Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 01-10-2017 Gestart door Wijna (Beheerder) op Wijna-PC (01-10-2017 12:40:47) Gestart vanaf C:\Users\Wijna\Downloads Geladen Profielen: Wijna (Beschikbare Profielen: Wijna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 9 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (© 2015 Microsoft Corporation) C:\Users\Wijna\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-08] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-3171778365-3289252850-328694927-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-09-20] (SUPERAntiSpyware) HKU\S-1-5-21-3171778365-3289252850-328694927-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\S-1-5-21-3171778365-3289252850-328694927-1001\...\Run: [BingSvc] => C:\Users\Wijna\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3171778365-3289252850-328694927-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd) HKU\S-1-5-21-3171778365-3289252850-328694927-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net) HKU\S-1-5-21-3171778365-3289252850-328694927-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [170688 2016-12-12] (NVIDIA Corporation) AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-12-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2016-12-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-12-29] ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Wijna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eCentral.lnk [2015-12-29] ShortcutTarget: eCentral.lnk -> C:\Program Files (x86)\Eshasoft\Desktop Calendar and Planner Software\eCentral.exe (Geen bestand) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760 2013-06-29] (SafeIP) Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760 2013-06-29] (SafeIP) Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760 2013-06-29] (SafeIP) Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760 2013-06-29] (SafeIP) Winsock: Catalog9 15 C:\Windows\SysWOW64\SafeIPs.dll [373760 2013-06-29] (SafeIP) Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016 2013-06-29] (SafeIP) Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016 2013-06-29] (SafeIP) Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016 2013-06-29] (SafeIP) Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016 2013-06-29] (SafeIP) Winsock: Catalog9-x64 15 C:\Windows\system32\SafeIPs64.dll [534016 2013-06-29] (SafeIP) Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229 Tcpip\..\Interfaces\{FE942A39-7A19-497C-AFF5-6CA6FBFC3E1C}: [DhcpNameServer] 89.101.251.228 89.101.251.229 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3171778365-3289252850-328694927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=nl-nl HKU\S-1-5-21-3171778365-3289252850-328694927-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp HKU\S-1-5-21-3171778365-3289252850-328694927-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3171778365-3289252850-328694927-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3171778365-3289252850-328694927-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3171778365-3289252850-328694927-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3171778365-3289252850-328694927-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-08] (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-31] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-08] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-31] (Oracle Corporation) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {FB54FA27-96CF-4C62-80DC-DA7616EBD326} hxxp://downloads.bullguard.com/VirusScan/bgvax.cab FireFox: ======== FF ProfilePath: C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\ymrwxbuf.default-1438939136922 [2017-10-01] FF Homepage: Mozilla\Firefox\Profiles\ymrwxbuf.default-1438939136922 -> hxxps://www.google.nl/ FF Extension: (ighangouts) - C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\ymrwxbuf.default-1438939136922\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2017-05-23] FF Extension: (Activity Stream) - C:\Program Files (x86)\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-30] [ niet getekend] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-08-25] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-08-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll [2011-07-07] (ABN AMRO) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3171778365-3289252850-328694927-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Wijna\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-17] (Citrix Online) ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-09-20] (SUPERAntiSpyware.com) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-08] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-08] (AVAST Software) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [387944 2016-06-07] (Digital Wave Ltd.