Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 19-02-2017 Gestart door van la Parra (Beheerder) op DESKTOP-MBM4LER (22-02-2017 11:02:49) Gestart vanaf C:\Users\van la Parra\Downloads Geladen Profielen: van la Parra (Beschikbare Profielen: van la Parra) Platform: Windows 10 Pro Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKTray\AVKTray.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe (G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [PAC207_Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G DATA\TotalProtection\DelayLoader\AutorunDelayLoader.exe [441160 2016-09-15] (G DATA Software AG) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd) HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\RunOnce: [Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-02-08] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21 Tcpip\..\Interfaces\{45fd7784-0ddb-4131-87cc-c675ebba05a4}: [DhcpNameServer] 84.116.46.20 84.116.46.21 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-234901561-1536892485-3164044181-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-234901561-1536892485-3164044181-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nl.yahoo.com/?fr=fp-comodo&type=19_25050030005_52.15.25.663_i_hp SearchScopes: HKU\S-1-5-21-234901561-1536892485-3164044181-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2015-12-16] (RIA) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Edge: ====== Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-28] Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2016-12-28] Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.37.0_neutral__v63j13wrfzj3t [2016-12-28] Edge Extension: (Read&Write for Microsoft Edge™) -> EdgeExtension_texthelpcomReadWriteforMicrosoftEdge_68je7kza8j96w => C:\Program Files\WindowsApps\texthelp.com.ReadWriteforMicrosoftEdge_1.0.0.0_neutral__68je7kza8j96w [2016-12-28] Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2016-12-28] FireFox: ======== FF DefaultProfile: lbfvr4vl.default FF ProfilePath: C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045 [2017-02-22] FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-12-28] FF Extension: (Random Agent Spoofer) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-12-28] FF Extension: (Google™ Translator Lite) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\jid1-f3mYMbCpz2AZYl@jetpack.xpi [2016-12-28] FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\marcoagpinto@mail.telepac.pt [2017-01-31] FF Extension: (Woordenboek Nederlands) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\nl-NL@dictionaries.addons.mozilla.org [2016-12-30] [ niet getekend] FF Extension: (TrafficLight) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\trafficlight@bitdefender.com.xpi [2016-12-28] FF Extension: (uBlock Origin) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20] FF Extension: (YouTube High Definition) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-01-26] FF Extension: (Fake Anime Site Blocker) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\Extensions\{7b92a988-6244-4838-8ab4-290e87c1fa0c}.xpi [2017-02-06] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\yisez0ow.default-1482935430045\features\{cbbf2ce1-f73c-4b08-be05-2c90671a735e}\disableSHA1rollout@mozilla.org.xpi [2017-02-17] FF ProfilePath: C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default [2017-02-21] FF DefaultSearchEngine: Comodo\IceDragon\Profiles\lbfvr4vl.default -> Bing FF Homepage: Comodo\IceDragon\Profiles\lbfvr4vl.default -> hxxps://www.yahoo.com/?fr=fp-comodo&type=25050004003_id_hp FF Extension: (PlugIn-Checker) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi [2016-10-16] FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-24] FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2016-09-24] FF Extension: (Woordenboek Nederlands) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2016-09-30] [ niet getekend] FF Extension: (Clean Links) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-09-24] FF Extension: (Adblock Plus) - C:\Users\van la Parra\AppData\Roaming\Comodo\IceDragon\Profiles\lbfvr4vl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-24] FF Extension: (COMODO SecureBox) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\@csb [2016-12-21] [ niet getekend] FF Extension: (DragAndDrop) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\DnD@comodo.com [2016-12-21] [ niet getekend] FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi FF Extension: (Firefox PKCS11 loader) - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2016-06-30] FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-01-20] FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [Geen bestand] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Open-EID\npesteid-firefox-plugin.dll [2016-01-31] (RIA) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-234901561-1536892485-3164044181-1001: @tools.google.com/Google Update;version=3 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-234901561-1536892485-3164044181-1001: @tools.google.com/Google Update;version=9 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default [2017-02-20] CHR Extension: (Google Slides) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-14] CHR Extension: (Google Docs) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-14] CHR Extension: (Google Drive) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14] CHR Extension: (Rapport) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-12-14] CHR Extension: (YouTube) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14] CHR Extension: (Token signing) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2016-12-14] CHR Extension: (Google Sheets) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-14] CHR Extension: (Google Docs Offline) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-29] CHR Extension: (Yahoo Partner) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2016-12-14] CHR Extension: (HP Network Check Launcher) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-12-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-14] CHR Extension: (Gmail) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-14] CHR Extension: (Chrome Media Router) - C:\Users\van la Parra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14] CHR HKU\S-1-5-21-234901561-1536892485-3164044181-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-234901561-1536892485-3164044181-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [5012616 2016-12-13] (G DATA Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe [984904 2016-09-15] (G DATA Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe [3044496 2016-09-27] (G Data Software AG) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272904 2016-09-29] (Comodo) R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () R3 GDBackupSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [4072264 2016-09-30] (G DATA Software AG) R3 GDFwSvc; C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe [3286120 2016-09-15] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [822600 2016-09-27] (G DATA Software AG) S3 GDTunerSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [2453320 2016-09-15] (G DATA Software AG) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Bestand niet getekend] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [4295320 2016-12-20] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.) R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] () S3 TSNxGService; C:\Program Files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-31] (RaMMicHaeL) S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 atrfiltr; C:\WINDOWS\system32\DRIVERS\atrfiltr.sys [24968 2016-03-08] (Windows (R) Win 7 DDK provider) S3 cxbu1x64; C:\WINDOWS\system32\DRIVERS\cxbu1x64.sys [145016 2014-09-04] ( ) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 DualCoreCenter; C:\BIOSTOOLS\NTGLM7X64.sys [40248 2007-01-10] (MICRO-STAR INT'L CO., LTD.) [Bestand niet getekend] R3 E100B; C:\WINDOWS\System32\drivers\efe5b32e.sys [182656 2016-07-16] (Intel Corporation) R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [180808 2016-10-14] (G Data Software AG) R3 gddcd; C:\WINDOWS\System32\drivers\gddcd64.sys [89160 2016-12-19] (G DATA Software AG) R1 gddcv; C:\WINDOWS\System32\drivers\gddcv64.sys [69192 2016-12-19] (G DATA Software AG) S0 GDElam; C:\WINDOWS\System32\DRIVERS\GDElam.sys [117904 2016-04-21] (G Data Software AG) R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [37400 2016-10-14] (G Data Software AG) R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [30280 2016-10-14] (G DATA Software AG) R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [274400 2016-10-14] (G Data Software AG) R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [105544 2016-10-14] (G Data Software AG) R1 gdwfpcd; C:\WINDOWS\System32\drivers\gdwfpcd64.sys [77384 2016-12-19] (G DATA Software