Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 27-02-2017 01 Gestart door User (Beheerder) op USER-PC (01-03-2017 10:29:06) Gestart vanaf C:\Users\User\Desktop Geladen Profielen: User (Beschikbare Profielen: User) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-04-13] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-07-02] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-1323149097-3332460550-518001140-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-1323149097-3332460550-518001140-1001\...\MountPoints2: {9642fb85-9467-11e6-827e-806e6f6e6963} - "F:\Setup\Autorun.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-04] (AVAST Software) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2016-11-28] ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{39D5D522-B389-45B3-8AFD-599892CC9229}: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{DFEDA325-8940-447C-94D3-71B30DABEAF2}: [DhcpNameServer] 192.168.10.1 Internet Explorer: ================== HKU\S-1-5-21-1323149097-3332460550-518001140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-04] (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-04] (Google Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-04] (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-04] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-04] (Google Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation) FireFox: ======== FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-11-05] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-28] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1323149097-3332460550-518001140-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-02-08] CHR Extension: (Google Presentaties) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-04] CHR Extension: (Google Documenten) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-04] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-04] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-04] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-18] CHR Extension: (Google Spreadsheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-04] CHR Extension: (Offline Documenten) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-18] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-05] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-04] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-04] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-11-04] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Bestand niet getekend] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-02] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-02] (Intel Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 A38CCID; C:\windows\system32\DRIVERS\a38ccid.sys [77832 2016-11-28] (Advanced Card Systems Ltd.) R3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-11-04] (AVAST Software) R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-11-04] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-11-04] (AVAST Software) R1 aswNetSec; C:\windows\system32\drivers\aswNetSec.sys [453192 2016-11-04] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-11-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-04] (AVAST Software) R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-11-04] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-11-04] (AVAST Software) R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-11-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-04] (AVAST Software) R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 cxbu0x64; C:\windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global Corporation) R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-02] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 RtlWlanu; C:\windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation ) U1 staport; C:\Windows\System32\Drivers\staport.sys [44952 2017-01-22] () S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-01 10:29 - 2017-03-01 10:29 - 00015351 _____ C:\Users\User\Desktop\FRST.txt 2017-03-01 10:28 - 2017-03-01 10:29 - 00000000 ____D C:\FRST 2017-03-01 10:27 - 2017-03-01 10:27 - 02423296 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2017-03-01 10:11 - 2017-03-01 10:11 - 01222144 _____ C:\Users\User\Desktop\RSITx64.exe 2017-03-01 10:05 - 2017-03-01 10:05 - 00000000 ____D C:\rsit 2017-03-01 10:05 - 2017-03-01 10:05 - 00000000 ____D C:\Program Files\trend micro 2017-02-28 21:05 - 2017-02-28 21:05 - 00044952 _____ () C:\windows\system32\Drivers\staport.sys.148831232996802 2017-02-28 21:05 - 2016-11-04 15:55 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B5D.tmp 2017-02-28 21:05 - 2016-11-04 15:53 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B6E.tmp 2017-02-28 21:05 - 2016-11-04 15:53 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B73.tmp 2017-02-28 21:05 - 2016-11-04 15:53 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B83.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00453192 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B5C.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B84.