Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 07-06-2017 01 Gestart door DanyB (Beheerder) op DANYB-PC2 (09-06-2017 13:55:00) Gestart vanaf S:\DownloadsAllePC Geladen Profielen: DanyB (Beschikbare Profielen: DanyB) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Program Files\Free Desktop Clock\timeserv.exe (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Node.js) C:\Windows\Prey\versions\1.6.5\bin\node.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Fork, Ltd.) C:\Windows\Prey\versions\1.6.5\node_modules\triggers\bin\lightevt.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Conceptworld Corporation) C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe () C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-10-02] (COMODO) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe, Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-729673755-3722144356-2474752940-1000\...\Run: [QNPlus] => C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe [696896 2007-04-10] (Conceptworld Corporation) HKU\S-1-5-21-729673755-3722144356-2474752940-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2015-10-06] () HKU\S-1-5-21-729673755-3722144356-2474752940-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2017-04-15] (Ruiware) HKU\S-1-5-21-729673755-3722144356-2474752940-1000\...\MountPoints2: {7eb026e5-68d5-11e5-9948-001aa0d20511} - "E:\WD Drive Unlock.exe" autoplay=true ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.) Startup: C:\Users\DanyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-09-27] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\DanyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2017-04-15] ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust) BootExecute: autocheck autochk * auto_reactivate \\?\Volume{ac51f36a-5c49-11e5-87fd-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.130.2 195.130.131.2 Tcpip\..\Interfaces\{264B5BC9-5159-4E8B-B5F4-35DFB3F16E03}: [DhcpNameServer] 195.130.130.2 195.130.131.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-729673755-3722144356-2474752940-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.nl/#spf=1 BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-21] (LastPass) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-21] (LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-21] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-21] (LastPass) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1454156711552 FireFox: ======== FF DefaultProfile: e8sn4xgq.default FF ProfilePath: C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default [2017-06-09] FF Homepage: Mozilla\Firefox\Profiles\e8sn4xgq.default -> hxxps://www.google.be/ hxxps://outlook.live.com/owa/#path=/mail/inbox FF Extension: (British English Dictionary (Updated)) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\Extensions\en-gb@flyingtophat.co.uk [2015-09-27] [ niet getekend] FF Extension: (United States English Spellchecker) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-19] FF Extension: (Spell Checker) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\Extensions\gaurangnshah@gmail.com.xpi [2016-05-15] FF Extension: (LastPass: Free Password Manager) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\Extensions\support@lastpass.com [2017-06-08] FF Extension: (FEBE) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2016-11-13] FF Extension: (Follow-on Search Telemetry) - C:\Users\DanyB\AppData\Roaming\Mozilla\Firefox\Profiles\e8sn4xgq.default\features\{17c8cd69-68b9-4a46-bcaf-e71dbe7efa91}\followonsearch@mozilla.com.xpi [2017-06-08] FF ProfilePath: C:\Users\DanyB\AppData\Roaming\KompoZer\Profiles\8ipummgn.default [2016-11-18] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-08] () FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-21] (LastPass) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-08] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-11-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-11-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-11-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-11-15] (Foxit Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-21] (LastPass) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.) FF Plugin HKU\S-1-5-21-729673755-3722144356-2474752940-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DanyB\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-28] (Citrix Online) FF Plugin HKU\S-1-5-21-729673755-3722144356-2474752940-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\DanyB\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security) FF Plugin HKU\S-1-5-21-729673755-3722144356-2474752940-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\DanyB\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security) ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-16] (Apple Inc.) R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2015-10-06] () [Bestand niet getekend] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-02] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-02] (COMODO) R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-11-28] (Fork, Ltd.) [Bestand niet getekend] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-22] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-22] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [Bestand niet getekend] S3 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [Bestand niet