-LAPTOP
# Gestart vanuit : C:\Users\Leen\Desktop\AdwCleaner.exe
# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\pricechhop
Map Verwijderd : C:\ProgramData\prricEchop
Map Verwijderd : C:\ProgramData\6520c29951d977eb
Map Verwijderd : C:\Program Files (x86)\websAve
Map Verwijderd : C:\Users\Administrator\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Administrator\AppData\Local\torch
Map Verwijderd : C:\Users\Gast\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Gast\AppData\Local\torch
Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\torch
Map Verwijderd : C:\Users\Leen\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\Leen\AppData\Local\globalUpdate
Map Verwijderd : C:\Users\Leen\AppData\Local\iMesh
Map Verwijderd : C:\Users\Leen\AppData\Local\torch
Map Verwijderd : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Map Verwijderd : C:\Users\UpdatusUser\AppData\Local\torch
Bestand Verwijderd : C:\Users\Leen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
Bestand Verwijderd : C:\Users\Leen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
Bestand Verwijderd : C:\Users\Leen\Desktop\Sync Folder.lnk

***** [ Geplande taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iMesh.Device
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iMesh.file
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Sleutel Verwijderd : HKCU\Software\GlobalUpdate
Sleutel Verwijderd : HKCU\Software\Imesh
Sleutel Verwijderd : HKCU\Software\InstalledBrowserExtensions
Sleutel Verwijderd : HKCU\Software\RegisteredApplicationsEx
Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
Sleutel Verwijderd : HKLM\SOFTWARE\Imesh
Sleutel Verwijderd : HKLM\SOFTWARE\InstalledBrowserExtensions
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Webbrowsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [10176 bytes] - [24/07/2015 17:26:41]
AdwCleaner[S0].txt - [9932 bytes] - [24/07/2015 17:28:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9991 bytes] ##########

#6
HaraMo

Posted 24 July 2015 - 10:30 AM

Member

Topic Starter
Member
456 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Leen on vr 24/07/2015 at 17:33:48,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update innoApp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util innoApp

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\Leen\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Leen\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Leen\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Leen\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 24/07/2015 at 17:38:47,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7
HaraMo

Posted 24 July 2015 - 10:41 AM

Member

Topic Starter
Member
456 posts

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Gestart door Leen (Beheerder) op LEEN-LAPTOP op 24-07-2015 18:38:06
Gestart vanaf C:\Users\Leen\Desktop
Geladen Profielen: Leen (Beschikbare Profielen: UpdatusUser & Leen)
Platform: Windows 8.1 (X64) OS Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: IE)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BitTorrent Inc.) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\HEMA Fotoservice\dd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

==================== Register (gefilterd) ==================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\Run: [uTorrent] => C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-06-24] (BitTorrent Inc.)
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\Run: [Device Detection] => C:\Program Files (x86)\HEMA Fotoservice\dd.exe [861264 2014-10-01] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
GroupPolicy: Groepsbeleid op Chrome gedetecteerd <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= ATTENTION

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2987884760-4082260352-1451519778-1002 -> {EBFAF7D4-567D-4899-AD5B-DEEEBDC0F1AE} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-24] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4417344B-1467-4B47-BC35-C949FF00B749}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1B335EA-1128-49F0-8FFA-1B4CD77FD1B0}: [DhcpNameServer] 192.168.136.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-25] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll Geen bestand
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: vasco.com/VascoCardReaderPlugin -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll [2013-10-28] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-2987884760-4082260352-1451519778-1002: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll [2013-10-28] (VASCO Data Security)
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-29]

Chrome:
=======
CHR dev: Chrome dev build gedetecteerd! <======= ATTENTION
CHR Profile: C:\Users\Leen\AppData\Local\Google\Chrome\User Data\Default

