Page 1 of 2 12 Last
  1. #1
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB & 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24" Liyama ProLite XB2483HSU-B2 & 24" Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    infected laptop sister posting from my account

    I asked my brother for assistance for something, eventually he started checking my system for outdated software and infections and it seems he found something.
    I would like to get some help with removing this garbage, please note that I am not tech savvy and will need guidance in what to do.

    Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:27-01-2016
    Gestart door Eva (Beheerder) op EVA (07-02-2016 16:55:54)
    Gestart vanaf E:\Download
    Geladen Profielen: Eva (Beschikbare Profielen: Eva)
    Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
    Internet Explorer Versie 11 (Standaardbrowser: Chrome)
    Boot Modus: Normal
    Handleiding voor Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processen (gefilterd) =================


    (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)


    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    () E:\Download\SecurityCheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    Kon geen toegng krijgen tot proces -> ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\WerFault.exe
    () C:\Users\Eva\Desktop\SecurityCheck.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corp.) C:\Windows\System32\Defrag.exe




    ==================== Register (gefilterd) ===========================


    (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)


    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688472 2013-07-22] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-22] (TOSHIBA)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-11-24] (Spotify Ltd)
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Geen bestand
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Geen bestand
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Geen bestand
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Geen bestand
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Geen bestand
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Geen bestand
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Geen bestand


    ==================== Internet (gefilterd) ====================


    (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)


    Tcpip\Parameters: [DhcpNameServer] 88.159.1.200 88.159.1.201
    Tcpip\..\Interfaces\{095E6FBF-BB3A-4B4E-B24B-6AD95A919E26}: [DhcpNameServer] 88.159.1.200 88.159.1.201
    Tcpip\..\Interfaces\{7E3C8F43-D186-475C-8529-80843D227332}: [DhcpNameServer] 192.168.160.1


    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-786833423-3852317431-1923380631-1001 -> {DEA02CEB-32BD-452F-906D-8A073F9EEC02} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
    IE Session Restore: HKU\S-1-5-21-786833423-3852317431-1923380631-1001 -> is ingeschakeld.
    DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-09-08] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-02] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)


    FireFox:
    ========
    FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\pnwn19vj.default
    FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=9AE19B72-7E84-4989-A354-9470DF5650BE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP7AEC2CFD-A734-4DC9-8D3F-44055FAF0558&D=080715
    FF DefaultSearchEngine: Trovi
    FF SelectedSearchEngine: Trovi
    FF Homepage: about:home
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-08] (Microsoft Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-02] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-09-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]


    Chrome:
    =======
    CHR Session Restore: Default -> is ingeschakeld.
    CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Documenten) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
    CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
    CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
    CHR Extension: (Offline Documenten) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
    CHR Extension: (AdBlock) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-07]
    CHR Extension: (Pinknop) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-28]
    CHR Extension: (Beach Sunset) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdicbadokilfkjdplbnfkkpppmbjdgk [2015-10-06]
    CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
    CHR Extension: (Bitdefender QuickScan) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-11]
    CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]


    ==================== Services (gefilterd) ========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-30] (Windows (R) Win 7 DDK provider) [Bestand niet getekend]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
    R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Bestand niet getekend]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [Bestand niet getekend]
    S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Bestand niet getekend]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-06] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-06] (Microsoft Corporation)


    ===================== Drivers (gefilterd) ==========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
    R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
    S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-06] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-06] (Microsoft Corporation)


    ==================== NetSvcs (gefilterd) ===================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)




