Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 21-12-2016 Gestart door Magic Tom (Beheerder) op ONS_LAPTOPKE (01-01-2017 16:15:05) Gestart vanaf C:\Users\Magic Tom\Downloads Geladen Profielen: Magic Tom (Beschikbare Profielen: Schattie & Magic Tom & DefaultAppPool) Platform: Microsoft Windows 10 Home Versie 1511 (X86) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\ACER\Mobility Center\MobilityService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [61640 2016-11-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1803576 2015-11-26] (NVIDIA Corporation) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-08] (DivX, LLC) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3519144 2015-08-12] (Synaptics Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-25] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-01-03] (Arachnoid Biometrics Identification Group Corp.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung) HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3376832 2016-06-22] (Disc Soft Ltd) HKU\S-1-5-21-126822462-2923299525-1815723027-1004\...\MountPoints2: {edac8826-9510-11e4-b15a-00a0d1ab5635} - "G:\setup.exe" HKU\S-1-5-21-126822462-2923299525-1815723027-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [792064 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-29] (Egis Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 195.130.130.134 195.130.131.134 Tcpip\..\Interfaces\{81ad85c9-8fe8-4f22-ba69-7f9cad71a1b5}: [DhcpNameServer] 195.130.130.134 195.130.131.134 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-126822462-2923299525-1815723027-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-126822462-2923299525-1815723027-1004 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-126822462-2923299525-1815723027-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-126822462-2923299525-1815723027-1004 -> {19C5EEDF-C3DC-498B-8E1C-D37F5BD2CC8C} URL = SearchScopes: HKU\S-1-5-21-126822462-2923299525-1815723027-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-126822462-2923299525-1815723027-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-16] (Oracle Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-29] (Egis) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-16] (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29] (Egis Incorporated.) DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: t99ucohg.default FF ProfilePath: C:\Users\Magic Tom\AppData\Roaming\TomTom\HOME\Profiles\5mdzblw9.default [2015-12-23] FF Extension: (Emulator) - C:\Users\Magic Tom\AppData\Roaming\TomTom\HOME\Profiles\5mdzblw9.default\Extensions\Navcore.8.010.9369@tomtom.com [2015-06-11] [niet getekend] FF Extension: (Emulator) - C:\Users\Magic Tom\AppData\Roaming\TomTom\HOME\Profiles\5mdzblw9.default\Extensions\Navcore.8.016.9380@tomtom.com [2013-07-20] [niet getekend] FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-23] [niet getekend] FF ProfilePath: C:\Users\Magic Tom\AppData\Roaming\Mozilla\Firefox\Profiles\t99ucohg.default [2017-01-01] FF Extension: (Belgium eID) - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2013-07-20] [niet getekend] FF HKLM\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-21] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [Geen bestand] FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-08-08] (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [Geen bestand] FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Geen bestand] FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Geen bestand] Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms} CHR DefaultSearchKeyword: Default -> Avira CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en CHR Profile: C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default [2017-01-01] CHR Extension: (Avira Browser Safety) - C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-13] CHR Extension: (AdBlock) - C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-01] CHR Extension: (Avira SafeSearch Plus) - C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-12-31] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Chrome Media Router) - C:\Users\Magic Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-25] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1138368 2016-06-22] (Disc Soft Ltd) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [Bestand niet getekend] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [Bestand niet getekend] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [Bestand niet getekend] R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) [Bestand niet getekend] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [208552 2015-08-12] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R0 AlfaFF; C:\WINDOWS\System32\Drivers\AlfaFF.sys [43184 2009-01-03] (Alfa Corporation) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [15968 2013-06-07] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [24832 2013-09-12] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-02-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-06-10] (Avira Operations GmbH & Co. KG) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 DrmCAudio; C:\WINDOWS\System32\drivers\DrmCAudio.sys [23096 2009-03-02] (Windows (R) Codename Longhorn DDK provider) S3 DrmCVideo; C:\WINDOWS\System32\DRIVERS\DrmCVideo.sys [3768 2009-03-02] (Windows (R) 2000 DDK provider) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-08-25] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-08-25] (Disc Soft Ltd) R3 itecir; C:\WINDOWS\system32\DRIVERS\itecir.sys [65640 2013-07-30] (ITE Tech. Inc. ) R3 L1E; C:\WINDOWS\System32\drivers\L1E62x86.sys [55296 2015-10-30] (Atheros Communications, Inc.) S3 MusCAudio; C:\WINDOWS\System32\drivers\MusCAudio.sys [23096 2008-11-11] (Windows (R) Codename Longhorn DDK provider) S3 MusCVideo; C:\WINDOWS\System32\DRIVERS\MusCVideo.sys [3768 2008-11-11] (Windows (R) 2000 DDK provider) R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7523840 2013-07-30] (Intel Corporation) S3 NETwNv32; C:\WINDOWS\System32\DRIVERS\NETwNv32.sys [7346176 2013-07-07] (Intel Corporation) S3 pmkbdfltr; C:\WINDOWS\System32\DRIVERS\pmkbdfltr.sys [15248 2012-08-06] (PenMount) [Bestand niet getekend] R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-08-12] (Synaptics Incorporated) S3 vhidmini; C:\WINDOWS\System32\DRIVERS\ITEhidCIR.sys [17952 2013-07-07] (ITE Tech. Inc. ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation) S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81704 2008-05-26] (CyberLink) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation) U3 idsvc; geen ImagePath ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Gemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-01-01 16:15 - 2017-01-01 16:15 - 00020963 _____ C:\Users\Magic Tom\Downloads\FRST.txt 2017-01-01 16:14 - 2017-01-01 16:15 - 00000000 ____D C:\FRST 2017-01-01 16:14 - 2017-01-01 16:14 - 01762816 _____ (Farbar) C:\Users\Magic Tom\Downloads\FRST.exe 2016-12-31 18:03 - 2016-12-31 18:18 - 08803648 _____ (Piriform Ltd) C:\Users\Magic Tom\Downloads\ccsetup525.exe 2016-12-31 16:35 - 2016-12-31 18:13 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2016-12-31 16:35 - 2016-12-31 16:35 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-12-31 16:35 - 2016-12-31 16:35 - 00002192 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-12-31 16:35 - 2016-12-31 16:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-12-31 16:35 - 