Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 12-06-2017
Gestart door Katrien & Joachim (Beheerder) op 1980PC (13-06-2017 19:52:16)
Gestart vanaf C:\Users\Katrien & Joachim\Downloads
Geladen Profielen: Katrien & Joachim (Beschikbare Profielen: Katrien & Joachim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: FF)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Register (gefilterd) ====================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA1A (de data item heeft 313 mee tekens).
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-748706070-3823825615-209406529-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-748706070-3823825615-209406529-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks-x32: Geen Naam - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> Geen bestand
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Startup: C:\Users\Katrien & Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP DeskJet 3630 series.lnk [2017-06-13]
ShortcutTarget: Inktwaarschuwingen controleren - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B6F226C-2C8F-40D3-9E03-044A32D3FED7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423494094&from=wpc&uid=WDCXWD5000AAKS-60A7B2_WD-WCAT0070277002770
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {8C291886-5073-486B-A772-289BD2C91E66} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {8C291886-5073-486B-A772-289BD2C91E66} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> {5B291E6C-9A74-4034-971B-A4B007A0B315} URL = hxxp://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> {8C291886-5073-486B-A772-289BD2C91E66} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DACE367E-D1D1-42BE-AB02-4D35F15AD321}&mid=a8c3062c1548cfba7631486889d50c38-b8e2c1ef321d94700a2965bec8944d6c3da51872&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-12 16:55:14&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-748706070-3823825615-209406529-1001 -> Geen Naam - {5B291E6C-9A74-4034-971B-A4B007A0B315} -  Geen bestand
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.be/ImageUploader5.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Katrien & Joachim\AppData\Roaming\TomTom\HOME\Profiles\qtbi97ma.default [2015-04-05]
FF Extension: (Geen Naam) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [niet gevonden]
FF ProfilePath: C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hjvkae0n.default-1487709234416 [2017-06-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\hjvkae0n.default-1487709234416 -> type", 0
FF Extension: (Belgium eID) - C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hjvkae0n.default-1487709234416\Extensions\belgiumeid@eid.belgium.be.xpi [2017-06-05]
FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-11-22] [ niet getekend]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-08] [ niet getekend]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\cxpcn7wh.default-1422474044957\extensions\fftoolbar2014@etech.com => niet gevonden
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [Geen bestand]
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-748706070-3823825615-209406529-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Katrien & Joachim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )

Chrome: 
=======
CHR DefaultProfile: Default
CHR dev: Chrome dev build gedetecteerd! <======= AANDACHT
CHR Profile: C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default [2015-01-27]
CHR Extension: (Geen Naam) - C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== AANDACHT
CHR Extension: (Geen Naam) - C:\Users\Katrien & Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-06-02]
CHR HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KATRIE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-12]
CHR HKU\S-1-5-21-748706070-3823825615-209406529-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [Bestand niet getekend]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [Bestand niet getekend]
