Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 21.02.2018 Gestart door Gebruiker (Beheerder) op GEBRUIKER-PC (21-02-2018 19:41:39) Gestart vanaf D:\Users\Gebruiker\Downloads Geladen Profielen: Gebruiker & UpdatusUser (Beschikbare Profielen: Gebruiker & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 10 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\Gramblr\gramblr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (VASCO Data Security) C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe () C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (VASCO Data Security) C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [FLMTRUSTMOUSE] => C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe [429568 2014-06-02] () HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [DigipassNativeBridge] => C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-11-15] (VASCO Data Security) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\MountPoints2: {2354e13e-a5dc-11e3-a6c1-806e6f6e6963} - E:\autorun.bat HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\MountPoints2: {c9da4451-3946-11e7-a371-406186284342} - K:\HiSuiteDownLoader.exe HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.) Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk [2018-02-21] ShortcutTarget: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 195.130.130.3 195.130.131.3 Tcpip\..\Interfaces\{1766C170-115E-461A-8E9C-D31F45ACDEC3}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{F0115CF7-0342-4B55-86BE-FDFEB04351D3}: [DhcpNameServer] 195.130.130.3 195.130.131.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-ccf831ed HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-ccf831ed HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKLM-x32 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) Handler: WSKVAllmytubechrome - Geen CLSID Waarde StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: dldse21a.default FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default [2018-02-21] FF Homepage: Mozilla\Firefox\Profiles\dldse21a.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-ccf831ed FF NewTab: Mozilla\Firefox\Profiles\dldse21a.default -> FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default\searchplugins\bing search engine.xml [2016-10-06] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-21] [Verouderd] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1243184377-1695436347-1374857548-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll [2013-10-28] (VASCO Data Security) FF Plugin HKU\S-1-5-21-1243184377-1695436347-1374857548-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll [2013-10-28] (VASCO Data Security) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.be/ CHR StartupUrls: Default -> "hxxps://www.google.be/" CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default [2018-02-21] CHR Extension: (Google Drive) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (eID Chrome Extension) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdaodnaecdijpajecpncpdomgcoakc [2017-02-14] CHR Extension: (YouTube) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26] CHR Extension: (Google Search) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Adobe Acrobat) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-01-12] CHR Extension: (Pixlr Editor) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-03-06] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-15] CHR Extension: (Gmail) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11883088 2018-02-10] () [Bestand niet getekend] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62976 2014-11-13] (Advanced Card Systems Ltd.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-21] (Malwarebytes) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-02-21 19:41 - 2018-02-21 19:41 - 000000000 ____D C:\FRST 2018-02-20 23:15 - 2018-02-21 19:39 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Mozilla 2018-02-20 23:14 - 2018-02-20 23:14 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-02-20 14:55 - 2018-02-20 14:55 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\TeamViewer 2018-02-19 10:34 - 2018-02-21 16:37 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\TeamViewer 2018-02-19 10:34 - 2018-02-19 10:34 - 000001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-02-19 10:34 - 2018-02-19 10:34 - 000001008 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2018-02-19 10:33 - 2018-02-19 10:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-02-16 12:35 - 2018-02-16 12:35 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Moo0 ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-02-21 19:43 - 2017-03-14 14:40 - 000000000 ____D C:\ProgramData\Gramblr 2018-02-21 19:29 - 2014-03-07 15:52 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Skype 2018-02-21 19:01 - 2014-03-10 13:07 - 000000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2018-02-21 18:05 - 2014-03-07 11:53 - 000003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1FB8921-779B-4911-B1A1-D6976E0949A5} 2018-02-21 16:34 - 2009-07-14 05:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-21 16:34 - 2009-07-14 05:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-21 16:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\ModemLogs 2018-02-21 16:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-02-21 16:26 - 2017-12-31 10:17 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-02-21 16:26 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-21 16:11 - 2017-09-14 12:47 - 000000000 ____D C:\Program Files\Common Files\AV 2018-02-21 11:09 - 2015-01-08 14:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-02-20 23:15 - 2015-01-08 14:38 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Mozilla 2018-02-20 10:26 - 2009-07-14 05:45 - 000414688 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-19 11:23 - 2014-03-07 12:02 - 000110768 _____ C:\Users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2018-02-16 12:14 - 2017-12-26 17:58 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-16 12:14 - 2014-12-26 00:01 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-10 11:03 - 2017-03-14 14:40 - 000000000 ____D C:\Program Files\Gramblr 2018-02-08 10:40 - 2016-09-03 09:24 - 000004576 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-02-08 10:40 - 2014-03-10 16:35 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-02-08 10:40 - 2014-03-10 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-02-08 10:40 - 2014-03-10 16:35 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-02-08 10:40 - 2014-03-10 16:35 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-08 10:40 - 2014-03-07 17:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-02-03 16:33 - 2016-08-19 22:19 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\vlc 2018-02-02 15:42 - 2010-11-21 17:48 - 000745650 _____ C:\Windows\system32\perfh013.dat 2018-02-02 15:42 - 2010-11-21 17:48 - 000153602 _____ C:\Windows\system32\perfc013.dat 2018-02-02 15:42 - 2009-07-14 06:13 - 001670472 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Bestanden in de root van sommige mappen ======= 2016-07-05 10:29 - 2016-09-19 09:29 - 000000175 _____ () C:\Users\Gebruiker\AppData\Roaming\WB.CFG 2015-08-10 20:13 - 2015-08-10 20:13 - 013545694 _____ () C:\Users\Gebruiker\AppData\Local\package.nw.new 2018-01-16 01:26 - 2018-01-16 01:26 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{1116BB93-9AE9-4E50-BFEF-9269A54E0205} ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2018-02-17 20:54 ==================== Eind van FRST.txt ============================