Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 23-04-2017 01 Gestart door Rudi (Beheerder) op RUDI-PC (24-04-2017 13:11:25) Gestart vanaf C:\Users\Rudi\Downloads Geladen Profielen: Rudi (Beschikbare Profielen: Rudi) Platform: Windows 7 Professional N Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Ozmo Inc) C:\Program Files\Ozmo Devices\ozwpansvc.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dropbox, Inc.) C:\Users\Rudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Primax Electronics Ltd.) C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Dropbox, Inc.) C:\Users\Rudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-11-30] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PelAstro] => C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe [65536 2011-01-14] (Primax Electronics Ltd.) HKLM-x32\...\Run: [HPMonitor] => C:\Program Files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe [99328 2011-04-27] (Hewlett-Packard) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] () HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\...\Run: [Dropbox Update] => C:\Users\Rudi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.) HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudi\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.) Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Startup\Dropbox.lnk [2017-04-20] ShortcutTarget: Dropbox.lnk -> C:\Users\Rudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Startup\Inktwaarschuwingen controleren - HP Deskjet 1510 series.lnk [2017-04-24] ShortcutTarget: Inktwaarschuwingen controleren - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.3 195.130.130.3 Tcpip\..\Interfaces\{6622DB79-7F42-44A5-852E-59B9984D4919}: [DhcpNameServer] 195.130.131.3 195.130.130.3 Tcpip\..\Interfaces\{856DEB36-0297-415F-85B3-B839C0C1ACB9}: [DhcpNameServer] 195.130.131.3 195.130.130.3 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_00548d89_1201_1403_20160516_BE_ie_sp_ SearchScopes: HKU\S-1-5-21-3460383440-3824553181-3943810373-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3460383440-3824553181-3943810373-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_00548d89_1201_1403_20160516_BE_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-16] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-16] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\2kbomczq.default [2017-04-24] FF NewTab: Mozilla\Firefox\Profiles\2kbomczq.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_00548d89_1201_1403_20160516_BE_ff_nt_ FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\2kbomczq.default -> Amazon FF Homepage: Mozilla\Firefox\Profiles\2kbomczq.default -> hxxp://www.nieuwsblad.be/ FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\2kbomczq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-06-19] FF Extension: (Adblock Plus) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\2kbomczq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\2kbomczq.default\features\{7927c3fa-9f15-4803-b938-8b369d5a0747}\disable-cert-transparency@mozilla.org.xpi [2017-04-19] FF Extension: (Disable Prefetch) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\2kbomczq.default\features\{7927c3fa-9f15-4803-b938-8b369d5a0747}\disable-prefetch@mozilla.org.xpi [2017-04-19] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] () FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-16] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__ CHR StartupUrls: Default -> "hxxp://www.google.com" CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms} CHR DefaultSearchKeyword: Default -> amazon CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default [2017-04-19] CHR Extension: (Google Documenten) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23] CHR Extension: (Google Drive) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23] CHR Extension: (YouTube) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23] CHR Extension: (Google Search) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23] CHR Extension: (Offline Documenten) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-31] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28] CHR Extension: (Gmail) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23] CHR Extension: (Chrome Media Router) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28] CHR HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3460383440-3824553181-3943810373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487432 2017-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487432 2017-03-23] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519136 2017-03-23] (Avira Operations GmbH & Co. KG) R2 AstroS; C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe [172032 2010-12-01] () [Bestand niet getekend] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG) R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 ozwpansvc; C:\Program Files\Ozmo Devices\ozwpansvc.exe [77080 2011-04-30] (Ozmo Inc) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [44672 2014-04-24] (Advanced Card Systems Ltd) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG) S3 HPMoA907; C:\Windows\System32\DRIVERS\HPMoA907.sys [25088 2011-01-14] (TPMX Electronics Ltd.) S3 HPubA907; C:\Windows\System32\Drivers\HPubA907.sys [19456 2011-01-27] (TPMX Electronics Ltd.) R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [106880 2011-04-30] (Ozmo Inc) R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-10-07] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-04-24 13:11 - 2017-04-24 13:12 - 00021568 _____ C:\Users\Rudi\Downloads\FRST.txt 2017-04-24 13:10 - 2017-04-24 13:11 - 00000000 ____D C:\FRST 2017-04-24 13:09 - 2017-04-24 13:09 - 02426368 _____ (Farbar) C:\Users\Rudi\Downloads\FRST64.exe 2017-04-24 13:09 - 2017-04-24 13:09 - 01767936 _____ (Farbar) C:\Users\Rudi\Downloads\FRST.exe 2017-04-21 20:18 - 2017-04-21 20:18 - 00118922 _____ C:\Users\Rudi\Downloads\bbq2017.pdf 2017-04-20 21:13 - 2017-04-20 21:13 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-04-20 17:10 - 2017-04-20 17:10 - 01309184 _____ C:\Users\Rudi\Downloads\zoek.exe 2017-04-20 13:15 - 2017-04-20 13:15 - 01309184 _____ C:\Users\Rudi\Downloads\zoek(1).exe 2017-04-19 22:13 - 2017-04-19 22:14 - 00067936 _____ C:\Users\Rudi\Downloads\BE71755428363369_2016_013.pdf 2017-04-19 14:58 - 2017-04-19 14:58 - 29841736 _____ (SUPERAntiSpyware) C:\Users\Rudi\Downloads\SUPERAntiSpyware.exe 2017-04-19 14:26 - 2017-04-19 14:26 - 60107896 _____ (Malwarebytes ) C:\Users\Rudi\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-04-19 14:23 - 2017-04-19 14:23 - 04999008 _____ (TeamViewer) C:\Users\Rudi\Downloads\quicksupportnl.exe 2017-04-10 13:43 - 2017-04-10 13:43 - 00195641 _____ C:\Users\Rudi\Downloads\prijslijstdforcemtbalu.pdf 2017-04-07 18:34 - 2017-04-07 18:34 - 00472344 _____ C:\Windows\Minidump\040717-22152-01.dmp 2017-04-07 18:21 - 2017-04-07 18:21 - 00472344 _____ C:\Windows\Minidump\040717-22027-01.dmp 2017-04-06 14:48 - 2017-04-06 14:48 - 00022350 _____ C:\Users\Rudi\Downloads\20161006070133063004.pdf 2017-04-06 14:48 - 2017-04-06 14:48 - 00021167 _____ C:\Users\Rudi\Downloads\20161001070032003337.pdf 2017-04-06 14:48 - 2017-04-06 14:48 - 00020829 _____ C:\Users\Rudi\Downloads\20170406070152176670.pdf 2017-04-06 14:47 - 2017-04-06 14:47 - 00020762 _____ C:\Users\Rudi\Downloads\20160917070017002436.pdf 2017-04-06 14:46 - 2017-04-06 14:46 - 00020963 _____ C:\Users\Rudi\Downloads\20160514070045003025.pdf 2017-04-06 14:46 - 2017-04-06 14:46 - 00020719 _____ C:\Users\Rudi\Downloads\20160605121801051216.pdf 2017-04-06 14:44 - 2017-04-06 14:44 - 00020958 _____ C:\Users\Rudi\Downloads\20160510070047004501.pdf 2017-04-06 14:43 - 2017-04-06 14:43 - 00022326 _____ C:\Users\Rudi\Downloads\20160406074853068510.pdf 2017-04-06 14:43 - 2017-04-06 14:43 - 00021907 _____ C:\Users\Rudi\Downloads\20160405070136000637.pdf 2017-04-06 14:42 - 2017-04-06 14:42 - 00022601 _____ C:\Users\Rudi\Downloads\20160204084255068070(1).pdf 2017-04-06 14:41 - 2017-04-06 14:41 - 00022601 _____ C:\Users\Rudi\Downloads\20160204084255068070.pdf 2017-04-06 14:41 - 2017-04-06 14:41 - 00021495 _____ C:\Users\Rudi\Downloads\20160122070031001946.pdf 2017-04-06 14:40 - 2017-04-06 14:40 - 00023511 _____ C:\Users\Rudi\Downloads\20160107084133085432.pdf 2017-04-06 14:40 - 2017-04-06 14:40 - 00020742 _____ C:\Users\Rudi\Downloads\20160101121359053144.pdf 2017-04-06 14:39 - 2017-04-06 14:39 - 00021850 _____ C:\Users\Rudi\Downloads\20151219070013001686.pdf 2017-04-06 14:39 - 2017-04-06 14:39 - 00020991 _____ C:\Users\Rudi\Downloads\20151208070023002523.pdf 2017-04-06 14:38 - 2017-04-06 14:38 - 00020651 _____ C:\Users\Rudi\Downloads\20151105081129052061.pdf 2017-04-06 14:37 - 2017-04-06 14:37 - 00022224 _____ C:\Users\Rudi\Downloads\20151009070028000423.pdf 2017-04-06 14:35 - 2017-04-06 14:35 - 00022407 _____ C:\Users\Rudi\Downloads\20151006103703066771.pdf 2017-04-06 14:35 - 2017-04-06 14:35 - 00022258 _____ C:\Users\Rudi\Downloads\20150704075317064959.pdf 2017-04-06 14:34 - 2017-04-06 14:34 - 00020979 _____ C:\Users\Rudi\Downloads\20150519070028003681.pdf 2017-04-06 14:34 - 2017-04-06 14:34 - 00020722 _____ C:\Users\Rudi\Downloads\20150604090107052837.pdf 2017-04-06 14:33 - 2017-04-06 14:33 - 00020963 _____ C:\Users\Rudi\Downloads\20150509070010004259.pdf 2017-04-06 14:30 - 2017-04-06 14:30 - 00022246 _____ C:\Users\Rudi\Downloads\20150408122213072642.pdf 2017-04-04 21:46 - 2017-04-04 21:46 - 00472344 _____ C:\Windows\Minidump\040417-21668-01.dmp 