    ==================== Een Maand Aangemaakt bestanden en mappen ========


    (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


    2016-02-07 16:54 - 2016-02-07 16:42 - 02370560 _____ (Farbar) C:\Users\Eva\Desktop\FRST64.exe
    2016-02-07 16:53 - 2016-02-07 16:42 - 00852798 _____ C:\Users\Eva\Desktop\SecurityCheck.exe
    2016-02-07 16:43 - 2016-02-07 16:55 - 00000000 ____D C:\FRST
    2016-02-07 16:04 - 2016-02-07 16:05 - 00481640 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-07 16:02 - 2016-02-07 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-07 15:52 - 2016-02-07 15:52 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2016-02-07 15:52 - 2016-02-07 15:52 - 00000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-02-07 15:52 - 2016-02-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-02-07 15:51 - 2016-02-07 16:07 - 00000000 ____D C:\AdwCleaner
    2016-02-07 15:46 - 2016-02-07 15:46 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Sun
    2016-02-07 15:45 - 2016-02-07 15:45 - 00000000 ____D C:\Users\Eva\AppData\LocalLow\Oracle
    2016-01-14 13:27 - 2015-12-09 12:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-01-14 13:27 - 2015-11-17 09:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-01-14 13:27 - 2015-11-17 09:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-01-14 13:06 - 2015-12-10 16:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-01-14 13:06 - 2015-12-10 16:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-01-14 13:06 - 2015-12-10 15:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-01-14 13:06 - 2015-12-10 15:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-01-14 13:06 - 2015-12-10 15:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-01-14 13:06 - 2015-12-10 15:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-01-14 13:06 - 2015-12-10 15:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-01-14 13:06 - 2015-12-10 15:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-01-14 13:06 - 2015-12-10 15:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-01-14 13:06 - 2015-12-10 15:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-01-14 13:06 - 2015-12-10 14:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-01-14 13:06 - 2015-12-10 14:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-01-14 13:06 - 2015-12-10 14:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-01-14 13:06 - 2015-12-10 14:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-01-14 13:06 - 2015-12-10 14:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-01-14 13:06 - 2015-12-10 14:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-01-14 13:06 - 2015-12-10 14:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-01-14 13:06 - 2015-12-10 14:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-01-14 13:06 - 2015-12-10 14:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-01-14 13:06 - 2015-12-10 14:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-01-14 13:06 - 2015-12-10 14:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01798480 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-01-14 13:05 - 2015-12-04 17:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-01-14 13:05 - 2015-12-04 17:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-01-14 13:05 - 2015-12-03 06:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-01-14 13:05 - 2015-12-03 06:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-01-14 13:05 - 2015-12-03 06:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-01-14 13:05 - 2015-12-03 06:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-01-14 13:05 - 2015-12-03 06:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-01-14 13:05 - 2015-12-03 05:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2016-01-14 13:05 - 2015-12-03 05:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-01-14 13:05 - 2015-12-03 05:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-01-14 13:05 - 2015-12-03 05:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-01-14 13:05 - 2015-12-03 05:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-01-14 13:05 - 2015-12-03 05:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-01-14 13:05 - 2015-12-03 05:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-01-14 13:05 - 2015-12-03 05:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-01-14 13:05 - 2015-12-03 05:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-01-14 13:05 - 2015-12-03 05:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-01-14 13:05 - 2015-12-03 04:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-01-14 13:05 - 2015-12-03 04:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-01-14 13:05 - 2015-12-02 03:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-01-14 13:05 - 2015-12-02 03:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-01-14 13:04 - 2015-12-30 07:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-01-14 13:04 - 2015-12-30 07:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-01-14 13:04 - 2015-12-30 07:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-01-14 13:04 - 2015-12-06 22:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-01-14 13:04 - 2015-12-04 03:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-01-14 13:04 - 2015-12-03 07:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-01-14 13:04 - 2015-12-03 07:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-01-14 13:04 - 2015-12-03 07:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-01-14 13:04 - 2015-12-03 07:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2016-01-14 13:04 - 2015-12-03 07:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-01-14 13:04 - 2015-12-03 06:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-01-14 13:04 - 2015-12-03 06:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-01-14 13:04 - 2015-12-03 06:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2016-01-14 13:04 - 2015-12-03 06:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-01-14 13:04 - 2015-12-03 06:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-01-14 13:04 - 2015-12-03 05:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-01-14 13:04 - 2015-12-03 05:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-01-14 13:04 - 2015-12-03 05:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-01-14 13:04 - 2015-12-03 05:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-01-14 13:04 - 2015-12-03 04:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-01-14 13:02 - 2015-12-08 07:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-01-14 13:02 - 2015-12-08 07:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll


    ==================== Een Maand Gewijzigd bestanden en mappen ========


    (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)