==================== Services (gefilterd) =================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [Bestand niet getekend]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [72208 2015-07-10] (Advanced Card Systems Ltd.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-07-24 17:38 - 2015-07-24 17:38 - 00001303 _____ C:\Users\Leen\Desktop\JRT.txt
2015-07-24 17:32 - 2015-07-24 17:32 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Leen\Desktop\JRT.exe
2015-07-24 17:26 - 2015-07-24 17:28 - 00000000 ____D C:\AdwCleaner
2015-07-24 17:25 - 2015-07-24 17:25 - 02248704 _____ C:\Users\Leen\Desktop\AdwCleaner.exe
2015-07-24 17:20 - 2015-07-24 17:28 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2015-07-24 15:37 - 2015-07-24 18:38 - 00017651 _____ C:\Users\Leen\Desktop\FRST.txt
2015-07-24 15:37 - 2015-07-24 15:37 - 00031695 _____ C:\Users\Leen\Desktop\Addition.txt
2015-07-24 15:36 - 2015-07-24 18:38 - 00000000 ____D C:\FRST
2015-07-24 15:34 - 2015-07-24 15:34 - 02135552 _____ (Farbar) C:\Users\Leen\Desktop\FRST64.exe
2015-07-24 14:56 - 2015-07-24 16:02 - 00000000 ____D C:\Users\Leen\Desktop\laptop schoonmaken
2015-07-24 14:56 - 2015-07-24 14:56 - 00000000 ____D C:\Users\Leen\Desktop\Nieuwe map
2015-07-24 14:15 - 2015-07-24 17:30 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-24 14:15 - 2015-07-24 14:15 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 14:15 - 2015-07-24 14:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-24 14:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-24 14:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-24 14:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-24 14:06 - 2015-07-24 14:07 - 00000000 ____D C:\Nieuwe map
2015-07-24 14:06 - 2015-07-24 14:06 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Leen\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-24 14:02 - 2015-07-24 14:02 - 00000000 ____D C:\WINDOWS\pss
2015-07-24 13:33 - 2015-07-24 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 09:22 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-07-15 09:20 - 2015-07-15 09:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-07-10 12:35 - 2015-07-10 12:35 - 00072208 _____ (Advanced Card Systems Ltd.) C:\WINDOWS\system32\Drivers\a38ccid.sys
2015-06-25 21:00 - 2015-07-15 09:12 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-25 21:00 - 2015-06-25 21:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-25 20:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 20:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-07-24 18:36 - 2013-12-13 17:20 - 01233961 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-24 18:35 - 2013-10-26 18:35 - 00000000 ____D C:\Users\Leen\AppData\Roaming\uTorrent
2015-07-24 18:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-24 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-24 17:41 - 2013-10-26 18:31 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2987884760-4082260352-1451519778-1002
2015-07-24 17:29 - 2013-08-22 16:46 - 00346215 _____ C:\WINDOWS\setupact.log
2015-07-24 17:29 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 17:20 - 2013-09-29 21:06 - 00186144 _____ C:\WINDOWS\PFRO.log
2015-07-24 16:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-24 16:10 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-24 14:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-24 14:02 - 2013-12-13 17:28 - 00000000 ____D C:\Users\Leen
2015-07-24 13:33 - 2013-08-29 13:19 - 00000000 ____D C:\ProgramData\McAfee
2015-07-24 13:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-24 13:30 - 2013-08-29 13:19 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-24 13:29 - 2013-08-29 13:19 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-24 13:16 - 2013-11-25 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-24 13:16 - 2013-11-25 10:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-24 13:07 - 2013-12-16 13:00 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19D3C54B-E382-4DAB-BC28-66829940755A}
2015-07-15 10:36 - 2013-10-26 12:46 - 00000000 ____D C:\Users\Leen\AppData\Local\Packages
2015-07-02 15:33 - 2015-04-08 07:44 - 00412440 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeaack.sys
2015-07-02 15:33 - 2012-11-09 15:40 - 00077536 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\cfwids.sys
2015-07-02 15:33 - 2012-11-09 15:37 - 00344704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2015-07-02 15:33 - 2012-11-09 15:35 - 00875928 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2015-07-02 15:33 - 2012-11-09 15:35 - 00080920 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2015-07-02 15:33 - 2012-11-09 15:34 - 00496888 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfefirek.sys
2015-07-02 15:33 - 2012-11-09 15:34 - 00347800 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2015-06-29 10:03 - 2013-08-29 13:20 - 00254792 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-06-27 09:06 - 2013-10-27 23:00 - 00000000 ____D C:\Users\Leen\AppData\Roaming\vlc
2015-06-25 21:10 - 2013-09-30 06:15 - 01823174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 21:10 - 2013-09-30 05:59 - 00806704 _____ C:\WINDOWS\system32\perfh013.dat
2015-06-25 21:10 - 2013-09-30 05:59 - 00162170 _____ C:\WINDOWS\system32\perfc013.dat
2015-06-25 21:00 - 2014-12-28 23:08 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-25 21:00 - 2014-07-16 19:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-25 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-25 20:58 - 2013-10-28 11:33 - 00000000 ____D C:\WINDOWS\system32\MRT