2016-12-31 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-12-31 16:35 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2016-12-31 15:42 - 2016-12-31 15:42 - 00000000 ____D C:\rsit 2016-12-25 13:35 - 2016-12-25 13:35 - 00001171 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2016-12-25 13:02 - 2016-12-25 13:11 - 00524288 ___SH C:\Users\Magic Tom\ntuser.dat{4ea85e5d-ca96-11e6-93f1-00a0d1ab5635}.TMContainer00000000000000000002.regtrans-ms 2016-12-25 13:02 - 2016-12-25 13:11 - 00524288 ___SH C:\Users\Magic Tom\ntuser.dat{4ea85e5d-ca96-11e6-93f1-00a0d1ab5635}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 13:02 - 2016-12-25 13:11 - 00065536 ___SH C:\Users\Magic Tom\ntuser.dat{4ea85e5d-ca96-11e6-93f1-00a0d1ab5635}.TM.blf 2016-12-25 13:01 - 2016-12-25 13:03 - 00524288 ___SH C:\WINDOWS\system32\config\drivers{de9bcd66-ca99-11e6-93f0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 2016-12-25 13:01 - 2016-12-25 13:03 - 00524288 ___SH C:\WINDOWS\system32\config\drivers{de9bcd66-ca99-11e6-93f0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 13:01 - 2016-12-25 13:03 - 00065536 ___SH C:\WINDOWS\system32\config\drivers{de9bcd66-ca99-11e6-93f0-806e6f6e6963}.TM.blf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-12-31 18:19 - 2011-03-19 13:48 - 00001038 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-31 18:17 - 2015-10-30 06:13 - 28573696 _____ C:\WINDOWS\system32\config\components 2016-12-31 18:17 - 2015-10-30 06:13 - 00000000 ____D C:\WINDOWS\system32\config 2016-12-31 18:14 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-31 18:02 - 2016-04-25 18:22 - 03932160 ___SH C:\Users\Schattie\ntuser.dat 2016-12-31 18:02 - 2009-03-09 16:36 - 00262144 _____ C:\Users\Public\NTUSER.DAT 2016-12-31 18:02 - 2009-03-09 16:36 - 00262144 _____ C:\Users\Gebruiker\NTUSER.DAT 2016-12-31 17:02 - 2016-04-25 18:22 - 00000000 ____D C:\Users\Magic Tom\AppData\Local 2016-12-31 17:02 - 2015-10-30 06:48 - 00000000 __SHD C:\WINDOWS\Installer 2016-12-31 17:02 - 2013-03-03 08:56 - 00000000 __SHD C:\Config.Msi 2016-12-31 16:57 - 2015-10-30 06:13 - 00000000 ___RD C:\Program Files 2016-12-31 16:57 - 2009-07-14 03:37 - 00000000 ____D C:\WINDOWS\Tasks 2016-12-31 16:42 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-31 16:38 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF 2016-12-31 16:37 - 2009-01-03 00:59 - 00000000 _____ C:\WINDOWS\system32\LogConfigTemp.xml 2016-12-31 16:36 - 2016-04-25 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-31 16:36 - 2015-08-12 09:05 - 268435456 ___SH C:\swapfile.sys 2016-12-31 16:36 - 2009-01-03 07:24 - 3219128320 ___SH C:\pagefile.sys 2016-12-31 16:35 - 2015-10-30 06:48 - 00000000 ___SD C:\ProgramData\Microsoft 2016-12-31 16:35 - 2015-10-30 06:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs 2016-12-31 16:35 - 2015-10-30 06:48 - 00000000 ___HD C:\ProgramData 2016-12-31 16:35 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\Tasks 2016-12-31 16:35 - 2015-10-30 06:13 - 67371008 _____ C:\WINDOWS\system32\config\SOFTWARE 2016-12-31 16:35 - 2015-10-30 06:13 - 15990784 _____ C:\WINDOWS\system32\config\SYSTEM 2016-12-31 16:35 - 2015-10-30 06:13 - 01048576 ___SH C:\WINDOWS\system32\config\BBI 2016-12-31 16:35 - 2015-10-30 06:13 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT 2016-12-31 16:35 - 2015-10-30 06:13 - 00049152 _____ C:\WINDOWS\system32\config\SECURITY 2016-12-31 16:35 - 2015-10-30 06:13 - 00000000 ____D C:\WINDOWS\System32 2016-12-31 16:35 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Desktop 2016-12-31 15:44 - 2015-10-30 06:13 - 06029312 _____ C:\WINDOWS\system32\config\drivers 2016-12-31 15:43 - 2016-04-25 18:21 - 00006584 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-31 15:43 - 2015-10-30 16:03 - 