    2016-02-07 16:56 - 2014-06-13 13:02 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-07 16:51 - 2015-08-07 20:46 - 00000000 ____D C:\Users\Eva\AppData\Roaming\BitTorrent
    2016-02-07 16:47 - 2014-06-13 12:50 - 00000000 ___DO C:\Users\Eva\SkyDrive
    2016-02-07 16:40 - 2015-12-10 19:42 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Skype
    2016-02-07 16:36 - 2014-06-13 12:53 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-786833423-3852317431-1923380631-1001
    2016-02-07 16:31 - 2015-05-13 11:19 - 00000000 ___RD C:\Users\Eva\OneDrive
    2016-02-07 16:31 - 2015-01-05 11:57 - 00003082 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-786833423-3852317431-1923380631-1001
    2016-02-07 16:16 - 2014-06-13 12:45 - 00000000 ____D C:\Users\Eva
    2016-02-07 16:10 - 2014-06-13 12:57 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC55AA9B-8C36-41B7-9EBB-2E8E118FDF2C}
    2016-02-07 16:07 - 2014-06-13 13:02 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-07 16:06 - 2014-09-08 21:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-02-07 16:05 - 2013-08-22 02:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-07 16:04 - 2014-11-02 12:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-07 16:04 - 2013-08-22 01:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-02-07 16:01 - 2015-12-10 19:41 - 00000000 ____D C:\ProgramData\Skype
    2016-02-07 15:52 - 2014-09-08 22:26 - 00000000 ____D C:\Program Files\CCleaner
    2016-02-07 15:48 - 2014-11-11 19:34 - 00000000 ____D C:\ProgramData\Oracle
    2016-02-07 15:47 - 2014-11-11 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-07 15:46 - 2014-11-11 19:38 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2016-02-07 15:46 - 2014-11-11 19:38 - 00000000 ____D C:\Program Files (x86)\Java
    2016-02-07 15:37 - 2014-09-08 21:51 - 00000648 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-07 15:37 - 2014-09-08 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-05 21:18 - 2013-08-22 01:36 - 00000000 ____D C:\Windows\Inf
    2016-02-05 03:57 - 2014-06-13 13:02 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-05 03:57 - 2014-06-13 13:02 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-03 16:08 - 2013-08-22 03:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-03 16:08 - 2013-08-22 03:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-02-03 14:51 - 2014-06-13 13:02 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-03 14:51 - 2014-06-13 13:02 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-01-30 22:17 - 2013-08-22 03:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-01-28 20:49 - 2013-11-24 07:37 - 01823174 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-28 20:49 - 2013-08-27 22:25 - 00806704 _____ C:\Windows\system32\perfh013.dat
    2016-01-28 20:49 - 2013-08-27 22:25 - 00162170 _____ C:\Windows\system32\perfc013.dat
    2016-01-27 13:17 - 2014-06-13 12:47 - 00000000 ____D C:\Users\Eva\AppData\Local\Packages
    2016-01-20 14:48 - 2013-08-22 03:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-20 14:47 - 2014-09-08 22:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-01-20 14:25 - 2015-12-10 19:42 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-17 15:50 - 2013-08-22 03:36 - 00000000 ____D C:\Windows\rescache
    2016-01-17 14:37 - 2014-06-14 18:17 - 00000000 ____D C:\Windows\system32\MRT
    2016-01-17 14:29 - 2014-06-14 18:17 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-01-14 22:29 - 2014-12-11 00:55 - 00000000 ____D C:\Windows\system32\appraiser
    2016-01-14 22:29 - 2014-07-25 19:25 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-01-14 13:36 - 2015-09-02 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-01-14 13:36 - 2013-08-22 03:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-01-14 13:35 - 2015-09-02 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-01-14 13:35 - 2015-09-02 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight


    ==================== Bestanden in de root van sommige mappen =======


    2015-09-18 15:40 - 2015-09-18 15:40 - 0000000 _____ () C:\Program Files (x86)\GUM6F.tmp
    2015-05-26 14:57 - 2015-05-26 14:57 - 0000000 _____ () C:\Users\Eva\AppData\Local\{D2ADC405-D2F7-4963-A8A7-BAF08CBE2DAE}


    ==================== Bamital & volsnap =================


    (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)


    C:\Windows\system32\winlogon.exe => Bestand is getekend
    C:\Windows\system32\wininit.exe => Bestand is getekend
    C:\Windows\explorer.exe => Bestand is getekend
    C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
    C:\Windows\system32\svchost.exe => Bestand is getekend
    C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
    C:\Windows\system32\services.exe => Bestand is getekend
    C:\Windows\system32\User32.dll => Bestand is getekend
    C:\Windows\SysWOW64\User32.dll => Bestand is getekend
    C:\Windows\system32\userinit.exe => Bestand is getekend
    C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
    C:\Windows\system32\rpcss.dll => Bestand is getekend
    C:\Windows\system32\dnsapi.dll => Bestand is getekend
    C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
    C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend




    LastRegBack: 2016-02-01 06:28


    ==================== Eind van FRST.txt ============================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB & 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24" Liyama ProLite XB2483HSU-B2 & 24" Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:27-01-2016
    Gestart door Eva (2016-02-07 16:56:49)
    Gestart vanaf E:\Download
    Windows 8.1 (X64) (2014-06-14 00:47:21)
    Boot Modus: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-786833423-3852317431-1923380631-500 - Administrator - Disabled)
    Eva (S-1-5-21-786833423-3852317431-1923380631-1001 - Administrator - Enabled) => C:\Users\Eva
    Gast (S-1-5-21-786833423-3852317431-1923380631-501 - Limited - Disabled)


    ==================== Security Center ========================


    (Als een item is opgenomen in de fixlist, zal het worden verwijderd.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== GeÔnstalleerde programma's ======================


    (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)


    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.509 - Alps Electric)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.6.0.0 - Auslogics Software Pty Ltd)
    BitTorrent (HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Download &amp; Installeer Packages (HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Download &amp; Installeer Packages) (Version: - ) <==== AANDACHT
    Dropbox (HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
    Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.0.1.1001 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4787.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-786833423-3852317431-1923380631-1001\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 40.0.3 (x86 nl) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 nl)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
    Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
    Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
    TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
    TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
    Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)