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation) R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3860480 2013-06-29] (SafeIP) [Bestand niet getekend] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-08] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-08] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-08] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-08] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-08] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-08] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-08] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-15] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-21] (Disc Soft Ltd) S3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-10-01 12:40 - 2017-10-01 12:41 - 000022041 _____ C:\Users\Wijna\Downloads\FRST.txt 2017-10-01 12:39 - 2017-10-01 12:40 - 000000000 ____D C:\FRST 2017-10-01 12:38 - 2017-10-01 12:38 - 002399744 _____ (Farbar) C:\Users\Wijna\Downloads\FRST64.exe 2017-09-30 22:15 - 2017-09-30 22:15 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-09-28 12:53 - 2017-09-28 12:53 - 000000230 _____ C:\Users\Wijna\Desktop\PDFescape - Free PDF Editor & Free PDF Form Filler.URL 2017-09-26 11:20 - 2017-09-26 15:42 - 000641536 ____R C:\Users\Wijna\Desktop\FA4F5500 2017-09-25 14:35 - 2017-09-25 14:35 - 000355492 _____ C:\Users\Wijna\Downloads\Motoxcite.pdf 2017-09-20 03:01 - 2017-09-30 21:55 - 000301056 ____H C:\Users\Wijna\Desktop\~WRL0319.tmp 2017-09-20 00:51 - 2017-09-20 00:51 - 596194705 _____ C:\Windows\MEMORY.DMP 2017-09-20 00:51 - 2017-09-20 00:51 - 000237508 _____ C:\Windows\ntbtlog.txt 2017-09-16 11:33 - 2017-09-16 11:33 - 000029696 ____H C:\Users\Wijna\Desktop\~WRL1257.tmp 2017-09-13 19:41 - 2017-09-13 19:41 - 000151332 _____ C:\Users\Wijna\Downloads\2017-0761.pdf 2017-09-13 11:32 - 2017-09-13 11:32 - 006476800 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-09-12 17:03 - 2017-09-12 17:04 - 001716450 _____ C:\Users\Wijna\Downloads\ARMARK12.- FolletoTowCar Portamotos 2017.pdf 2017-09-08 10:39 - 2017-09-08 10:39 - 000030752 _____ C:\Users\Wijna\Downloads\retour.pdf 2017-09-08 10:26 - 2017-09-08 10:26 - 000065194 _____ C:\Users\Wijna\Downloads\MDI_Algemene_voorwaarden.pdf 2017-09-08 09:46 - 2017-09-08 09:34 - 000014930 _____ C:\Users\Wijna\Downloads\INVOICE_20170010000989_6S7E5IeqZfG2RPR-Ih5otuxIVr-MleNyZa_Lz3IlTmU.pdf 2017-09-07 10:16 - 2017-09-07 16:53 - 292874960 _____ C:\Users\Wijna\Downloads\2017_collection(1).pdf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-10-01 12:35 - 2016-11-16 14:01 - 000000000 ____D C:\Users\Wijna\AppData\LocalLow\Mozilla 2017-10-01 12:15 - 2017-05-23 10:10 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3171778365-3289252850-328694927-1001.job 2017-10-01 11:50 - 2017-05-23 10:10 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3171778365-3289252850-328694927-1001.job 2017-09-30 22:16 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-30 22:16 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-30 22:14 - 2016-12-14 14:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-30 22:14 - 2016-02-15 13:09 - 000002866 _____ C:\Windows\wininit.ini 2017-09-30 22:14 - 2013-12-16 18:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-09-30 22:13 - 2016-03-01 23:47 - 000000000 ____D C:\Users\Wijna\AppData\Roaming\Kodi 2017-09-30 22:10 - 2012-11-03 15:24 - 000000000 ____D C:\ProgramData\clear.fi 2017-09-30 22:08 - 2012-07-12 14:46 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-30 22:07 - 2012-11-03 00:37 - 000000000 ____D C:\Users\Wijna 2017-09-30 22:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-30 22:05 - 2017-02-28 23:16 - 000003656 _____ C:\Windows\SysWOW64\SafeIPS.ini 2017-09-30 22:05 - 2017-02-28 23:16 - 000001944 _____ C:\Windows\SysWOW64\SafeIPSOff.ini 2017-09-30 22:05 - 2017-02-28 23:16 - 000001944 _____ C:\Windows\system32\SafeIPSOff.ini 2017-09-30 22:03 - 2017-08-14 11:05 - 000000000 ____D C:\Users\Wijna\Desktop\SEO en whitepapers 2017-09-30 14:53 - 2017-07-08 22:29 - 000000000 ____D C:\Users\Wijna\AppData\Local\GoToMeeting 2017-09-30 14:53 - 2017-05-23 10:10 - 000003656 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3171778365-3289252850-328694927-1001 2017-09-30 14:53 - 2017-05-23 