Sommige bestanden in TEMP:
====================
C:\Users\Leen\AppData\Local\Temp\Quarantine.exe
C:\Users\Leen\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\System32\winlogon.exe => Bestand is getekend
C:\Windows\System32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\System32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\System32\services.exe => Bestand is getekend
C:\Windows\System32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\System32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\System32\rpcss.dll => Bestand is getekend
C:\Windows\System32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2015-07-24 17:41

==================== Eind van log ============================

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Version:20-07-2015
Gestart door Leen om 2015-07-24 18:39:14
Gestart vanaf C:\Users\Leen\Desktop
Boot Modus: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2987884760-4082260352-1451519778-500 - Administrator - Disabled)
Gast (S-1-5-21-2987884760-4082260352-1451519778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2987884760-4082260352-1451519778-1006 - Limited - Enabled)
Leen (S-1-5-21-2987884760-4082260352-1451519778-1002 - Administrator - Enabled) => C:\Users\Leen
UpdatusUser (S-1-5-21-2987884760-4082260352-1451519778-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Antivirus en antispyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Antivirus en antispyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

µTorrent (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adblock Plus voor IE (32-bit en 64-bit) (HKLM\...\{3156E6CF-341C-4BAB-BF93-DCE3B598C80D}) (Version: 1.4 - Eyeo GmbH)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belgium e-ID middleware 4.0.6 (build 7416) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207416}) (Version: 4.0.7416 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free Zip Viewer (HKLM-x32\...\Free Zip Viewer) (Version: 1.0 - Free Zip Viewer)
HEMA fotoalbum be-nl (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\{7530DFEF-DCB8-4231-99C9-AE9062CBE425}_is1) (Version: - Hema)
HEMA Fotoservice (HKLM-x32\...\HEMA Fotoservice_is1) (Version: - )
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Grafisch stuurprogramma 327.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.be (HKLM-x32\...\PokerStars.be) (Version: - PokerStars.be)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Stuurprogrammapakket voor Windows - Fedict SmartCard (09/23/2013 4.0.6.0) (HKLM\...\E05133A29ECEFEA49458B2C4CC3377FE49ED72B4) (Version: 09/23/2013 4.0.6.0 - Fedict)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-2987884760-4082260352-1451519778-1002_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Leen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)

==================== Herstelpunten =========================

24-06-2015 09:40:08 Windows Update
24-07-2015 16:07:15 Gepland controlepunt

==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {038761E5-0CE9-4CD4-85FC-752A2B4F45BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-07-24] (Microsoft Corporation)
Task: {085A403C-0261-4653-BCD6-7A1635D41220} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {178159EA-B9D2-4C9F-B093-02A004BE284C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {35AC17E4-CCA7-47BC-8A43-ECF03001C31B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {41E578F7-AFB5-4339-9EC9-DA43794A07FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {63AD6E23-A41B-412C-A157-9F185A960D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-07-24] (Microsoft Corporation)
Task: {A2A6D9F9-6062-4418-BD4D-79B744BBE8C8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {B8F7574C-2208-4210-981F-00AFC1B0CBDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B94034AA-1A51-4318-BC8B-B97918835C41} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

==================== Geladen Modules (gefilterd) ==============

2014-03-27 17:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-23 13:33 - 2013-12-23 13:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-12-28 21:48 - 2014-10-01 18:06 - 00861264 _____ () C:\Program Files (x86)\HEMA Fotoservice\dd.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

==================== Veilige Modus (gefilterd) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)

==================== Internet Explorer trusted/restricted ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)

==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-2987884760-4082260352-1451519778-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)