S4 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-06] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-10] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-09-11] () [Bestand niet getekend]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-06-13 19:51 - 2017-06-13 19:52 - 00040904 _____ C:\Users\Katrien & Joachim\Downloads\Addition.txt
2017-06-13 19:46 - 2017-06-13 19:52 - 00019852 _____ C:\Users\Katrien & Joachim\Downloads\FRST.txt
2017-06-13 19:45 - 2017-06-13 19:52 - 00000000 ____D C:\FRST
2017-06-13 19:45 - 2017-06-13 19:45 - 02438656 _____ (Farbar) C:\Users\Katrien & Joachim\Downloads\FRST64.exe
2017-06-13 18:39 - 2017-06-13 19:25 - 00000392 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Startup.job
2017-06-13 18:39 - 2017-06-13 18:39 - 00002808 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Startup
2017-06-13 18:33 - 2017-06-13 19:12 - 00000400 _____ C:\Windows\Tasks\WinThruster64-Katrien & Joachim-Notification.job
2017-06-13 18:33 - 2017-06-13 18:33 - 00003500 _____ C:\Windows\System32\Tasks\WinThruster64-Katrien & Joachim-Notification
2017-06-13 18:33 - 2017-06-13 18:33 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\Solvusoft
2017-06-13 18:32 - 2017-06-13 18:32 - 00002055 _____ C:\Users\Public\Desktop\WinThruster.lnk
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files\Solvusoft
2017-06-13 18:31 - 2017-06-13 18:31 - 00000000 ____D C:\Program Files (x86)\Solvusoft
2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ___HD C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
2017-06-13 18:29 - 2017-06-13 18:33 - 00000000 ____D C:\ProgramData\Solvusoft
2017-06-13 18:28 - 2017-06-13 18:28 - 08932000 _____ (Solvusoft Corporation ) C:\Users\Katrien & Joachim\Downloads\Setup_WinThruster_2016.exe
2017-06-13 18:28 - 2017-06-13 18:28 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\IIIQF
2017-06-13 18:16 - 2017-06-13 18:17 - 00000085 _____ C:\Windows\wininit.ini
2017-06-13 15:46 - 2017-06-13 15:46 - 01980152 _____ (Panda Security, S.L.) C:\Users\Katrien & Joachim\Downloads\PANDAFREEAV.exe
2017-06-13 15:46 - 2017-06-13 15:46 - 00000000 ____D C:\ProgramData\Panda Security
2017-06-13 14:33 - 2017-06-13 14:33 - 00000000 __SHD C:\found.003
2017-06-12 20:11 - 2017-06-12 20:11 - 00000000 ____D C:\9e8d90d4e8d767e63aefb145c9c3cd
2017-06-12 19:41 - 2017-06-12 19:42 - 00000000 ____D C:\e3e87185d3012d681569c0cc
2017-06-12 19:40 - 2017-06-12 19:41 - 00000000 ____D C:\07de1941a6655bff87f4ca687bfa6fb1
2017-06-12 18:30 - 2017-06-13 12:40 - 00000380 _____ C:\Windows\Tasks\HPCeeScheduleForKatrien & Joachim.job
2017-06-08 10:46 - 2017-06-12 17:03 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\ESET
2017-06-08 10:46 - 2017-06-08 10:46 - 06762624 _____ (ESET spol. s r.o.) C:\Users\Katrien & Joachim\Downloads\ESETOnlineScanner_NLD.exe
2017-06-08 10:41 - 2017-06-08 10:41 - 00524248 _____ (F-Secure Corporation) C:\Users\Katrien & Joachim\Downloads\F-SecureOnlineScanner.exe
2017-06-08 10:41 - 2017-06-08 10:41 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\F-Secure
2017-06-08 10:41 - 2017-06-08 10:41 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-08 10:15 - 2017-06-08 10:15 - 00001049 _____ C:\Users\Public\Desktop\Avast SafeZone 3 Browser.lnk.1496909717.old
2017-06-08 10:07 - 2017-06-13 15:15 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-08 10:07 - 2017-06-08 10:07 - 06919904 _____ (AVAST Software) C:\Users\Katrien & Joachim\Downloads\avast_free_antivirus_setup_online.exe
2017-06-07 18:08 - 2017-06-07 18:08 - 00000000 ____D C:\0e401510c2a156fe29087cc622b804
2017-06-07 15:49 - 2017-06-07 15:50 - 00000000 ____D C:\9994b9c06ad91d4c4af8
2017-06-07 15:35 - 2017-06-07 15:36 - 04793496 _____ (Avira Operations GmbH & Co. KG) C:\Users\Katrien & Joachim\Downloads\avira_nl_av_59380119cfe6f__ws.exe
2017-06-07 14:35 - 2017-06-07 14:35 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-06-07 14:35 - 2017-06-07 14:35 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\VS Revo Group