getekend] S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-04-16] (Malwarebytes) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2017-04-15] (TeamViewer GmbH) S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-12-05] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62976 2014-11-13] (Advanced Card Systems Ltd.) S3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [497152 2009-07-20] (Analog Devices, Inc.) [Bestand niet getekend] R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-09-16] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-09-16] (G Data Software AG) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [125952 2015-09-16] (G Data Software AG) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-16] (Malwarebytes) S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [33536 2016-03-28] (Resplendence Software Projects Sp.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-09-19] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-09-19] (Acronis International GmbH) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2016-09-05] (Microsoft Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-09-19] (Acronis International GmbH) S3 dbx; system32\DRIVERS\dbx.sys [X] S0 GDBehave; system32\drivers\GDBehave.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-06-08 12:25 - 2017-06-08 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-05-30 12:22 - 2017-05-30 12:22 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-06-09 13:55 - 2017-04-15 13:24 - 00000000 ____D C:\FRST 2017-06-09 13:55 - 2016-11-16 13:52 - 00000000 ____D C:\Users\DanyB\AppData\LocalLow\Mozilla 2017-06-09 13:49 - 2015-09-27 19:46 - 00000500 _____ C:\Windows\Tasks\SyncBack Dag BU Outlook naar S bij opstart.job 2017-06-09 13:48 - 2016-12-01 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-09 13:48 - 2015-11-28 18:16 - 00000000 ____D C:\Windows\Prey 2017-06-09 13:48 - 2015-09-20 23:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-09 13:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-09 12:54 - 2016-03-01 12:27 - 00019384 _____ C:\Windows\system32\Drivers\fvstore.dat 2017-06-09 12:54 - 2015-10-02 17:21 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2017-06-09 12:20 - 2015-12-22 13:32 - 00001012 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-06-09 11:00 - 2015-09-27 20:03 - 00000468 _____ C:\Windows\Tasks\SyncBack Dag BU Doc naar S.job 2017-06-09 10:50 - 2015-10-02 20:13 - 00000496 _____ C:\Windows\Tasks\SyncBack Dag BU Outlook naar T (Dropbox).job 2017-06-09 10:45 - 2016-02-22 17:51 - 00000480 _____ C:\Windows\Tasks\SyncBack Dag BU Mijn Webs naar S.job 2017-06-08 20:25 - 2015-12-22 13:32 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-06-08 19:17 - 2014-11-20 19:56 - 00896326 _____ C:\Windows\system32\perfh013.dat 2017-06-08 19:17 - 2014-11-20 19:56 - 00218102 _____ C:\Windows\system32\perfc013.dat 2017-06-08 19:17 - 2009-07-14 07:13 - 01900784 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-08 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-06-08 19:07 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-06-08 19:00 - 2015-10-02 19:59 - 00000490 _____ C:\Windows\Tasks\SyncBack Dag BU Recepten naar Dropbox(P).job 2017-06-08 18:31 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-06-08 18:31 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-06-08 15:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2017-06-08 13:30 - 2016-10-12 10:03 - 00000466 _____ C:\Windows\Tasks\SyncBack Comodo vertaling.job 2017-06-08 13:30 - 2016-04-23 20:14 - 00000476 _____ C:\Windows\Tasks\SyncBack Dag BU Dropbox naar S.job 2017-06-08 13:25 - 2015-09-20 23:59 - 00000000 ____D C:\Users\DanyB\AppData\LocalLow\LastPass 2017-06-08 13:00 - 2015-09-25 18:51 - 00000482 _____ C:\Windows\Tasks\SyncBack Dag BU Favorieten naar T.job 2017-06-08 12:31 - 2015-11-17 11:13 - 00004390 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-06-08 12:31 - 2015-09-27 16:09 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-06-08 12:31 - 2015-09-27 16:09 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-08 12:30 - 2015-09-27 16:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-06-08 12:30 - 2015-09-27 16:09 - 00000000 ____D C:\Windows\system32\Macromed 2017-06-08 12:30 - 2015-09-16 10:52 - 00000000 ____D C:\ProgramData\G Data 2017-06-08 12:29 - 2016-06-01 18:49 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-06-08 12:29 - 2016-06-01 18:49 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-06-08 12:26 - 2015-12-22 13:32 - 00000000 ____D C:\Program Files (x86)\Dropbox ==================== Bestanden in de root van sommige mappen ======= 2015-09-21 00:39 - 2015-09-21 00:39 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-09-16 13:33 - 2015-09-16 13:33 - 0000000 _____ () C:\Users\DanyB\AppData\Roaming\gdfw.log 2015-09-16 13:32 - 2015-09-16 13:32 - 0000197 _____ () C:\Users\DanyB\AppData\Roaming\gdscan.log 2015-12-13 19:53 - 2015-12-26 12:05 - 0001274 _____ () C:\Users\DanyB\AppData\Local\infection.log 2016-12-16 12:15 - 2016-12-16 12:15 - 0005532 _____ () C:\Users\DanyB\AppData\Local\recently-used.xbel 2016-06-01 10:38 - 2016-12-18 20:47 - 0052722 _____ () C:\Users\DanyB\AppData\Local\Snip.txt 2016-12-18 20:47 - 2016-12-18 20:47 - 0000342 _____ () C:\Users\DanyB\AppData\Local\SnipUsages.txt ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-06-08 15:40 ==================== Eind van FRST.txt ============================