01116344 _____ C:\WINDOWS\system32\perfh013.dat 2016-12-31 15:43 - 2015-10-30 16:03 - 00256886 _____ C:\WINDOWS\system32\perfc013.dat 2016-12-31 15:43 - 2015-10-30 06:49 - 00874352 _____ C:\WINDOWS\system32\perfh009.dat 2016-12-31 15:43 - 2015-10-30 06:49 - 00224962 _____ C:\WINDOWS\system32\perfc009.dat 2016-12-31 15:42 - 2012-08-06 15:23 - 00000000 ____D C:\Program Files\Trend Micro 2016-12-31 15:28 - 2016-04-25 18:22 - 00000000 ____D C:\Users\Schattie\AppData\Local\Temp 2016-12-30 19:21 - 2016-05-02 23:11 - 00093361 ____H C:\Users\Schattie\AppData\Local\IconCache.db 2016-12-30 19:19 - 2013-08-04 22:05 - 00000000 ____D C:\Users\Schattie\AppData\Local\Diagnostics 2016-12-25 13:35 - 2016-08-23 22:50 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-25 13:35 - 2016-04-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-12-25 13:33 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\drivers 2016-12-25 13:31 - 2016-09-06 23:16 - 00024640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2016-12-25 13:31 - 2016-05-24 18:57 - 00152816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-12-25 13:31 - 2016-05-24 18:57 - 00124552 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-12-25 13:02 - 2016-04-25 18:22 - 00000000 ____D C:\Users\Magic Tom 2016-12-25 13:02 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\config\TxR 2016-12-25 13:01 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\wbem 2016-12-25 13:00 - 2016-06-25 23:02 - 00262144 ___SH C:\Users\DefaultAppPool\ntuser.dat 2016-12-25 13:00 - 2016-06-25 23:02 - 00000000 ____D C:\Users\DefaultAppPool 2016-12-25 13:00 - 2016-04-25 18:22 - 00000000 ____D C:\Users\Schattie 2016-12-25 13:00 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\catroot2 2016-12-25 13:00 - 2013-07-20 13:40 - 00000000 ___RD C:\Users\Magic Tom\Desktop 2016-12-25 13:00 - 2013-06-27 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2016-12-25 13:00 - 2013-06-27 20:32 - 00000000 ____D C:\Program Files\DivX 2016-12-25 13:00 - 2013-06-27 20:32 - 00000000 ____D C:\Program Files\Common Files\DivX Shared 2016-12-25 13:00 - 2013-06-20 20:04 - 00000000 ____D C:\ProgramData\DivX 2016-12-25 13:00 - 2011-03-19 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-12-25 13:00 - 2009-08-27 19:45 - 00000000 ____D C:\Program Files\CCleaner 2016-12-25 12:57 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-25 12:50 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\registration 2016-12-25 12:50 - 2015-10-30 06:13 - 00000000 ____D C:\WINDOWS\system32\DriverStore 2016-12-25 12:50 - 2012-12-30 21:30 - 00000000 ____D C:\Users\Magic Tom\AppData\Roaming\DivX 2016-12-25 12:49 - 2012-12-30 20:59 - 00000000 ____D C:\Users\Magic Tom\AppData\Local\Google 2016-12-25 12:45 - 2001-01-12 09:28 - 00000000 __SHD C:\System Volume Information 2016-12-25 12:41 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness ==================== Bestanden in de root van sommige mappen ======= 2012-12-30 21:30 - 2011-09-26 21:59 - 0002299 _____ () C:\Users\Magic Tom\AppData\Roaming\acervcmtmp.ini 2012-12-30 21:30 - 2010-03-06 15:27 - 0000025 _____ () C:\Users\Magic Tom\AppData\Roaming\bdfvconp.ini 2012-12-30 21:30 - 2014-02-01 10:00 - 0001051 _____ () C:\Users\Magic Tom\AppData\Roaming\default.pls 2013-06-21 07:59 - 2013-06-21 07:59 - 0000005 _____ () C:\Users\Magic Tom\AppData\Roaming\WBPU-Q2-TTL.DAT 2013-06-20 21:59 - 2013-06-24 21:11 - 0000005 _____ () C:\Users\Magic Tom\AppData\Roaming\WBPU-TTL.DAT 2016-03-31 21:38 - 2016-03-31 21:39 - 0004608 _____ () C:\Users\Magic Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-25 18:19 - 2016-04-25 18:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-05-23 19:56 ==================== Eind van FRST.txt ============================