Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 03-08-2016 Gestart door LUC (Beheerder) op LUC-PC (08-08-2016 13:53:28) Gestart vanaf C:\Users\LUC\Downloads Geladen Profielen: LUC & postgres (Beschikbare Profielen: LUC & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser niet gedetecteerd!) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Hercules®) C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Spotify Ltd) C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe () C:\Windows\system\cm106eye.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\cpl2\HDJSeries2CPL.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-09] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-09] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-14] (ELAN Microelectronics Corp.) HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [Hercules DJ Series TrayAgent] => C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-09-25] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-3520410495-254977392-370578606-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-3520410495-254977392-370578606-1000\...\Run: [Spotify Web Helper] => C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-06-29] (Spotify Ltd) HKU\S-1-5-21-3520410495-254977392-370578606-1000\...\Run: [uTorrent] => C:\Users\LUC\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-25] (BitTorrent Inc.) HKU\S-1-5-21-3520410495-254977392-370578606-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation) HKU\S-1-5-21-3520410495-254977392-370578606-1000\...\MountPoints2: {0f99b6a9-31f2-11e4-88eb-50b7c31628fe} - D:\Setup.exe Startup: C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Modern Family S06E17 HDTV x264-LOL [eztv] Torrent - KickassTorrents Proxy.lnk [2015-03-06] ShortcutTarget: Download Modern Family S06E17 HDTV x264-LOL [eztv] Torrent - KickassTorrents Proxy.lnk -> C:\ProgramData\{58083da7-317b-9bf0-5808-83da7317f69c}\Download Modern Family S06E17 HDTV x264-LOL [eztv] Torrent - KickassTorrents Proxy.exe (Geen bestand) Startup: C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-26] ShortcutTarget: Dropbox.lnk -> C:\Users\LUC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-07-14] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C0AB7605-F3EA-46EE-B5B9-9429144B23EE}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3520410495-254977392-370578606-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3520410495-254977392-370578606-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3520410495-254977392-370578606-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-09] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) DPF: HKLM-x32 {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} hxxp://213.126.97.82:8080/webviewer.cab DPF: HKLM-x32 {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} hxxp://213.126.97.82:8080/GVersionMan.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.nl/ CHR StartupUrls: Default -> "","hxxp://www.google.com","hxxps://mysearch.avg.com?cid={431DB294-40A3-45A6-815D-0AC0E88C39E0}&mid=d378f752099e47d0a5ea81fe85f2c10d-749685c9036abc9048f2fb66a45504c270cb5467&lang=nl&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-10 13:18:03&v=3.1.0.6&pid=wtu&sg=&sap=hp","about:newtab?source=home" CHR Profile: C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (AdBlock) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-05] CHR Extension: (AVG Secure Search) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-24] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] ==================== Services (gefilterd) ======================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-25] (Advanced Micro Devices, Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-09] (Atheros Commnucations) [Bestand niet getekend] R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [Bestand niet getekend] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [Bestand niet getekend] R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Bestand niet getekend] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (gefilterd) ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [320816 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-05] (Malwarebytes) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-08-08 13:53 - 2016-08-08 13:54 - 00016887 _____ C:\Users\LUC\Downloads\FRST.txt 2016-08-08 13:52 - 2016-08-08 13:53 - 02393600 _____ (Farbar) C:\Users\LUC\Downloads\FRST64.exe 2016-08-07 22:44 - 2016-08-08 13:53 - 00000000 ____D C:\FRST 2016-08-07 22:41 - 2016-08-07 22:41 - 00029509 _____ C:\Users\LUC\Desktop\zoek-results.txt 2016-08-07 22:41 - 2016-08-07 22:41 - 00000000 ___RD C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-08-07 22:38 - 2016-08-07 21:28 - 00024064 _____ C:\windows\zoek-delete.exe 2016-08-07 21:21 - 2016-08-07 21:21 - 01309184 _____ C:\Users\LUC\Desktop\zoek.exe 2016-08-07 19:22 - 2016-08-07 19:23 - 00000000 ____D C:\rsit 2016-08-07 19:22 - 2016-08-07 19:22 - 01222144 _____ C:\Users\LUC\Downloads\RSITx64.exe 2016-08-05 19:37 - 2016-08-05 19:37 - 00393189 _____ C:\Users\LUC\Downloads\Thomas Kalis 5621097 Master Thesis..pdf 