==================== FirewallRules (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E4071688-3E89-41BF-A86D-9938FCA39CBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{4E38AA5A-E13D-4E58-96D6-5CB19B38F17A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7CAB35CC-7818-44C6-8E38-C58D8A3E495D}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49495588-277F-46D1-AEE5-A18B9DDADE77}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9FB34FD-69F3-4E1A-8DB4-F1025EB9C6EC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9F610C2D-53CB-4353-B41F-90A4817581D4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{C20E948C-3345-4F9C-A927-130E656EAF7B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{27788F24-0603-4D95-B024-AF4595197B86}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5E45970D-B470-4859-A099-836B909DFF94}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F1EA1AE6-E3CC-435E-AFF0-CD8BD7FE6793}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1065E794-0C5E-4218-9B6A-33171018FEA2}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{8A588BB1-86D9-4D55-A6A4-A33C1EF6C2F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F7C44B7F-610D-42EC-A038-50C47C1764AA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{100E64B3-E3E6-4D39-9ADA-350209E5C05C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B3C6BC28-B475-4941-AA79-E5C1D52D6553}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED8B2328-2CD0-48A7-8C91-CBC60AD21376}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1D39FEC-8E5B-4ED2-A287-BD810613C2CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C52E198C-05DB-4AE8-85DD-4460BAF45A77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BCB6CBF-3680-464C-903E-23F6BAF6D4B1}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{60624ECC-7AF6-4A6E-B350-F179CD9B9523}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34756F03-AC86-461A-8B4D-95AED9655AFF}] => (Allow) C:\Users\Leen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B77F0AA4-7707-418F-B559-023B35F73768}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DD4B4F1-518C-4306-8CD8-E4DEBB3BA265}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{350DE22D-0A67-4E7E-859F-DA0C5157B67A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B905C28B-9485-425B-9281-8239A5094EBB}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{60249612-FDA0-4DD0-ADD3-9D4DAD5BE206}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{590258D9-BC04-45EE-9ACA-DB0BCE67EEBA}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{41D6BAEF-5C8C-4247-A5BE-82C3C837CE6A}] => (Allow) C:\Program Files (x86)\innoApp\bin\innoApp.BRT.Helper.exe
FirewallRules: [{A139867D-B24B-4210-9163-223BAB966614}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E47EE469-F937-41D7-8CA0-C1941A49CB4A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Defecte Apparaatbeheer Apparaten =============

==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (07/24/2015 05:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: svchost.exe_DeviceAssociationService, versie: 6.3.9600.16384, tijdstempel: 0x5215dfe3
Naam van module met fout: ntdll.dll, versie: 6.3.9600.17668, tijdstempel: 0x54c850f5
Uitzonderingscode: 0xc0000374
Foutmarge: 0x00000000000f12a0
Id van proces met fout: 0x2a8
Starttijd van toepassing met fout: 0xsvchost.exe_DeviceAssociationService0
Pad naar toepassing met fout: svchost.exe_DeviceAssociationService1
Pad naar module met fout: svchost.exe_DeviceAssociationService2
Rapport-id: svchost.exe_DeviceAssociationService3
Volledige pakketnaam met fout: svchost.exe_DeviceAssociationService4
Relatieve toepassings-id van pakket met fout: svchost.exe_DeviceAssociationService5

Error: (07/24/2015 04:26:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (07/24/2015 04:21:03 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (07/24/2015 04:07:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine ConvertStringSidToSid(S-1-5-21-2987884760-4082260352-1451519778-1001.bak). hr = 0x80070539, De structuur van de beveiligings-id is ongeldig.
.

Bewerking:
OnIdentify-gebeurtenis
Schrijvergegevens verzamelen

Context:
   Uitvoeringscontext: Shadow Copy Optimization Writer
   Klasse-id van schrijver: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Naam van schrijver: Shadow Copy Optimization Writer
   Instantie-id van schrijver: {3f3e0c61-7564-4219-b44f-375541c94ff2}

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: leen-laptop)
Description: Kan het lokale profiel niet vinden. U wordt aangemeld met een tijdelijk profiel. Wijzigingen die u in dit profiel aanbrengt gaan verloren wanneer u zich afmeldt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: leen-laptop)
Description: Er is een back-up gemaakt van dit gebruikersprofiel. Dit back-upprofiel wordt automatisch gebruikt als deze gebruiker zich weer aanmeldt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: leen-laptop)
Description: Het lokaal opgeslagen profiel kan niet worden geladen. Dit wordt mogelijk veroorzaakt door onvoldoende toegangsrechten of een beschadigd lokaal profiel.

DETAIL - Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Het register kan niet worden geladen. Dit probleem wordt vaak veroorzaakt door onvoldoende geheugen of onvoldoende beveiligingsrechten.

DETAIL - Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
voor C:\Users\UpdatusUser\ntuser.dat

Error: (07/24/2015 02:18:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma wwahost.exe, versie 6.3.9600.17031 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: e28

Starttijd: 01d0c60a29d2a9b0

Eindtijd: 4294967295

Toepassingspad: C:\WINDOWS\syswow64\wwahost.exe

Rapport-id: 221ce5d8-31fe-11e5-bea6-48d224180fec

Volledige pakketnaam met fout: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Relatieve toepassings-id van pakket met fout: App

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Gebeurtenisprovider $Core heeft geprobeerd query select * from __InstanceOperationEvent te registreren, waarvan doelklasse __InstanceOperationEvent in naamruimte //./root niet bestaat. De query wordt genegeerd.