10:10 - 000003560 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3171778365-3289252850-328694927-1001 2017-09-28 17:31 - 2016-02-09 08:19 - 000000000 ____D C:\Users\Wijna\AppData\Local\CutePDF Writer 2017-09-26 22:21 - 2017-02-06 23:53 - 000000000 ____D C:\Users\Wijna\AppData\Local\CrashDumps 2017-09-26 14:12 - 2017-02-15 21:36 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-09-25 14:40 - 2013-05-04 12:26 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-09-23 22:16 - 2013-12-18 18:40 - 000000000 ____D C:\Users\Wijna\.gimp-2.8 2017-09-22 16:04 - 2015-09-01 18:03 - 000000000 ____D C:\Users\Wijna\Desktop\Nieuwe map (2) 2017-09-20 02:23 - 2014-09-08 13:04 - 000000000 ____D C:\Users\Wijna\AppData\Roaming\vlc 2017-09-20 00:51 - 2015-04-20 21:05 - 000000000 ____D C:\Windows\Minidump 2017-09-13 11:32 - 2014-02-08 23:15 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-09-13 11:32 - 2013-12-06 21:11 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-13 11:32 - 2012-03-20 17:22 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-09-13 11:32 - 2012-03-20 17:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-13 11:32 - 2012-03-20 17:22 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-12 15:01 - 2013-06-03 19:39 - 000000000 ____D C:\ProgramData\CanonIJPLM 2017-09-10 12:59 - 2017-08-19 15:03 - 000381952 ____H C:\Users\Wijna\Desktop\~WRL1008.tmp 2017-09-10 12:45 - 2017-08-19 15:03 - 000381952 ____H C:\Users\Wijna\Desktop\~WRL1992.tmp 2017-09-10 12:36 - 2017-08-19 15:03 - 000381952 ____H C:\Users\Wijna\Desktop\~WRL3053.tmp 2017-09-10 12:05 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL0775.tmp 2017-09-10 11:09 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL1699.tmp 2017-09-10 10:53 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL3270.tmp 2017-09-10 10:09 - 2017-03-15 11:54 - 000030208 ____H C:\Users\Wijna\Desktop\~WRL3370.tmp 2017-09-09 14:20 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL0230.tmp 2017-09-09 14:19 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL1445.tmp 2017-09-09 14:17 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL3096.tmp 2017-09-08 19:30 - 2017-03-15 11:54 - 000029696 ____H C:\Users\Wijna\Desktop\~WRL1396.tmp 2017-09-08 10:55 - 2017-03-15 11:54 - 000029184 ____H C:\Users\Wijna\Desktop\~WRL1757.tmp 2017-09-08 10:39 - 2017-03-15 11:54 - 000029184 ____H C:\Users\Wijna\Desktop\~WRL1613.tmp 2017-09-08 10:27 - 2017-03-15 11:54 - 000029184 ____H C:\Users\Wijna\Desktop\~WRL2020.tmp 2017-09-08 10:25 - 2017-03-15 11:54 - 000028672 ____H C:\Users\Wijna\Desktop\~WRL3546.tmp 2017-09-08 10:04 - 2017-03-15 11:54 - 000028160 ____H C:\Users\Wijna\Desktop\~WRL0803.tmp 2017-09-05 15:43 - 2017-03-15 23:14 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-09-05 15:43 - 2012-03-20 16:51 - 000000000 ____D C:\ProgramData\Skype 2017-09-05 15:35 - 2017-08-19 15:03 - 000381440 ____H C:\Users\Wijna\Desktop\~WRL1333.tmp 2017-09-04 22:43 - 2017-08-19 15:03 - 000380928 ____H C:\Users\Wijna\Desktop\~WRL1912.tmp 2017-09-04 15:17 - 2017-08-19 15:03 - 000379904 ____H C:\Users\Wijna\Desktop\~WRL0173.tmp ==================== Bestanden in de root van sommige mappen ======= 2016-11-18 12:18 - 2016-11-18 12:28 - 000000040 _____ () C:\Users\Wijna\AppData\Roaming\cdr.ini 2013-07-17 15:01 - 2014-08-27 11:02 - 000109527 _____ () C:\Users\Wijna\AppData\Local\ars.cache 2013-07-17 15:01 - 2014-08-27 11:02 - 001046948 _____ () C:\Users\Wijna\AppData\Local\census.cache 2013-07-14 22:38 - 2013-07-14 22:38 - 000000036 _____ () C:\Users\Wijna\AppData\Local\housecall.guid.cache 2015-07-16 00:55 - 2015-07-16 00:56 - 028129555 _____ () C:\Users\Wijna\AppData\Local\package.nw.new 2016-09-27 21:47 - 2016-09-27 21:47 - 000000218 _____ () C:\Users\Wijna\AppData\Local\recently-used.xbel 2012-07-12 14:58 - 2012-07-12 15:01 - 000015126 _____ () C:\ProgramData\ArcadeDeluxe5.log Sommige bestanden in TEMP: ==================== 2017-08-24 14:57 - 2014-10-28 06:49 - 000060296 _____ (Autodesk, Inc.) C:\Users\Wijna\AppData\Local\Temp\AcDeltree.exe 2017-07-27 00:28 - 2017-07-27 00:28 - 000740416 _____ (Oracle Corporation) C:\Users\Wijna\AppData\Local\Temp\jre-8u144-windows-au.exe Sommige nul byte grootte bestanden/mappen: ========================== C:\Windows\System32\D3DIM700.DLL C:\Windows\System32\igd10umd32.dll C:\Windows\System32\igdumd32.dll C:\Windows\System32\igdumdx32.dll C:\Windows\System32\OLEPRO32.DLL ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-09-20 18:51 ==================== Eind van FRST.txt ============================