    ==================== Aangepaste CLSID (gefilterd): ==========================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    CustomCLSID: HKU\S-1-5-21-786833423-3852317431-1923380631-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-786833423-3852317431-1923380631-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-786833423-3852317431-1923380631-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-786833423-3852317431-1923380631-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)


    ==================== Geplande Taken (gefilterd) =============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    Task: {09F0EEB8-5319-4731-82A6-5FB1C0D9FB1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {27493589-4D4E-4697-9C08-F3BEFA38EC47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {31A18C61-4D0E-42B8-9BCB-E96D0BC197EB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
    Task: {47069289-72FC-41BF-AE32-84DAC2E164B5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {5BD0575D-9DE2-486C-8190-0BCD36CFF2D4} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-08] (TOSHIBA Corporation)
    Task: {71ABA96D-5960-421A-87F5-607E632AF9E9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {73D5DFB8-2476-42C7-BAB4-A600971F2E3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
    Task: {7ECFA0C4-B9D6-460F-B43B-5E603FC40BE9} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
    Task: {9FF6F60E-2CE8-4675-BFB4-40D5BDA9E842} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-786833423-3852317431-1923380631-1001 => C:\Users\Eva\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-02-07] (Microsoft Corporation)
    Task: {B95150D2-56E4-4838-B810-A7BC61D22819} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {E223425E-1658-40A5-B5D2-1F0F4FF8CEA1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
    Task: {E4A03E75-ACD6-4B32-96E1-B6A6B3D4C3F5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-20] (Microsoft Corporation)
    Task: {EE8565A9-B954-4C1E-8CE9-835DBBED7757} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
    Task: {F29040C0-6BCB-45CE-ACC2-9D33BECE514E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)


    (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)


    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Snelkoppelingen =============================


    (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)


    ==================== Geladen Modules (gefilterd) ==============


    2013-03-27 07:53 - 2013-03-27 07:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
    2014-09-08 22:45 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-09-10 07:54 - 2013-09-10 07:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    2016-01-15 08:44 - 2016-01-15 08:44 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
    2016-02-07 16:42 - 2016-02-07 16:42 - 00852798 _____ () E:\Download\SecurityCheck.exe
    2016-02-07 16:53 - 2016-02-07 16:42 - 00852798 _____ () C:\Users\Eva\Desktop\SecurityCheck.exe
    2014-05-06 14:16 - 2013-09-03 11:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-02-05 03:57 - 2016-02-02 19:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
    2016-02-05 03:57 - 2016-02-02 19:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll


    ==================== Alternate Data Streams (gefilterd) =========


    (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)




    ==================== Veilige Modus (gefilterd) ===================


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""


    ==================== EXE Bestandskoppeling (gefilterd) ===============


    (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)




    ==================== Internet Explorer vertrouwde/beperkte toegang ===============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)




    ==================== Hosts inhoud: ===============================


    (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)


    2013-08-22 01:25 - 2013-08-22 01:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts




    ==================== Andere gebieden ============================


    (Momenteel is er geen automatische fix voor dit onderdeel.)


    HKU\S-1-5-21-786833423-3852317431-1923380631-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\Pictures\Vakanties\KroatiŽ 17-7 30-7 2015 met Koen\DSC02792.JPG
    DNS Servers: 88.159.1.200 - 88.159.1.201
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is ingeschakeld.


    ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==


    (Momenteel is er geen automatische fix voor dit onderdeel.)


    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run: => "TecoResident"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run: => "TSSSrv"
    HKLM\...\StartupApproved\Run: => "TosWaitSrv"
    HKLM\...\StartupApproved\Run32: => "1.TPUReg"
    HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
    HKLM\...\StartupApproved\Run32: => "TSVU"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"