2016-08-05 18:27 - 2016-08-07 14:53 - 00338974 _____ C:\windows\ntbtlog.txt 2016-07-19 12:01 - 2016-07-19 12:02 - 00000000 ____D C:\Users\LUC\Documents\IBM SPSS Statistics v23 x64 2016-07-13 17:42 - 2016-07-13 17:42 - 00000000 ____D C:\Users\LUC\AppData\LocalLow\Blizzard Entertainment ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-08-07 22:49 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-07 22:49 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-07 22:41 - 2014-10-05 21:23 - 00000000 ____D C:\Users\LUC\AppData\Roaming\uTorrent 2016-08-07 22:40 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-07 22:39 - 2015-09-30 21:44 - 00065536 _____ C:\windows\system32\spu_storage.bin 2016-08-07 22:26 - 2015-03-23 12:04 - 00000000 ____D C:\zoek_backup 2016-08-07 21:23 - 2014-09-01 18:01 - 00000000 ____D C:\Users\LUC\AppData\Local\Spotify 2016-08-07 21:20 - 2014-09-01 17:57 - 00000000 ____D C:\Users\LUC\AppData\Roaming\Spotify 2016-08-07 19:22 - 2015-03-21 21:05 - 00000000 ____D C:\Program Files\trend micro 2016-08-07 15:10 - 2014-10-13 19:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-08-07 15:08 - 2015-01-08 13:26 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-08-07 14:41 - 2014-09-01 17:51 - 00000000 ____D C:\Users\LUC\AppData\Local\Google 2016-08-07 14:37 - 2014-09-01 17:51 - 00000000 ____D C:\Users\LUC\AppData\Local\Deployment 2016-08-05 23:37 - 2012-06-21 19:07 - 00745674 _____ C:\windows\system32\perfh013.dat 2016-08-05 23:37 - 2012-06-21 19:07 - 00153594 _____ C:\windows\system32\perfc013.dat 2016-08-05 23:37 - 2009-07-14 07:13 - 01669560 _____ C:\windows\system32\PerfStringBackup.INI 2016-08-05 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf 2016-08-05 23:30 - 2014-09-01 19:04 - 00000000 ____D C:\Users\postgres 2016-08-05 23:15 - 2014-09-01 21:17 - 01643984 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2016-08-05 19:33 - 2014-09-01 17:51 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-05 18:27 - 2014-09-01 17:43 - 00000000 ____D C:\Users\LUC 2016-08-05 18:08 - 2016-03-31 20:17 - 00000000 ____D C:\Program Files (x86)\SitNGo Wizard 2 2016-08-05 18:07 - 2014-10-18 21:28 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-05 18:03 - 2014-09-01 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4 2016-08-05 18:02 - 2016-04-02 11:20 - 00000000 ____D C:\Users\LUC\Desktop\Hearthstone Deck Tracker 2016-08-05 18:02 - 2016-03-02 00:45 - 00000000 ____D C:\Users\LUC\Desktop\Poker 2016-08-05 18:02 - 2015-05-27 21:52 - 00000000 ____D C:\Users\LUC\AppData\Roaming\Battle.net 2016-08-05 18:02 - 2015-04-15 11:41 - 00000000 ___SD C:\windows\system32\GWX 2016-08-05 18:02 - 2014-10-05 21:47 - 00000000 ____D C:\Users\LUC\AppData\Roaming\vlc 2016-08-05 18:02 - 2014-09-01 21:17 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-08-05 18:02 - 2014-09-01 18:00 - 00000000 ____D C:\Users\LUC\AppData\Local\PokerStars.EU 2016-08-05 18:01 - 2015-05-27 22:43 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-08-05 18:01 - 2014-09-01 18:52 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4 2016-08-05 18:01 - 2014-09-01 17:58 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU 2016-08-05 18:01 - 2012-06-21 04:27 - 00000000 ____D C:\ProgramData\WinClon 2016-08-05 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration 2016-08-05 18:00 - 2014-09-01 21:25 - 00000000 __RHD C:\MSOCache 2016-08-05 10:14 - 2015-11-19 16:42 - 00000000 ____D C:\Users\LUC\AppData\Roaming\HearthstoneDeckTracker 2016-07-22 23:13 - 2015-05-27 21:52 - 00000000 ____D C:\Users\LUC\AppData\Local\Battle.net 2016-07-19 14:15 - 2016-02-14 20:22 - 00000000 ____D C:\Users\LUC\Desktop\Thesis 2016 2016-07-19 14:13 - 2016-06-10 21:03 - 00000000 ____D C:\Users\LUC\AppData\Local\javasharedresources 2016-07-17 20:58 - 2014-10-07 19:46 - 00000000 ____D C:\Users\LUC\AppData\Local\CrashDumps ==================== Bestanden in de root van sommige mappen ======= 2014-09-01 18:52 - 2014-09-01 18:52 - 0005044 _____ () C:\ProgramData\flwjycbm.bab Sommige bestanden in TEMP: ==================== C:\Users\LUC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2pic8t.dll ==================== Bamital & volsnap ================= (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\windows\system32\winlogon.exe => Bestand is getekend C:\windows\system32\wininit.exe => Bestand is getekend C:\windows\SysWOW64\wininit.exe => Bestand is getekend C:\windows\explorer.exe => Bestand is getekend C:\windows\SysWOW64\explorer.exe => Bestand is getekend C:\windows\system32\svchost.exe => Bestand is getekend C:\windows\SysWOW64\svchost.exe => Bestand is getekend C:\windows\system32\services.exe => Bestand is getekend C:\windows\system32\User32.dll => Bestand is getekend C:\windows\SysWOW64\User32.dll => Bestand is getekend C:\windows\system32\userinit.exe => Bestand is getekend C:\windows\SysWOW64\userinit.exe => Bestand is getekend C:\windows\system32\rpcss.dll => Bestand is getekend C:\windows\system32\dnsapi.dll => Bestand is getekend C:\windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-07-09 12:06 ==================== Eind van FRST.txt ============================