2017-06-07 14:35 - 2017-06-07 14:35 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-06-07 14:35 - 2017-06-07 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-06-07 14:35 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2017-06-07 14:34 - 2017-06-07 14:34 - 11534624 _____ (VS Revo Group ) C:\Users\Katrien & Joachim\Downloads\RevoUninProSetup.exe
2017-06-07 14:34 - 2017-06-07 14:34 - 00000000 ____D C:\Program Files\VS Revo Group
2017-06-07 13:53 - 2017-06-07 14:15 - 00000000 ____D C:\AVG_Remover
2017-06-07 13:52 - 2017-06-07 13:52 - 07986864 _____ ( ) C:\Users\Katrien & Joachim\Downloads\AVG_Remover.exe
2017-06-07 13:48 - 2017-06-07 13:48 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Katrien & Joachim\Downloads\AVG_Protection_Free_1606.exe
2017-06-07 13:33 - 2017-06-07 13:45 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\AvgSetupLog
2017-06-05 17:14 - 2017-06-05 17:15 - 00000000 ____D C:\b43d768a66c4e057f0d1265c64
2017-06-05 11:44 - 2017-06-05 12:18 - 00000000 ____D C:\Users\Katrien & Joachim\Documents\BELASTINGEN
2017-06-01 10:03 - 2017-06-01 10:03 - 00120484 _____ C:\Users\Katrien & Joachim\Downloads\openPDF
2017-05-31 21:43 - 2017-05-31 21:44 - 00000000 ____D C:\3ee6476d63d61fe788e5152e473226
2017-05-31 21:41 - 2012-08-20 09:30 - 00091543 _____ C:\Users\Katrien & Joachim\Downloads\Masters.Of.The.Universe.1987.srt
2017-05-31 20:18 - 2017-05-31 21:06 - 00000000 ____D C:\Users\Katrien & Joachim\Downloads\Thundercats 2011 - The Complete Season 1 [HDTV]
2017-05-31 20:18 - 2017-05-31 20:18 - 00013951 _____ C:\Users\Katrien & Joachim\Downloads\Thundercats 2011 - The Complete Season 1 [HDTV].torrent
2017-05-31 18:34 - 2017-05-31 20:11 - 00000000 ____D C:\Users\Katrien & Joachim\Downloads\Thundercats.2011.S01E01-26.1080p.WEB-DL.AAC2.0.H.264-iT00NZ
2017-05-31 18:33 - 2017-05-31 18:33 - 00056456 ____N C:\Users\Katrien & Joachim\Downloads\Thundercats.2011.S01E01-26.1080p.WEB-DL.AAC2.0.H.264-iT00NZ.torrent
2017-05-22 22:49 - 2017-05-22 22:50 - 00000000 ____D C:\297f3ce97be1ba4668fb
2017-05-22 15:54 - 2017-05-22 15:54 - 00001404 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2017-05-22 15:54 - 2017-05-22 15:54 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2017-05-22 15:54 - 2017-05-22 15:54 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2017-05-22 15:53 - 2017-05-22 15:53 - 34284768 _____ (Digital Wave Ltd ) C:\Users\Katrien & Joachim\Downloads\FreeYouTubeToMP3Converter_4.1.49.516_o.exe
2017-05-22 12:39 - 2017-05-22 12:39 - 00024505 ____N C:\Users\Katrien & Joachim\Downloads\Mission Impossible Ghost Protocol (2011) DD2.0 CAM2DVD (Nl subs) TBS.torrent
2017-05-20 19:59 - 2017-05-20 19:59 - 00000000 ____D C:\38c34574efb1428ff4
2017-05-19 20:50 - 2017-05-19 20:51 - 00000000 ____D C:\e64e1d7efbeaed43c4eb00033d5c69

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2017-06-13 19:49 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-13 19:49 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-13 19:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-13 19:29 - 2016-11-23 19:56 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\LocalLow\Mozilla
2017-06-13 19:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 18:17 - 2015-01-23 17:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-06-13 18:16 - 2015-01-23 17:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-13 15:57 - 2012-05-17 18:13 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2017-06-13 15:55 - 2013-09-13 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com
2017-06-13 15:52 - 2013-12-07 20:30 - 00000000 ____D C:\Program Files\ComicRack
2017-06-12 19:48 - 2017-02-20 12:17 - 00003282 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKatrien & Joachim
2017-06-12 19:48 - 2010-01-10 14:22 - 00000000 ____D C:\Users\Katrien & Joachim
2017-06-12 18:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-08 11:13 - 2010-02-10 09:49 - 00000000 ____D C:\Program Files (x86)\RadioBar
2017-06-08 10:34 - 2013-08-13 21:29 - 00000000 ____D C:\Windows\system32\MRT