AG) R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [116296 2016-10-15] (G Data Software) R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [153160 2016-12-19] (G Data Software AG) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 PAC207; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.) R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.) R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-18] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.) R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.) R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation) R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [109128 2016-12-19] (G DATA Software AG) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-22 11:02 - 2017-02-22 11:06 - 00026103 _____ C:\Users\van la Parra\Downloads\FRST.txt 2017-02-22 11:02 - 2017-02-22 11:02 - 00000000 ____D C:\FRST 2017-02-22 10:55 - 2017-02-22 10:55 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt 2017-02-22 10:45 - 2017-02-22 11:01 - 02422784 _____ (Farbar) C:\Users\van la Parra\Downloads\FRST64.exe 2017-02-22 08:55 - 2017-02-22 08:55 - 00000000 ____D C:\zoek 2017-02-22 07:41 - 2017-02-22 07:42 - 01309184 _____ C:\Users\van la Parra\Downloads\zoek (2).exe 2017-02-22 07:20 - 2017-02-22 07:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt 2017-02-21 18:54 - 2017-02-22 09:06 - 00003297 _____ C:\runcheck.txt 2017-02-21 18:54 - 2017-02-21 18:54 - 01309184 _____ C:\Users\van la Parra\Downloads\zoek (1).exe 2017-02-21 15:18 - 2017-02-21 16:36 - 00000000 ____D C:\zoek_backup 2017-02-21 15:17 - 2017-02-21 15:17 - 01309184 _____ C:\Users\van la Parra\Downloads\zoek.exe 2017-02-20 17:51 - 2017-02-20 17:51 - 00002638 _____ C:\Users\Public\Desktop\Skype.lnk 2017-02-20 17:51 - 2017-02-20 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-02-20 15:20 - 2017-02-20 15:20 - 00865450 _____ C:\Users\van la Parra\Downloads\Bijlage.pdf 2017-02-19 21:32 - 2017-02-19 21:32 - 00001239 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.6.lnk 2017-02-19 21:32 - 2017-02-19 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility 2017-02-19 21:32 - 2017-02-19 21:32 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility 2017-02-19 21:21 - 2017-02-19 21:21 - 00002524 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK 2017-02-19 21:21 - 2017-02-19 21:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel 2017-02-19 21:21 - 2017-02-19 21:21 - 00000000 ____D C:\Program Files\Intel Driver Update Utility 2017-02-19 21:19 - 2017-02-19 21:19 - 09955696 _____ (Intel) C:\Users\van la Parra\Downloads\Intel Driver Update Utility Installer(2).exe 2017-02-19 21:14 - 2017-02-19 21:14 - 09955696 _____ (Intel) C:\Users\van la Parra\Downloads\Intel Driver Update Utility Installer(1).exe 2017-02-19 21:10 - 2017-02-19 21:10 - 09955696 _____ (Intel) C:\Users\van la Parra\Downloads\Intel Driver Update Utility Installer (1).exe 2017-02-19 20:34 - 2017-02-19 20:34 - 00000000 ___HD C:\$SysReset 2017-02-19 19:08 - 2017-02-19 19:08 - 00000000 ____D C:\Users\van la Parra\Downloads\Intel Components 2017-02-19 18:55 - 2017-02-19 18:55 - 09955696 _____ (Intel) C:\Users\van la Parra\Downloads\Intel Driver Update Utility Installer.exe 2017-02-19 16:18 - 2017-02-19 16:18 - 00062512 _____ C:\Users\van la Parra\Downloads\Financieel jaaroverzicht 2016.pdf 2017-02-19 15:29 - 2017-02-19 15:29 - 00191345 _____ C:\Users\van la Parra\Downloads\ING - Jaaroverzicht 2016 - Hr H Riemersma.pdf 2017-02-19 15:19 - 2017-02-19 15:19 - 00191599 _____ C:\Users\van la Parra\Downloads\ING - Jaaroverzicht 2016 - Hr AA van la Parra.pdf 2017-02-19 15:05 - 2017-02-19 15:05 - 00125522 _____ C:\Users\van la Parra\Downloads\001000VERAFINO0_20170123.PDF 2017-02-16 18:31 - 2017-02-16 18:31 - 00064332 _____ C:\Users\van la Parra\Downloads\Jaaropgaaf 2016.pdf 2017-02-16 18:27 - 2017-02-16 18:29 - 00088465 _____ C:\Users\van la Parra\Downloads\Voorlopigeaanslag2017(1).pdf 2017-02-16 18:19 - 2017-02-16 18:19 - 09261616 _____ (Piriform Ltd) C:\Users\van la Parra\Downloads\ccsetup527.exe 2017-02-16 18:14 - 2017-02-16 18:14 - 00090737 _____ C:\Users\van la Parra\Downloads\Aangiftebriefinkomstenbelasting2016.pdf 2017-02-15 16:23 - 2017-02-15 16:23 - 00070749 _____ C:\Users\van la Parra\Downloads\Terugkoppeling betreffende AA van La Parra.PDF 2017-02-15 10:41 - 2017-02-15 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2017-02-11 14:57 - 2017-02-11 14:58 - 00000000 ____D C:\Users\van la