    ==================== Firewall regels (gefilterd) ===============


    (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{496633AD-07C0-404F-B6EC-480A49D04472}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{6F0BD13C-ACD8-4E64-90CE-2E0630AC0946}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{3AE7B92F-82FA-4408-94AD-F61F450695FE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{C7E3F35B-6D2A-4436-BBA1-82BDC3FA6836}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [TCP Query User{AD2FFE3E-5358-4472-84D5-9AE89D086013}C:\users\eva\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\eva\appdata\roaming\bittorrent\bittorrent.exe
    FirewallRules: [UDP Query User{C2267903-7436-4891-9E1D-1C3C76457142}C:\users\eva\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\eva\appdata\roaming\bittorrent\bittorrent.exe
    FirewallRules: [{F5CA0261-6170-464D-808E-BD76AF2D71DF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [TCP Query User{62D7215E-CEA5-4874-812D-011FA6660EDF}C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{87F727CB-957B-4C26-BCF6-6468CCD96CB6}C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{12C3F725-EB77-4044-9B8D-4BF063D668B6}C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{9FDDA098-3810-4C66-B5CB-853330E1D45C}C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\eva\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [{3787287E-32A7-4588-8C9A-74E86BB67207}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [TCP Query User{033110A4-C23F-48C5-9577-97296E6D0EFF}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
    FirewallRules: [UDP Query User{CBD9FBFD-FA87-4026-A6BA-F9E9DF35C0F3}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Block) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
    FirewallRules: [{6D534B3A-40F5-436F-8772-52DB31C597D2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{EB158D93-7DA2-4866-8457-E11D45305C78}] => (Allow) LPort=2869
    FirewallRules: [{74B31050-099D-4720-ABEE-36D1B5A1296C}] => (Allow) LPort=1900
    FirewallRules: [{22CC8711-9A53-4F20-902C-8DAF87588634}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{0A3C0782-85F3-4E25-9457-E13F614F31C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{3B589B73-62D4-4A35-9D16-73D08164FF0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{B2BBF189-17B6-4E6A-AD46-DB3689D44489}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{D640DB1C-36DB-4ECC-BE44-55082E5522CD}] => (Allow) C:\Users\Eva\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{9498BFBA-31B1-4D35-97CD-BADE4508FB54}] => (Allow) C:\Users\Eva\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{3C2D92CE-5B1C-44EE-B996-5C1B8DAE4C15}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{C9C4A245-C189-4EFD-BB4E-5B7D39183B36}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{19F8FCED-F551-43BB-A77C-338B23416114}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{3AB72C77-5053-4B9B-BADA-0926FAEB52BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{BB921002-0B85-41F2-801A-8C9922446D5A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{468B58B6-64BE-4AAA-93E9-B98FA909BC6B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{B424F389-3228-46A6-ACCB-0E9F54407BEB}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{9D71E466-137E-446C-876E-5E7DF0D316D8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [TCP Query User{E95243DC-3127-4021-999E-EF21C68ED1E9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{FBA41A9D-3806-4A2A-A319-74D5054D054F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{53CA2D29-D6B5-4A0A-95F8-FC39E0FA2056}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{23CFED0D-1B74-4A6A-A200-52F61DC48298}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{63E2BD90-F17A-4661-859C-A7578D80299A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Herstelpunten =========================


    17-01-2016 14:28:14 Windows Update
    26-01-2016 14:37:32 Gepland controlepunt


    ==================== Defecte Apparaatbeheer Apparaten =============




    ==================== Eventlog fouten: =========================


    Applicatiefouten:
    ==================
    Error: (02/07/2016 04:57:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Het programma ToshibaServiceStation.exe, versie 2.6.3.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.


    Proces-id: 5d4


    Starttijd: 01d162265ec61a6a


    Eindtijd: 4294967295


    Toepassingspad: C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe


    Rapport-id: fd7c22fe-ce1f-11e5-8301-202564d1ea98


    Volledige pakketnaam met fout:


    Relatieve toepassings-id van pakket met fout:


    Error: (02/07/2016 04:50:31 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
    Description: .NET Runtime version 4.0.30319.34209 - Er is een fout opgetreden tijdens de initialisatie van de koppelingsinfrastructuur voor de profiling-API. Dit proces staat niet toe dat een profiler wordt gekoppeld. HRESULT: 0x80004005. Proces-id (decimaal): 5268. Bericht-id: [0x2509].


    Error: (02/07/2016 04:48:17 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
    Description: .NET Runtime version 4.0.30319.34209 - Er is een fout opgetreden tijdens de initialisatie van de koppelingsinfrastructuur voor de profiling-API. Dit proces staat niet toe dat een profiler wordt gekoppeld. HRESULT: 0x80004005. Proces-id (decimaal): 4424. Bericht-id: [0x2509].


    Error: (02/07/2016 04:48:12 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
    Description: .NET Runtime version 4.0.30319.34209 - Er is een fout opgetreden tijdens de initialisatie van de koppelingsinfrastructuur voor de profiling-API. Dit proces staat niet toe dat een profiler wordt gekoppeld. HRESULT: 0x80004005. Proces-id (decimaal): 1764. Bericht-id: [0x2509].


    Error: (02/07/2016 03:43:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Het programma chrome.exe, versie 48.0.2564.103 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.


    Proces-id: e5c


    Starttijd: 01d16213755271db


    Eindtijd: 20522


    Toepassingspad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    Rapport-id: 0bcbca40-ce16-11e5-8300-202564d1ea98


    Volledige pakketnaam met fout:


    Relatieve toepassings-id van pakket met fout:


    Error: (02/07/2016 03:27:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
    Description: .NET Runtime version 4.0.30319.34209 - Er is een fout opgetreden tijdens de initialisatie van de koppelingsinfrastructuur voor de profiling-API. Dit proces staat niet toe dat een profiler wordt gekoppeld. HRESULT: 0x80004005. Proces-id (decimaal): 5544. Bericht-id: [0x2509].