Systeemfouten:
=============
Error: (07/24/2015 06:34:47 PM) (Source: DCOM) (EventID: 10010) (User: leen-laptop)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (07/24/2015 06:34:47 PM) (Source: DCOM) (EventID: 10010) (User: leen-laptop)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (07/24/2015 06:34:46 PM) (Source: DCOM) (EventID: 10010) (User: leen-laptop)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (07/24/2015 05:34:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De TPCH Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (07/24/2015 05:34:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Microsoft Office:
=========================
Error: (07/24/2015 05:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.163845215dfe3ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a02a801d0c62455a224e6C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dlla6cdda96-3218-11e5-bea8-48d224180fec

Error: (07/24/2015 04:26:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (07/24/2015 04:21:03 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (07/24/2015 04:07:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2987884760-4082260352-1451519778-1001.bak)0x80070539, De structuur van de beveiligings-id is ongeldig.

Bewerking:
OnIdentify-gebeurtenis
Schrijvergegevens verzamelen

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: leen-laptop)
Description:

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: leen-laptop)
Description:

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: leen-laptop)
Description: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.

Error: (07/24/2015 03:02:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Het proces heeft geen toegang tot het bestand omdat het door een ander
proces wordt gebruikt.
C:\Users\UpdatusUser\ntuser.dat

Error: (07/24/2015 02:18:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031e2801d0c60a29d2a9b04294967295C:\WINDOWS\syswow64\wwahost.exe221ce5d8-31fe-11e5-bea6-48d224180fecMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/24/2015 02:11:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root

==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 21%
Total physical RAM: 6019.27 MB
Available physical RAM: 4698.21 MB
Total Virtual: 6979.27 MB
Available Virtual: 5591.38 MB

==================== Drives ================================

Drive c: (TI31128200B) (Fixed) (Total:685.57 GB) (Free:585.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== Eind van log ============================

#8
RKinner

Posted 24 July 2015 - 10:48 AM

Malware Expert

Expert
24,624 posts

How is it running now? Any more popups? Any problems?

#9
HaraMo

Posted 24 July 2015 - 12:36 PM

Member

Topic Starter
Member
456 posts

running fine, no popups. Only problem is that even if I open Hotmail dot com, the message appears that Hotmail want to open a popup.

Why does it block even trusted sites?

also when I opened IE for first time, blanc screen appears , and later message that there is no internet, although I'm sure internet connection was ok.

But this only happened once, I just refreshed several times and I had Hotmail page appearing.

#10
HaraMo

Posted 24 July 2015 - 12:47 PM

Member

Topic Starter
Member
456 posts

hmm, I changed the settings of popup in IE, seems ok now, then I wanted to test java (java dot com), but nothing happens?

Then I ve done a reset of IE reboot: but reboot takes soo long... more then 3 minutes now....

#11
HaraMo

Posted 24 July 2015 - 01:25 PM

Member

Topic Starter
Member
456 posts

After some minutes later, a message appears about windows update! hmm, I had use a commmand that let me reboot without installing/processing windows update, strange?

now , after some reboots, windows update is stuck at: the update could not be finished, making changes undone, do not shut of pc (my own translating).

Do I leave it until it finishes?

hmm

#12
HaraMo

Posted 24 July 2015 - 02:06 PM

Member

Topic Starter
Member
456 posts

laptop rebooted, I thaught it was ok now. I left my desk, now I'm back and I see back the message that changes have to be undone.

I think windows update is stuck in a loop...

#13
RKinner

Posted 24 July 2015 - 02:11 PM

Malware Expert

Expert
24,624 posts

Sometimes an update doesn't work and it backs it out. Hopefully it will complete if you let it sit. If not you will have to hope that it reboots OK after a forced shutdown.

See:

https://support.micr...en-us/kb/947821

The long boot time may have been caused by updates. If not you can do a boot log and perhaps we can figure out what is going on. Option 2 on http://pcsupport.abo...up-settings.htm

#14
HaraMo

Posted 24 July 2015 - 02:33 PM

Member

Topic Starter
Member
456 posts

OK, finally, laptop boots normal.