2017-06-08 10:05 - 2017-02-08 20:33 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\vlc
2017-06-08 09:58 - 2017-02-08 20:33 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-07 17:20 - 2012-08-27 20:20 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\DVDVideoSoft
2017-06-07 17:14 - 2009-10-03 04:26 - 00745764 _____ C:\Windows\system32\perfh013.dat
2017-06-07 17:14 - 2009-10-03 04:26 - 00153716 _____ C:\Windows\system32\perfc013.dat
2017-06-07 17:14 - 2009-07-14 07:13 - 01670960 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-07 14:26 - 2012-05-17 18:13 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Local\TomTom
2017-06-07 13:48 - 2016-11-14 19:02 - 00000000 ____D C:\ProgramData\Avg
2017-06-07 13:46 - 2009-09-25 01:06 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-07 12:33 - 2015-01-27 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-05 12:02 - 2016-11-22 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-01 10:21 - 2014-05-31 10:07 - 00000476 ____H C:\Windows\Tasks\Norton Security Scan for Katrien & Joachim.job
2017-06-01 10:19 - 2017-03-21 20:01 - 00000000 ____D C:\Users\Katrien & Joachim\Downloads\FullDisc
2017-06-01 10:07 - 2013-12-21 15:31 - 00000000 ____D C:\Users\Katrien & Joachim\Documents\Rekeninguittreksels
2017-05-31 21:06 - 2015-11-05 16:01 - 00000000 ____D C:\Users\Katrien & Joachim\Downloads\Thundercats.2011.S01E20.720p.HDTV.x264-2HD-[STV]
2017-05-31 20:55 - 2010-03-08 12:44 - 00000000 ____D C:\Program Files\PeerBlock
2017-05-31 20:55 - 2010-02-10 09:58 - 00000000 ____D C:\Users\Katrien & Joachim\AppData\Roaming\uTorrent
2017-05-23 21:49 - 2010-01-11 22:28 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 21:17 - 2017-04-05 11:26 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149556714480801
2017-05-22 15:54 - 2015-01-30 17:25 - 00001337 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2017-05-22 15:54 - 2012-08-27 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2017-05-20 18:43 - 2012-01-27 20:59 - 00000000 ____D C:\Users\Katrien & Joachim\Downloads\CSI- Crime Scene Investigation
2017-05-16 19:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-05-16 16:47 - 2014-07-12 11:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-16 16:45 - 2014-07-12 11:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-05-16 16:24 - 2009-07-14 06:45 - 00461440 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-16 16:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Bestanden in de root van sommige mappen =======

2013-04-28 13:40 - 2013-04-28 13:40 - 4126720 _____ () C:\Program Files (x86)\GUT18F4.tmp
2011-05-22 14:17 - 2011-10-10 18:30 - 0001854 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\GhostObjGAFix.xml
2010-03-27 10:59 - 2010-03-27 10:59 - 0099384 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\inst.exe
2010-06-20 12:24 - 2010-06-20 16:13 - 0034894 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\mdbu.bin
2010-03-27 10:59 - 2010-03-27 10:59 - 0007859 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\pcouffin.cat
2010-03-27 10:59 - 2010-03-27 10:59 - 0001167 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\pcouffin.inf
2010-03-27 11:00 - 2010-03-27 11:00 - 0000034 _____ () C:\Users\Katrien & Joachim\AppData\Roaming\pcouffin.log
2010-03-27 10:59 - 2010-03-27 10:59 - 0082816 _____ (VSO Software) C:\Users\Katrien & Joachim\AppData\Roaming\pcouffin.sys
2010-12-26 16:37 - 2010-12-28 09:59 - 0005632 _____ () C:\Users\Katrien & Joachim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-25 01:03 - 2010-03-27 10:36 - 0000125 ___SH () C:\ProgramData\.zreglib
2016-12-18 11:40 - 2016-12-18 11:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-28 20:52 - 2013-08-28 20:52 - 0000420 _____ () C:\ProgramData\fontcacheev1.dat

Bestanden om te verplaatsen of verwijderen:
====================
C:\ProgramData\fontcacheev1.dat


==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2017-06-12 18:09

==================== Eind van FRST.txt ============================