    Error: (02/07/2016 02:45:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005




    Systeemfouten:
    =============
    Error: (02/07/2016 04:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De Windows Search-service kan vanwege de volgende fout niet worden gestart:
    %%1069


    Error: (02/07/2016 04:04:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: De WSearch-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
    %%50


    Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.


    Error: (02/07/2016 04:03:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: De Windows Installer-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De TMachInfo-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De TPCH Service-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De Intel(R) Dynamic Application Loader Host Interface Service-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De Intel(R) ME Service-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De Intel(R) Integrated Clock Controller Service - Intel(R) ICCS-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.


    Error: (02/07/2016 04:03:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De TOSHIBA eco Utility Service-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.




    CodeIntegrity:
    ===================================
    Date: 2016-02-04 18:41:58.178
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:57.849
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:57.506
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:57.127
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:56.783
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:56.439
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:54.802
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-02-04 18:41:54.333
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-01-20 14:44:58.547
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2016-01-20 14:44:58.123
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.




    ==================== Geheugen info ===========================


    Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
    Percentage geheugen in gebruik: 40%
    Totaal fysiek RAM-geheugen: 6019.27 MB
    Beschikbaar fysiek RAM-geheugen: 3587.29 MB
    Totaal Virtueel geheugen: 6979.27 MB
    Beschikbaar Virtual geheugen: 4236.85 MB


    ==================== Schijven ================================


    Drive c: (TI31252400A) (Fixed) (Total:357.44 GB) (Free:215.56 GB) NTFS
    Drive e: (NieuwVolume) (Fixed) (Total:330.03 GB) (Free:309.62 GB) NTFS


    ==================== MBR & Partitietabel ==================


    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)


    Partition: GPT.


    ==================== Eind van Addition.txt ============================

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 73
    Java version 32-bit out of Date!
    Mozilla Firefox 40.0.3 Firefox out of Date!
    Google Chrome (48.0.2564.103)
    Google Chrome (48.0.2564.97)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Windows Defender MpCmdRun.exe
    Windows Defender MSASCui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

  3. #3
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    Hi, axe0's sister. :) If you run into problems, your brother has done this before and I'm sure can guide you through the process. However, feel free to ask questions if you don't understand my instructions.

    1. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=9AE19B72-7E84-4989-A354-9470DF5650BE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP7AEC2CFD-A734-4DC9-8D3F-44055FAF0558&D=080715
    FF DefaultSearchEngine: Trovi
    FF SelectedSearchEngine: Trovi
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.

    2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Right-click on AdwCleaner.exe and select Run As Administrator
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    3. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    4. Your version of Firefox is out of date. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #4
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    Firefox has been updated.

    Adwcleaner has been used by my brother, so Adwcleaner found nothing.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 8.1 x64
    Ran by Eva (Administrator) on ma 08-02-2016 at 14:16:25,63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 4


    Successfully deleted: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)
    Successfully deleted: C:\Users\Eva\AppData\Local\worldoftanks (Folder)
    Successfully deleted: C:\Users\Eva\AppData\Roaming\worldoftanks (Folder)
    Successfully deleted: C:\Program Files (x86)\GUM6F.tmp (File)






    Registry: 2


    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DEA02CEB-32BD-452F-906D-8A073F9EEC02} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)








    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ma 08-02-2016 at 14:18:23,34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v5.033 - Logbestand aangemaakt 08/02/2016 op 14:02:53
    # Laatste update 07/02/2016 door Xplode
    # Database : 2016-02-07.2 [Server]
    # Besturingssysteem : Windows 8.1 (x64)
    # Gebruikersnaam : Eva - EVA
    # Gestart vanuit : E:\Download\adwcleaner_5.033.exe
    # Optie : Scannen
    # Ondersteuning : Forum - ToolsLi


    ***** [ Services ] *****




    ***** [ Mappen ] *****




    ***** [ Bestanden ] *****




    ***** [ DLL ] *****




    ***** [ Snelkoppelingen ] *****




    ***** [ geplande taken ] *****




    ***** [ Register ] *****




    ***** [ Internetbrowsers ] *****




    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [589 bytes] ##########


    Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:27-01-2016
    Gestart door Eva (2016-02-08 13:15:18) Run:1
    Gestart vanaf C:\Users\Eva\Desktop
    Geladen Profielen: Eva (Beschikbare Profielen: Eva)
    Boot Modus: Normal
    ==============================================


    fixlist inhoud:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=9AE19B72-7E84-4989-A354-9470DF5650BE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP7AEC2CFD-A734-4DC9-8D3F-44055FAF0558&D=080715
    FF DefaultSearchEngine: Trovi
    FF SelectedSearchEngine: Trovi
    EmptyTemp:
    end
    *****************


    Herstelpunt is succesfol gemaakt.
    Proces succesvol afgesloten.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
    Firefox "newtab" is succesvol verwijderd.
    Firefox DefaultSearchEngine is succesvol verwijderd.
    Firefox SelectedSearchEngine is succesvol verwijderd.
    EmptyTemp: => 470.7 MB tijdelijke gegevens verwijderd.