2017-04-03 22:08 - 2017-04-03 22:08 - 00472344 _____ C:\Windows\Minidump\040317-23446-01.dmp 2017-03-29 22:59 - 2017-03-29 22:59 - 00215258 _____ C:\Users\Rudi\Downloads\Ontslagbriefnaarclub (BB)(2).pdf 2017-03-28 13:21 - 2017-04-04 23:29 - 00012693 _____ C:\Users\Rudi\Documents\kine deconventie#2.xlsx 2017-03-26 23:47 - 2017-03-26 23:47 - 00323710 _____ C:\Users\Rudi\Downloads\CSI Leuven-facial recognition from DNA.pdf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-04-24 13:03 - 2016-11-18 14:42 - 00000000 ____D C:\Users\Rudi\AppData\LocalLow\Mozilla 2017-04-24 12:58 - 2009-07-14 06:50 - 00028368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-24 12:58 - 2009-07-14 06:50 - 00028368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-24 12:53 - 2014-04-21 14:42 - 00000000 ____D C:\Users\Rudi\Documents\Outlook Files 2017-04-24 12:52 - 2014-10-17 23:48 - 00000000 ___RD C:\Users\Rudi\Google Drive 2017-04-24 12:51 - 2014-04-20 22:45 - 00000000 ___RD C:\Users\Rudi\Dropbox 2017-04-24 12:50 - 2016-11-12 12:13 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS 2017-04-24 12:50 - 2016-11-12 12:13 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2017-04-24 12:48 - 2014-08-28 15:25 - 00000000 ____D C:\ProgramData\NVIDIA 2017-04-24 12:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-23 23:24 - 2015-06-17 12:09 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3460383440-3824553181-3943810373-1001UA.job 2017-04-22 06:44 - 2015-06-19 13:43 - 00000000 ____D C:\Users\Rudi\AppData\Local\Deployment 2017-04-21 15:24 - 2015-06-17 12:09 - 00000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3460383440-3824553181-3943810373-1001Core.job 2017-04-20 23:44 - 2017-03-08 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-04-20 21:14 - 2014-04-20 22:42 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Dropbox 2017-04-20 08:17 - 2014-04-19 21:49 - 00748616 _____ C:\Windows\system32\perfh013.dat 2017-04-20 08:17 - 2014-04-19 21:49 - 00154476 _____ C:\Windows\system32\perfc013.dat 2017-04-20 08:17 - 2009-07-14 07:12 - 01677612 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-20 08:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-04-19 22:47 - 2014-08-15 21:13 - 00000000 ____D C:\AdwCleaner 2017-04-19 22:10 - 2016-05-17 14:04 - 00000000 ____D C:\zoek_backup 2017-04-19 21:25 - 2014-06-09 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-19 08:23 - 2014-12-26 11:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-04-19 08:22 - 2016-02-13 14:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-04-11 23:08 - 2014-04-21 23:07 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-11 23:08 - 2014-04-21 23:07 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-11 20:00 - 2014-04-21 14:15 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-04-11 20:00 - 2014-04-21 14:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-04-11 20:00 - 2014-04-21 14:15 - 00004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-04-11 20:00 - 2014-04-21 14:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-04-11 20:00 - 2014-04-21 14:15 - 00000000 ____D C:\Windows\system32\Macromed 2017-04-11 08:58 - 2015-07-21 20:27 - 00001465 _____ C:\Users\Rudi\Desktop\Quick Support.lnk 2017-04-11 08:58 - 2015-02-18 17:32 - 00001434 _____ C:\Users\Rudi\Desktop\KineQuick.lnk 2017-04-11 08:58 - 2015-02-18 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KineQuick 2017-04-11 08:58 - 2015-02-18 17:21 - 00000000 ____D C:\KineQuick 2017-04-11 08:06 - 2014-10-07 10:25 - 00000000 ____D C:\Users\Rudi\AppData\Local\NETGEARGenie 2017-04-10 22:11 - 2014-04-24 17:44 - 00000000 ___RD C:\Users\Rudi\Documents\Scanned Documents 2017-04-07 18:34 - 2017-03-21 20:46 - 338366016 _____ C:\Windows\MEMORY.DMP 2017-04-07 18:34 - 2014-04-21 22:48 - 00000000 ____D C:\Windows\Minidump 2017-04-04 23:29 - 2016-05-31 23:24 - 00027564 _____ C:\Users\Rudi\Documents\kinesitherapeuten Bilzen 2016.xlsx 2017-03-31 13:01 - 2014-04-21 23:08 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-31 13:01 - 2014-04-21 23:08 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-30 14:09 - 2014-10-17 23:46 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk 2017-03-30 14:09 - 2014-10-17 23:46 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2017-03-30 14:09 - 2014-10-17 23:46 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk 2017-03-30 14:09 - 2014-10-17 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-03-29 22:07 - 2014-04-20 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bestanden in de root van sommige mappen ======= 2015-09-23 12:54 - 2015-09-23 12:54 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-09-05 14:27 ==================== Eind van FRST.txt ============================