Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 07-12-2016 Gestart door Jan (Beheerder) op PC_VAN_JAN (07-12-2016 21:07:59) Gestart vanaf C:\Users\Jan\Desktop Geladen Profielen: Jan (Beschikbare Profielen: Jan) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Taal: Nederlands (Nederland) Internet Explorer Versie 9 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (ASUS) C:\Windows\AsScrPro.exe (AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe (© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (Spotify Ltd) C:\Users\Jan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [OM_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2005-11-29] (OLYMPUS IMAGING CORP.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1417216 2009-06-17] (VIA) HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2009-08-20] (ASUS) HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [398848 2010-12-31] (Vodafone) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2009-04-03] (AlcorMicro Co., Ltd.) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2009-04-02] (ASUS) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2009-04-07] (ASUS) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497536 2009-06-12] (ELAN Microelectronic Corp.) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8568832 2009-06-10] (ASUS) HKLM\...\Run: [ADSMTray] => C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952 2009-06-24] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [72248 2009-08-20] (ASUS) HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [SRS Premium Sound] => C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3417336 2009-07-09] (SRS Labs, Inc.) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [Spotify Web Helper] => C:\Users\Jan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-04-27] (Spotify Ltd) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [OM_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2005-11-29] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\MountPoints2: {e3314f17-2a6b-11e1-ab50-90e6ba023c2c} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\...\MountPoints2: {e3314f2f-2a6b-11e1-ab50-90e6ba023c2c} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2009-08-20] ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe () ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) ProxyServer: [S-1-5-21-4013421380-3075650083-4167629486-1000] => proxy.skynet.be:80 AutoConfigURL: [S-1-5-21-4013421380-3075650083-4167629486-1000] => proxy.skynet.be:80 Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0EECCE29-A976-473F-AE03-317CA2114BBB}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{51E4E68B-159A-43AE-966F-3D56231165A0}: [DhcpNameServer] 81.169.60.107 81.169.60.107 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.1.0.9 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.1.0.9 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.1.0.9 HKU\S-1-5-21-4013421380-3075650083-4167629486-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/?gws_rd=ssl SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS SearchScopes: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_nl___BE346 SearchScopes: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_nl___BE346 SearchScopes: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = BHO: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files\PDF Architect 4\creator-ie-helper.dll [2016-05-04] (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-11-22] (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation) Toolbar: HKLM - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files\PDF Architect 4\creator-ie-plugin.dll [2016-05-04] (pdfforge GmbH) Toolbar: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand Toolbar: HKU\S-1-5-21-4013421380-3075650083-4167629486-1000 -> Geen Naam - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Geen bestand DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Geen bestand Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-11-22] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Geen bestand Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: kmy8d1fi.default FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\kmy8d1fi.default [2016-12-07] FF Extension: (Belgium eID) - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\kmy8d1fi.default\Extensions\belgiumeid@eid.belgium.be.xpi [2016-12-02] FF Extension: (WhatsApp™ Desktop) - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\kmy8d1fi.default\Extensions\jid1-uqwEAwSca3FXUo@jetpack.xpi [2016-11-03] FF Extension: (Adblock Plus) - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\kmy8d1fi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF ProfilePath: C:\Users\Jan\AppData\Roaming\kompozer.net\KompoZer\Profiles\xbx9uyuj.default [2014-09-05] FF Extension: (Belgium eID) - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-11-30] FF HKLM\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-08-02] [niet getekend] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-20] () FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-05-04] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-4013421380-3075650083-4167629486-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Jan\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security) Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Bestand niet getekend] R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] () R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Bestand niet getekend] S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation) S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2236640 2016-05-04] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [970464 2016-05-04] (pdfforge GmbH) R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.) R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [107744 2009-07-09] (SRS Labs, Inc.) R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [Bestand niet getekend] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S3 AVG Bonjour Service; C:\Windows\TEMP\avgcu_mDNSResponder.exe [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [77080 2014-03-18] (Alcor Micro, Corp.) R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [30264 2009-08-20] (ASUSTek Computer Inc) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-04-05] (HID Global Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [90624 2009-06-12] (ELAN Microelectronic Corp.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85632 2010-12-30] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [51456 2010-12-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2010-12-30] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( ) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [54824 2010-03-29] (Atheros Communications, Inc.) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2009-06-18] (Windows (R) Win 7 DDK provider) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-07-17] () R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233512 2009-05-18] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [Bestand niet getekend] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1056256 2009-06-12] (VIA Technologies, Inc.) S3 CRFILTER; system32\DRIVERS\CRFILTER.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Gemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-12-07 21:05 - 2016-12-07 21:07 - 00024514 _____ C:\Users\Jan\Desktop\FRST.txt 2016-12-07 21:05 - 2016-12-07 21:05 - 00000000 ____D C:\FRST 2016-12-07 21:04 - 2016-12-07 21:04 - 01761792 _____ (Farbar) C:\Users\Jan\Desktop\FRST.exe 2016-12-06 20:55 - 2016-12-06 20:55 - 00001833 _____ C:\Users\Jan\Desktop\Microsoft Security Essentials.lnk 2016-12-06 20:37 - 2016-12-06 20:37 - 00001833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-12-06 20:36 - 2016-12-06 20:37 - 00000000 ____D C:\Program Files\Microsoft Security Client 2016-12-06 15:39 - 2016-12-06 15:39 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TeamViewer 2016-12-06 15:38 - 2016-12-06 15:38 - 09526768 _____ (TeamViewer) C:\Users\Jan\Desktop\TeamViewerQS_nl-vxe.exe 2016-12-05 18:55 - 2016-12-05 19:04 - 00000000 ____D C:\Windows\system32\Catroot2.bak 2016-12-05 18:49 - 2016-12-05 18:50 - 00000000 ____D C:\Windows\SoftwareDistribution.bak 2016-12-04 18:05 - 2016-12-04 18:05 - 01131808 _____ (Opera Software) C:\Users\Jan\Downloads\OperaSetup.exe 2016-12-04 13:33 - 2016-12-04 13:33 - 00000810 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-12-04 13:33 - 2016-12-04 13:33 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Opera Software 2016-12-04 13:33 - 2016-12-04 13:33 - 00000000 ____D C:\Users\Jan\AppData\Local\Opera Software 2016-12-04 13:32 - 2016-12-04 18:07 - 00000000 ____D C:\Program Files\Opera 2016-12-02 11:41 - 2016-12-02 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-21 14:28 - 2016-11-21 14:32 - 00000000 ____D C:\Users\Jan\AppData\Local\Garmin_Ltd._or_its_subsid 2016-11-21 14:24 - 2016-11-21 14:24 - 49677024 _____ (Garmin Ltd or its subsidiaries) C:\Users\Jan\Desktop\GarminExpressInstaller.exe 2016-11-19 12:21 - 2016-12-07 21:05 - 00000000 ____D C:\Users\Jan\AppData\LocalLow\Mozilla 2016-11-18 13:58 - 2016-11-18 13:58 - 00223049 _____ C:\Users\Jan\Desktop\Baanverdeling Wezenberg.pdf 2016-11-18 13:55 - 2016-12-02 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-12-07 20:43 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-07 