Parra\Downloads\AdbeRdr1010_mui_Std 2017-02-11 14:57 - 2017-02-11 14:57 - 150190654 _____ C:\Users\van la Parra\Downloads\AdbeRdr1010_mui_Std.zip 2017-02-11 14:52 - 2017-02-11 14:52 - 00726863 _____ C:\Users\van la Parra\Downloads\img018.pdf 2017-02-11 14:52 - 2017-02-11 14:52 - 00711022 _____ C:\Users\van la Parra\Downloads\img017.pdf 2017-02-11 13:00 - 2017-02-11 13:13 - 00032768 _____ C:\WINDOWS\SysWOW64\꾘h儠i( 2017-02-09 22:02 - 2017-02-09 22:02 - 00245472 _____ C:\Users\van la Parra\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-09 18:37 - 2017-02-09 18:37 - 00012476 _____ C:\Users\van la Parra\Downloads\advanced-lesson-phone-practice-1.zip 2017-02-09 18:37 - 2017-02-09 18:37 - 00000000 ____D C:\Users\van la Parra\Downloads\advanced-lesson-phone-practice-1 2017-02-09 18:21 - 2017-02-09 18:21 - 00000000 ____D C:\Users\van la Parra\Downloads\ling-6-sound-screen-assembly-instructions 2017-02-09 18:20 - 2017-02-09 18:21 - 01441879 _____ C:\Users\van la Parra\Downloads\ling-6-sound-screen-assembly-instructions.zip 2017-02-08 23:02 - 2017-02-08 23:02 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2017-02-08 23:02 - 2017-02-08 23:02 - 00000000 ____D C:\Program Files (x86)\Secunia 2017-02-08 23:01 - 2017-02-08 23:01 - 04002104 _____ (Secunia) C:\Users\van la Parra\Downloads\PSISetup.exe 2017-02-08 23:01 - 2017-02-08 23:01 - 00000000 ____D C:\Program Files\Flexera Software 2017-02-08 22:59 - 2017-02-08 23:00 - 01959144 _____ (Flexera Software) C:\Users\van la Parra\Downloads\SC2012_CSI7PluginSetupx64.exe 2017-02-04 13:00 - 2017-02-04 13:07 - 00032768 _____ C:\WINDOWS\SysWOW64\먐÷ø! 2017-02-03 20:10 - 2017-02-03 20:10 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-03 20:10 - 2017-02-03 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-03 15:07 - 2017-02-03 15:08 - 286264048 _____ C:\Users\van la Parra\Downloads\EmsisoftEmergencyKit(2).exe 2017-02-01 14:19 - 2017-02-01 14:19 - 00159782 _____ C:\Users\van la Parra\Downloads\Herinnering (relatienummer 94245676).pdf 2017-02-01 13:18 - 2017-02-01 13:18 - 01098108 _____ C:\Users\van la Parra\Downloads\Zephyr_Instr_Dutch-F.pdf 2017-01-28 13:00 - 2017-01-28 13:12 - 00032768 _____ C:\WINDOWS\SysWOW64\孰š㇨œ) 2017-01-27 19:22 - 2017-01-27 19:22 - 02001544 _____ C:\Users\van la Parra\Downloads\pc-decrapifier-3.0.1.exe 2017-01-27 16:07 - 2017-01-28 09:30 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-27 15:35 - 2017-02-11 13:15 - 00000344 _____ C:\DelFix.txt 2017-01-25 09:19 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 09:19 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-22 11:01 - 2016-05-04 22:00 - 00000000 ____D C:\Users\van la Parra\AppData\Roaming\Skype 2017-02-22 10:57 - 2016-11-17 19:20 - 00000000 ____D C:\Users\van la Parra\AppData\LocalLow\Mozilla 2017-02-22 10:55 - 2016-09-23 09:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-22 10:54 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-22 10:53 - 2016-09-23 08:54 - 00000000 ____D C:\Users\van la Parra 2017-02-22 08:24 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-02-22 07:47 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-22 07:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-21 23:37 - 2016-07-16 18:22 - 00000000 ____D C:\Users\van la Parra\AppData\Local\ElevatedDiagnostics 2017-02-21 18:40 - 2016-08-30 14:55 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-02-21 14:40 - 2016-09-23 08:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-20 17:51 - 2016-08-29 07:58 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-20 17:51 - 2016-05-04 22:15 - 00000000 ____D C:\ProgramData\Unchecky 2017-02-20 17:51 - 2016-05-04 22:00 - 00000000 ____D C:\ProgramData\Skype 2017-02-19 21:33 - 2016-05-17 22:58 - 00000000 ____D C:\Program Files\Intel 2017-02-19 12:55 - 2016-12-19 22:30 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2017-02-18 23:04 - 2016-05-04 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging 2017-02-18 23:00 - 2016-09-17 10:48 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-18 22:56 - 2016-05-06 21:45 - 00000000 ____D C:\EEK 2017-02-18 18:52 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-18 13:07 - 2016-09-24 17:05 - 00000000 __SHD C:\#GDATA.Recovery.Data# 2017-02-16 18:21 - 2016-05-04 22:13 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-16 15:00 - 2016-05-04 14:57 - 00000000 ____D C:\Users\van la Parra\AppData\Local\Packages 2017-02-15 15:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-15 15:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-15 15:50 - 2016-05-17 14:27 - 00000000 ____D C:\Users\van la Parra\AppData\Local\Adobe 2017-02-15 10:41 - 2016-11-05 10:57 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-02-15 10:41 - 2016-11-05 10:27 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2017-02-12 15:12 - 2016-05-24 10:30 - 00000000 ____D C:\Users\van la Parra\AppData\Roaming\vlc 2017-02-11 12:34 - 2016-10-20 22:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-11 12:34 - 2016-09-24 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-09 22:04 - 2016-09-24 16:13 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-09 22:04 - 2016-09-24 16:13 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-09 10:58 - 2016-12-29 15:30 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-02-09 10:58 - 2016-12-29 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2017-02-06 23:14 - 2016-11-17 15:27 - 00002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 23:14 - 2016-11-17 15:27 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 12:57 - 2016-05-14 11:16 - 00000000 ____D C:\Users\van la Parra\AppData\Roaming\HpUpdate 2017-02-03 20:10 - 2016-05-22 18:45 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-03 14:46 - 2016-08-13 12:39 - 00001998 _____ C:\Users\Public\Desktop\DigiDoc3 crypto.lnk 2017-02-03 14:46 - 2016-08-13 12:39 - 00001036 _____ C:\Users\Public\Desktop\DigiDoc3 client.lnk 2017-02-03 14:46 - 2016-08-13 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-card 2017-02-03 14:46 - 2016-08-13 12:39 - 00000000 ____D C:\Program Files (x86)\Open-EID 2017-01-28 09:29 - 2016-05-04 15:01 - 00002404 _____ C:\Users\van la Parra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-28 09:29 - 2016-05-04 15:01 - 00000000 ___RD C:\Users\van la Parra\OneDrive 2017-01-27 15:49 - 2016-08-13 12:39 - 00001021 _____ C:\Users\Public\Desktop\ID-card utility.lnk 2017-01-27 15:49 - 2016-08-13 12:37 - 00000000 ____D C:\Program Files\Open-EID 2017-01-25 09:26 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp ==================== Bestanden in de root van sommige mappen ======= 2016-08-28 14:47 - 2016-08-28 14:47 - 0000000 _____ () C:\Users\van la Parra\AppData\Roaming\gdfw.log 2016-08-28 14:47 - 2016-09-24 15:46 - 0003116 _____ () C:\Users\van la Parra\AppData\Roaming\gdscan.log 2016-12-21 22:50 - 2016-12-21 04:06 - 2626976 _____ (COMODO) C:\Users\van la Parra\AppData\Roaming\temp~ccavstart.exe 2016-12-21 22:50 - 2016-12-21 04:07 - 3882672 _____ (Terra Informatica Software, Inc.) C:\Users\van la Parra\AppData\Roaming\temp~cmdhtml.dll Sommige bestanden in TEMP: ==================== 2017-02-21 18:54 - 2017-02-22 07:43 - 0476672 _____ () C:\Users\van la Parra\AppData\Local\Temp\7za.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0020480 _____ (E Dev) C:\Users\van la Parra\AppData\Local\Temp\DaS_21.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0388608 _____ (Trend Micro Inc.) C:\Users\van la Parra\AppData\Local\Temp\hijackthis.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0030720 _____ (NirSoft) C:\Users\van la Parra\AppData\Local\Temp\NirCmd.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0256512 _____ () C:\Users\van la Parra\AppData\Local\Temp\PEVZ.EXE 2017-02-21 18:54 - 2017-02-22 07:43 - 0069632 _____ () C:\Users\van la Parra\AppData\Local\Temp\remove.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0098816 _____ () C:\Users\van la Parra\AppData\Local\Temp\sed.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0057344 _____ (Optimum X) C:\Users\van la Parra\AppData\Local\Temp\shortcut.exe 2017-02-18 22:40 - 2017-02-20 17:25 - 56756184 _____ (Skype Technologies S.A.) C:\Users\van la Parra\AppData\Local\Temp\SkypeSetup.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0161792 _____ (SteelWerX) C:\Users\van la Parra\AppData\Local\Temp\swreg.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0217088 _____ (SteelWerX) C:\Users\van la Parra\AppData\Local\Temp\swxcacls.exe 2017-02-20 17:37 - 2017-02-20 17:37 - 14456872 _____ (Microsoft Corporation) C:\Users\van la Parra\AppData\Local\Temp\vc_redist.x86.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0154232 _____ (Noël Danjou) C:\Users\van la Parra\AppData\Local\Temp\wget.exe 2017-02-21 18:54 - 2017-02-22 07:43 - 0024064 _____ () C:\Users\van la Parra\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-19 10:46 ==================== Eind van FRST.txt ============================