I followed option 2: enable boot logging

log:

Microsoft ® Windows ® Versi 7 24 2015 22:29:41.497
BOOTLOG_LOADED \SystemRoot\system32\ntoskrnl.exe
BOOTLOG_LOADED \SystemRoot\system32\hal.dll
BOOTLOG_LOADED \SystemRoot\system32\kd.dll
BOOTLOG_LOADED \SystemRoot\system32\mcupdate_GenuineIntel.dll
BOOTLOG_LOADED \SystemRoot\System32\drivers\werkernel.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CLFS.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\tm.sys
BOOTLOG_LOADED \SystemRoot\system32\PSHED.dll
BOOTLOG_LOADED \SystemRoot\system32\BOOTVID.dll
BOOTLOG_LOADED \SystemRoot\system32\CI.dll
BOOTLOG_LOADED \SystemRoot\System32\drivers\msrpc.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\Wdf01000.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\WDFLDR.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\acpiex.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\WppRecorder.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\ACPI.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WMILIB.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\cng.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfeelamk.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\tbs.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\msisadrv.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\pci.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\vdrvroot.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\pdc.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\partmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\spaceport.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volmgrx.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mountmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\iaStorA.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\storport.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\EhStorClass.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\fltmgr.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\fileinfo.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Wof.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfehidk.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Ntfs.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecdd.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\pcw.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Fs_Rec.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\ndis.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\NETIO.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\ksecpkg.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpip.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\fwpkclnt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\wfplwfs.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfewfpk.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\fvevol.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mfedisk.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\volsnap.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\rdyboost.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nvpciflt.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\mup.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\intelpep.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\hwpolicy.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\disk.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CLASSPNP.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\cdrom.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Null.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Beep.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicRender.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BasicDisplay.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Npfs.SYS
BOOTLOG_LOADED \SystemRoot\System32\Drivers\Msfs.SYS
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdx.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\netbt.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\afd.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\pacer.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwififlt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\netbios.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rdbss.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\nsiproxy.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\npsvctrig.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mssmbios.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\dfsc.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ahcache.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CompositeBus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\kdnic.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\umbus.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nvlddmkm.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\igdkmd64.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\fastfat.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\ucx01000.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\USBXHCI.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\HECIx64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbehci.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\HDAudBus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\athwbx.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\vwifibus.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\L1C63x64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\i8042prt.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\SynTP.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\kbdclass.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mouclass.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\tdcmdpst.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\CmBatt.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\wmiacpi.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\intelppm.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\TVALZ_O.SYS
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\TVALZFL.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tosrfec.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\NdisVirtualBus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tos_sps64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\swenum.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\iwdbus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\rdpbus.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbhub.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\UsbHub3.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\stwrt64.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\ksthunk.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\IntcDAud.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\Thotkey.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mshidkmdf.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfeavfk.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfefirek.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mfencbdc.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\mfeaack.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\btfilter.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\BTHUSB.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\AmUStor.SYS
BOOTLOG_LOADED \SystemRoot\System32\drivers\usbccgp.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\usbvideo.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BthLEEnum.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\rfcomm.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\BthEnum.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\bthpan.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\monitor.sys
BOOTLOG_NOT_LOADED \SystemRoot\System32\drivers\dxgkrnl.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\luafv.sys
BOOTLOG_LOADED \??\C:\WINDOWS\system32\drivers\mbam.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\WudfPf.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\lltdio.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\nwifi.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\ndisuio.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\rspndr.sys
BOOTLOG_LOADED \??\C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\HTTP.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\vwifimp.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\bowser.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\mpsdrv.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb20.sys
BOOTLOG_LOADED \SystemRoot\system32\DRIVERS\mrxsmb10.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\Ndu.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\peauth.sys
BOOTLOG_LOADED \SystemRoot\System32\Drivers\secdrv.SYS
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srvnet.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tcpipreg.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv2.sys
BOOTLOG_LOADED \SystemRoot\System32\DRIVERS\srv.sys
BOOTLOG_LOADED \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
BOOTLOG_LOADED \SystemRoot\system32\drivers\cfwids.sys

#15
HaraMo

Posted 24 July 2015 - 02:39 PM

Member

Topic Starter
Member
456 posts

Also strange: before I runned MBAM, I went to msconfig , and changed selectif startup to normal startup then rebooted, just to be sure that mbam can find all running processes.

Now I check msconfig, it's back on selective startup. Why is it not taking normal startup?