20:43 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-07 20:40 - 2012-03-25 22:20 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd0acd28d20b80.job 2016-12-07 10:41 - 2009-08-20 12:34 - 00000000 ___HD C:\ASUS.DAT 2016-12-07 10:40 - 2012-03-25 22:20 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0acd2758b1f0.job 2016-12-07 10:40 - 2009-08-20 12:42 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2016-12-07 10:39 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-07 10:38 - 2006-11-02 14:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-07 10:22 - 2014-12-12 02:28 - 00001427 _____ C:\Users\Jan\Desktop\gebr-pw.txt 2016-12-06 20:38 - 2016-04-25 14:06 - 00001912 _____ C:\Windows\epplauncher.mif 2016-12-06 16:48 - 2014-05-03 00:17 - 00000000 ____D C:\Users\Jan\Documents\MailStore Home 2016-12-06 16:48 - 2014-05-03 00:17 - 00000000 ____D C:\ProgramData\firebird 2016-12-06 16:45 - 2009-09-17 19:27 - 00000000 ____D C:\Users\Jan\Documents\Mijn documenten 2016-12-06 14:15 - 2011-04-19 20:06 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Canon 2016-12-05 19:15 - 2016-10-27 18:51 - 00022859 _____ C:\Windows\WindowsUpdate.log.bak 2016-12-02 11:55 - 2016-04-25 12:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-12-02 11:43 - 2015-04-26 20:05 - 00000000 ____D C:\Program Files\Belgium Identity Card 2016-12-02 11:43 - 2014-11-15 12:35 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-30 14:27 - 2015-04-26 20:06 - 00001102 _____ C:\Users\Public\Desktop\eID Viewer.lnk 2016-11-30 14:27 - 2015-04-26 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID 2016-11-30 14:27 - 2009-09-17 16:27 - 00000000 ____D C:\Users\Jan 2016-11-30 14:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf 2016-11-30 14:26 - 2015-04-26 20:05 - 00000000 ____D C:\Program Files\BeID Minidriver 2016-11-21 14:27 - 2014-11-15 12:37 - 00000000 ____D C:\Program Files\Garmin 2016-11-20 21:47 - 2015-07-26 12:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-11-20 21:47 - 2015-07-26 12:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-11-20 21:47 - 2015-07-25 11:40 - 00000000 ____D C:\Users\Jan\AppData\Local\Adobe 2016-11-20 21:46 - 2009-08-20 12:34 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-20 13:36 - 2008-04-16 12:26 - 00721654 _____ C:\Windows\system32\perfh013.dat 2016-11-20 13:36 - 2008-04-16 12:26 - 00150572 _____ C:\Windows\system32\perfc013.dat 2016-11-20 13:36 - 2006-11-02 11:33 - 01619028 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-16 09:10 - 2013-01-25 10:55 - 00000344 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job ==================== Bestanden in de root van sommige mappen ======= 2012-03-20 00:26 - 2012-03-20 00:26 - 3993600 _____ () C:\Program Files\GUT9FD3.tmp 2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 _____ () C:\Program Files\Common Files\ASPG_icon.ico 2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 _____ () C:\Program Files\Common Files\banner.jpg 2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 _____ () C:\Program Files\Common Files\CPInstallAction.dll 2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 _____ (ASUS) C:\Program Files\Common Files\MSIactionall.dll 2010-04-13 23:13 - 2009-11-04 12:49 - 0076407 _____ () C:\Users\Jan\AppData\Roaming\Smiley.ico 2010-02-19 12:34 - 2014-05-03 01:11 - 0024206 _____ () C:\Users\Jan\AppData\Roaming\UserTile.png 2011-11-14 17:17 - 2015-03-20 13:14 - 0007728 _____ () C:\Users\Jan\AppData\Local\d3d9caps.dat 2009-10-05 21:40 - 2014-09-29 13:19 - 0017920 _____ () C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-06 09:41 - 2012-08-06 09:41 - 0027520 _____ () C:\Users\Jan\AppData\Local\dt.dat 2011-11-16 18:38 - 2011-11-16 18:39 - 0000088 ____H () C:\ProgramData\aspg.dat 2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4 2009-08-20 11:42 - 2009-08-20 11:43 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-08-20 11:42 - 2009-08-20 11:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Bestanden om te verplaatsen of verwijderen: ==================== C:\ProgramData\aspg.dat C:\Users\Jan\Belgium_eID-QuickInstaller_4.1.10.1698 (1).exe C:\Users\Jan\Belgium_eID-QuickInstaller_4.1.10.1698.exe C:\Users\Jan\MessengerSetup (1).exe C:\Users\Jan\MessengerSetup.exe C:\Users\Jan\MessengerSetup_1-4-3 (1).exe C:\Users\Jan\MessengerSetup_1-4-3.exe Sommige bestanden in TEMP: ==================== C:\Users\Jan\AppData\Local\Temp\OperaSetup (1) xp.exe C:\Users\Jan\AppData\Local\Temp\OperaSetup xp.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\explorer.exe => Bestand is getekend C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-12-07 10:48 ==================== Eind van FRST.txt ============================