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B71.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B6F.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B72.tmp 2017-02-28 21:05 - 2016-11-04 15:51 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw5B70.tmp 2017-02-28 21:04 - 2016-11-04 15:51 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2017-02-28 16:51 - 2017-02-28 16:51 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2017-02-28 09:49 - 2017-02-28 09:49 - 00046793 _____ C:\Users\User\Documents\labels (1).pdf 2017-02-22 14:11 - 2017-02-22 14:11 - 00106402 _____ C:\Users\User\Documents\IMG_20170222_0001.pdf 2017-02-12 16:28 - 2017-02-12 16:36 - 00000000 ____D C:\Users\User\Desktop\zina 2017-02-12 03:00 - 2017-02-12 03:00 - 550060499 _____ C:\windows\MEMORY.DMP 2017-02-12 03:00 - 2017-02-12 03:00 - 00297440 _____ C:\windows\Minidump\021217-20281-01.dmp 2017-02-10 09:14 - 2017-02-10 09:14 - 00502616 _____ C:\Users\User\Documents\IMG_20170210_0001.pdf 2017-02-05 20:05 - 2017-02-05 20:05 - 00000000 ____D C:\Users\User\AppData\Local\GamingWonderlandTooltab 2017-02-04 15:46 - 2017-02-04 15:46 - 00451997 _____ C:\Users\User\Documents\IMG_20170204_0001.pdf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-01 06:00 - 2016-10-18 07:40 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{AAC27791-2814-47CB-8689-B09AFCF2AACF} 2017-02-28 21:10 - 2016-10-17 14:00 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1323149097-3332460550-518001140-1001 2017-02-28 21:06 - 2016-11-04 16:01 - 00003888 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1478271679 2017-02-28 21:06 - 2016-11-04 15:54 - 00001942 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2017-02-28 21:05 - 2016-11-04 16:01 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-02-28 21:05 - 2016-11-04 15:53 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update 2017-02-28 20:54 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-02-28 20:51 - 2016-12-24 09:51 - 00000000 ____D C:\windows\Minidump 2017-02-28 20:51 - 2016-11-15 18:03 - 00000000 ___HD C:\ProgramData\CanonIJScan 2017-02-28 20:51 - 2016-11-04 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-02-28 20:51 - 2016-11-04 15:53 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software 2017-02-28 20:51 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed 2017-02-28 20:51 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed 2017-02-28 20:51 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\Sysprep 2017-02-28 20:49 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-28 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration 2017-02-28 10:44 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF 2017-02-24 16:48 - 2016-10-21 13:46 - 00000179 _____ C:\Users\User\Desktop\HLN.be, Nieuws, sport en showbizz, 24-24, 7-7, meer dan 350 nieuwsupdates per dag.url 2017-02-23 12:27 - 2016-10-23 20:03 - 00000000 ____D C:\windows\system32\MRT 2017-02-22 20:01 - 2016-10-21 13:44 - 00000219 _____ C:\Users\User\Desktop\Google.url 2017-02-22 05:15 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp 2017-02-19 14:56 - 2016-10-21 13:45 - 00000375 _____ C:\Users\User\Desktop\Het Nieuwsblad.url 2017-02-17 08:42 - 2016-11-13 17:09 - 00003168 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-17 08:42 - 2016-10-21 14:04 - 00003176 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1323149097-3332460550-518001140-1001 2017-02-17 08:42 - 2016-10-21 14:04 - 00002319 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk 2017-02-12 15:47 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf 2017-02-08 08:42 - 2014-07-02 12:53 - 00000000 ____D C:\ProgramData\CyberLink 2017-02-06 23:28 - 2016-11-04 15:57 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 23:28 - 2016-11-04 15:57 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-04 15:48 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI ==================== Bestanden in de root van sommige mappen ======= 2016-11-04 16:01 - 2016-11-04 16:01 - 7065600 _____ () C:\Program Files (x86)\GUT889C.tmp 2016-10-17 13:02 - 2016-10-17 13:02 - 1065984 _____ () C:\Users\User\AppData\Local\file__0.localstorage 2014-07-02 16:00 - 2014-07-02 16:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\windows\system32\winlogon.exe => Bestand is getekend C:\windows\system32\wininit.exe => Bestand is getekend C:\windows\explorer.exe => Bestand is getekend C:\windows\SysWOW64\explorer.exe => Bestand is getekend C:\windows\system32\svchost.exe => Bestand is getekend C:\windows\SysWOW64\svchost.exe => Bestand is getekend C:\windows\system32\services.exe => Bestand is getekend C:\windows\system32\User32.dll => Bestand is getekend C:\windows\SysWOW64\User32.dll => Bestand is getekend C:\windows\system32\userinit.exe => Bestand is getekend C:\windows\SysWOW64\userinit.exe => Bestand is getekend C:\windows\system32\rpcss.dll => Bestand is getekend C:\windows\system32\dnsapi.dll => Bestand is getekend C:\windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-28 10:11 ==================== Eind van FRST.txt ============================