    Het systeem moest herstart worden.


    ==== Eind van Fixlog 13:16:02 ====

  5. #5
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    An update, I (owner of this account, the brother) am currently scanning the laptop.
    Malwarebytes and Windows Defender are running, both have already found a few things, the laptop has been rebooted a few times.

    Maybe important to know, but also this laptop has been heavily infected in the past. The last time I was scanning it, some months ago, there have been hundreds of infected files found by Malwarebytes, but I don't know if the current infection is remnant of some months ago.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    Hi, axe0.

    Please provide the results of the scans.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    The logs have been provided in post #4

    Result of JRT
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 8.1 x64
    Ran by Eva (Administrator) on ma 08-02-2016 at 14:16:25,63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    File System: 4


    Successfully deleted: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)
    Successfully deleted: C:\Users\Eva\AppData\Local\worldoftanks (Folder)
    Successfully deleted: C:\Users\Eva\AppData\Roaming\worldoftanks (Folder)
    Successfully deleted: C:\Program Files (x86)\GUM6F.tmp (File)


    Registry: 2


    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DEA02CEB-32BD-452F-906D-8A073F9EEC02} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ma 08-02-2016 at 14:18:23,34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Result of Adwcleaner

    # AdwCleaner v5.033 - Logbestand aangemaakt 08/02/2016 op 14:02:53
    # Laatste update 07/02/2016 door Xplode
    # Database : 2016-02-07.2 [Server]
    # Besturingssysteem : Windows 8.1 (x64)
    # Gebruikersnaam : Eva - EVA
    # Gestart vanuit : E:\Download\adwcleaner_5.033.exe
    # Optie : Scannen
    # Ondersteuning : Forum - ToolsLi


    ***** [ Services ] *****




    ***** [ Mappen ] *****




    ***** [ Bestanden ] *****




    ***** [ DLL ] *****




    ***** [ Snelkoppelingen ] *****




    ***** [ geplande taken ] *****




    ***** [ Register ] *****




    ***** [ Internetbrowsers ] *****




    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [589 bytes] ##########


    Result of FRST

    Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:27-01-2016
    Gestart door Eva (2016-02-08 13:15:18) Run:1
    Gestart vanaf C:\Users\Eva\Desktop
    Geladen Profielen: Eva (Beschikbare Profielen: Eva)
    Boot Modus: Normal
    ==============================================


    fixlist inhoud:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=9AE19B72-7E84-4989-A354-9470DF5650BE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP7AEC2CFD-A734-4DC9-8D3F-44055FAF0558&D=080715
    FF DefaultSearchEngine: Trovi
    FF SelectedSearchEngine: Trovi
    EmptyTemp:
    end
    *****************


    Herstelpunt is succesfol gemaakt.
    Proces succesvol afgesloten.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
    Firefox "newtab" is succesvol verwijderd.
    Firefox DefaultSearchEngine is succesvol verwijderd.
    Firefox SelectedSearchEngine is succesvol verwijderd.
    EmptyTemp: => 470.7 MB tijdelijke gegevens verwijderd.




    Het systeem moest herstart worden.


    ==== Eind van Fixlog 13:16:02 ====

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    Sorry, I meant the results of the Malwarebytes scan.

    If there is still a problem with the computer, please follow the instructions below to run an on-line scan from ESET. Note that the scan may take a while so grab a cup or coffee or tea and put your feet up.
    • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
      • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
      • Click the green ESET Online Scanner box.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the Eset Smart Installer icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    Unfortunately I can't find the log anymore, my sister did cleanup her laptop when see needed it for something, but I do know it were 2 registry entries and 1 malware the last time.

    Eset is scanning now.

  10. #10
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    ESET scan result
    C:\Eva\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\NPObject.dll a variant of Win32/Toolbar.Babylon.Q potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\back.js JS/Adware.Yontoo.B application cleaned by deleting
    C:\Eva\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application cleaned by deleting
    C:\Eva\Users\Eva\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\Desktop\BitTorrent-7-8-0-29343.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
    C:\Eva\Users\Eva\Downloads\FreeYouTubeDownload.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted
    C:\Eva\Users\Eva\Downloads\FreeYouTubeToMP3Converter.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted
    C:\Eva\Users\Eva\Downloads\iLividSetup (1).exe Win32/Toolbar.SearchSuite potentially unwanted application deleted
    C:\Eva\Users\Eva\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite potentially unwanted application deleted
    C:\Eva\Users\Eva\Downloads\installer_ccleaner_Dutch.exe Win32/Vittalia.C potentially unwanted application cleaned by deleting
    C:\Users\Eva\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
    E:\Download\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
    E:\Download\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
    E:\Download\FreeYouTubeToMP3Converter.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
    E:\Download\vlc-media-player_setup.exe a variant of Win32/InstallCore.ADX.gen potentially unwanted application cleaned by deleting

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    Thank you. ESET found quit a few additional PUPs (Potentially Unwanted Programs).

    How is the computer now?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #12
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    I wouldn't call VLC & Ccleaner unwanted, but that is the opinion here.

    It has always been normal according to my sister, but she can't tell the difference between normal behaviour and the behaviour with what we started (which was a little very bad).
    From what I can see it looks fine now

  13. #13
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,192
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: infected laptop sister posting from my account

    I don't think those installers have been downloaded from the official websites.

    Google can't find installer_ccleaner_Dutch.exe on piriform.com (click): the name of ccleaner installer is usually something like ccsetup514.exe (actual version); there's anyway in it a toolbar, i don't know if you can skip it, that's probably the problem seen by ESET.
    I don't know if something changes with ccleaner pro.
    Google can't find it also on filehippo.com (its principal and official mirror).

    The same is valid for VLC.
    Google can't find vlc-media-player_setup.exe on videolan.org (click): the name of vlc installer is usually something like vlc-2.2.2-win32.exe (actual version) or vlc-2.2.2-win64.exe (x64 actual version).

  14. #14
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    Actually they have been downloaded from the official site, but they have been renamed to make it easier for my sister.

  15. #15
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    The renaming is probably what set off ESET though, although there are two CC installers listed in the ESET log. I suspect that ccsetup506.exe is the CCleaner Installer which includes an unnecessary toolbar. If she is going to use CCleaner, I recommend using the Slim version. When CCleaner is updated, the Slim version is released within about a week. CCleaner - Build

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  16. #16
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,192
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: infected laptop sister posting from my account

    Quote Originally Posted by axe0 View Post
    Actually they have been downloaded from the official site, but they have been renamed to make it easier for my sister.
    I've tried tonight: it found ccleaner installers, but didn't find vlc installers.

  17. #17
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    Both Ccleaner files are from Piriform downloaded, no extra stuff came with the installation.

    # DelFix v1.011 - Logfile created 11/02/2016 at 21:52:08
    # Updated 18/08/2015 by Xplode
    # Username : Eva - EVA
    # Operating System : Windows 8.1 (64 bits)


    ~ Removing disinfection tools ...


    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\TDSSKiller.3.1.0.9_08.02.2016_15.45.20_log.txt
    Deleted : C:\TDSSKiller.3.1.0.9_08.02.2016_15.46.08_log.txt
    Deleted : C:\TDSSKiller.3.1.0.9_08.02.2016_15.47.31_log.txt
    Deleted : C:\TDSSKiller.3.1.0.9_08.02.2016_15.49.31_log.txt
    Deleted : C:\tdsskiller.exe
    Deleted : C:\Users\Eva\Desktop\Fixlog.txt
    Deleted : C:\Users\Eva\Desktop\FRST64.exe
    Deleted : C:\Users\Eva\Desktop\JRT.txt
    Deleted : C:\Users\Eva\Desktop\SecurityCheck.exe


    ~ Creating registry backup ... OK


    ~ Cleaning system restore ...


    Deleted : RP #77 [Gepland controlepunt | 01/27/2016 02:37:32]
    Deleted : RP #79 [Gepland controlepunt | 02/08/2016 06:39:42]
    Deleted : RP #81 [Restore Point Created by FRST | 02/09/2016 01:15:20]
    Deleted : RP #82 [JRT Pre-Junkware Removal | 02/09/2016 02:16:28]


    New restore point created !


    ########## - EOF - ##########

  18. #18
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,774

    Re: infected laptop sister posting from my account

    Note that there was another update to Firefox today which includes a critical security update. Even though Chrome is shown as the primary browser, it is advisable to get the FF update "just in case".
    axe0 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  19. #19
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,192
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: infected laptop sister posting from my account

    Quote Originally Posted by axe0 View Post
    Both Ccleaner files are from Piriform downloaded, no extra stuff came with the installation.
    Sure?

    infected laptop sister posting from my account-immagine-jpg

    ESET saw this google toolbar like a potentially unwanted program/application (PUP/PUA).

  20. #20
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor

    Join Date
    May 2015
    Location
    The Netherlands
    Age
    21
    Posts
    613
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB &amp; 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24&quot; Liyama ProLite XB2483HSU-B2 &amp; 24&quot; Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: infected laptop sister posting from my account

    I installed it with care so I'm sure.

    You want to prove I'm wrong or something?

Page 1 of 2 12 Last

Similar Threads

  1. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  2. Replies: 0
    Last Post: 08-11-2012, 01:16 AM
  3. Replies: 0
    Last Post: 07-11-2012, 05:12 AM

Log in

Log in