Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 12-11-2017 03 Gestart door Gebruiker (Beheerder) op GEBRUIKER-PC (13-11-2017 10:34:32) Gestart vanaf D:\Users\Gebruiker\Downloads Geladen Profielen: Gebruiker & UpdatusUser (Beschikbare Profielen: Gebruiker & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 10 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Gramblr\gramblr.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (VASCO Data Security) C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (VASCO Data Security) C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [FLMTRUSTMOUSE] => C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe [429568 2014-06-02] () HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [Chromium] => "c:\users\gebruiker\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\Run: [DigipassNativeBridge] => C:\Users\Gebruiker\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-11-15] (VASCO Data Security) HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\...\MountPoints2: {c9da4451-3946-11e7-a371-406186284342} - K:\HiSuiteDownLoader.exe HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\...\MountPoints2: {2354e13f-a5dc-11e3-a6c1-806e6f6e6963} - F:\AUTORUN.EXE AppInit_DLLs: C:\ProgramData\Quotenamron\Anbam.dll => Geen bestand AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Lamdaming.dll => Geen bestand Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk [2017-11-13] ShortcutTarget: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Restrictie <==== AANDACHT CHR HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 195.130.130.3 195.130.131.3 Tcpip\..\Interfaces\{1766C170-115E-461A-8E9C-D31F45ACDEC3}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{F0115CF7-0342-4B55-86BE-FDFEB04351D3}: [DhcpNameServer] 195.130.130.3 195.130.131.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-ccf831ed HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-ccf831ed HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKU\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324758&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2AA1B44C-96EC-4F65-B61D-26E413FD75A2&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1000 -> {ielnksrch} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ccf831ed&q={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324758&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2AA1B44C-96EC-4F65-B61D-26E413FD75A2&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=135&itype=n&ver=12302&tm=316&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1243184377-1695436347-1374857548-1003 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms} BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-14] (AO Kaspersky Lab) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-14] (AO Kaspersky Lab) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-14] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-14] (AO Kaspersky Lab) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) Handler: WSKVAllmytubechrome - Geen CLSID Waarde StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: dldse21a.default FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default [2017-11-13] FF NewTab: Mozilla\Firefox\Profiles\dldse21a.default -> FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dldse21a.default -> Bing Search Engine FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dldse21a.default -> Bing Search Engine FF Homepage: Mozilla\Firefox\Profiles\dldse21a.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-ccf831ed FF Keyword.URL: Mozilla\Firefox\Profiles\dldse21a.default -> user_pref("keyword.URL", true); FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default\searchplugins\bing search engine.xml [2016-10-06] FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default\searchplugins\findit.xml [2016-07-04] FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-01-15] [ niet getekend] FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-21] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1243184377-1695436347-1374857548-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll [2013-10-28] (VASCO Data Security) FF Plugin HKU\S-1-5-21-1243184377-1695436347-1374857548-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll [2013-10-28] (VASCO Data Security) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.be/ CHR StartupUrls: Default -> "hxxps://www.google.be/" CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default [2017-11-13] CHR Extension: (Google Drive) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (eID Chrome Extension) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdaodnaecdijpajecpncpdomgcoakc [2017-02-14] CHR Extension: (YouTube) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27] CHR Extension: (Google Search) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Pixlr Editor) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-03-06] CHR Extension: (Kaspersky Protection) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-09-14] CHR Extension: (Google Wallet) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== AANDACHT CHR Extension: (Gmail) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-09] CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk CHR HKU\S-1-5-21-1243184377-1695436347-1374857548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab) R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11773008 2017-11-10] () [Bestand niet getekend] S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2017-09-14] (AO Kaspersky Lab) R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [177800 2017-11-01] (Zhuhai Kingsoft Office Software Co.,Ltd) S3 WsDrvInst; "C:\Program Files (x86)\Keepvid\KeepVid KeepVid Pro\DriverInstall.exe" [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62976 2014-11-13] (Advanced Card Systems Ltd.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70872 2017-10-14] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [91352 2017-10-14] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206040 2017-10-14] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [350944 2017-10-14] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1071832 2017-10-14] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-10-11] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-06-23] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-06-23] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [137200 2017-06-23] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199360 2017-06-23] (AO Kaspersky Lab) S3 MBAMSwissArmy; C:\Windows\system32\drivers\47044AE1.sys [129752 2014-11-11] (Malwarebytes Corporation) S3 avchv; system32\DRIVERS\avchv.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-11-13 10:34 - 2017-11-13 10:34 - 000000000 ____D C:\FRST 2017-11-09 17:52 - 2017-11-09 17:52 - 000000709 _____ C:\Users\Public\Desktop\WinZip Driver Updater.lnk 2017-11-09 17:52 - 2017-11-09 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2017-11-09 17:52 - 2017-11-09 17:52 - 000000000 ____D C:\Program Files\WinZip Driver Updater 2017-11-09 17:50 - 2017-11-09 17:50 - 000262144 _____ C:\Windows\system32\config\elam 2017-11-09 17:49 - 2017-11-12 14:50 - 000000284 _____ C:\Windows\Tasks\{6CB858E7-716A-1B47-2EBA-0224A3EE0564}.job 2017-11-09 17:49 - 2017-11-09 17:49 - 000003240 _____ C:\Windows\System32\Tasks\{6CB858E7-716A-1B47-2EBA-0224A3EE0564} 2017-11-09 17:49 - 2017-11-09 17:49 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\6CB858E7-716A-1B47-2EBA-0224A3EE0564 2017-11-09 17:48 - 2017-11-12 17:14 - 000000998 _____ C:\Windows\Tasks\Chromium dirol.job 2017-11-09 17:48 - 2017-11-09 17:49 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\denerit 2017-11-09 17:48 - 2017-11-09 17:49 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\{952BA377-B183-CFCF-DC1B-EA27F87316BF} 2017-11-09 17:48 - 2017-11-09 17:48 - 000000000 ____D C:\ProgramData\{C43E015D-4E7C-8B9B-C8BA-15D952F89E17} 2017-11-09 17:47 - 2017-11-09 17:59 - 000000000 ____D C:\ProgramData\BOINC 2017-11-09 17:47 - 2017-11-09 17:47 - 000000000 ____D C:\Windows\Downloaded Installations 2017-11-09 14:20 - 2017-11-09 14:20 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\AVS4YOU 2017-11-09 14:19 - 2017-11-09 15:05 - 000000000 ____D C:\Program Files (x86)\AVS4YOU 2017-11-09 14:19 - 2017-11-09 14:20 - 000000000 ____D C:\ProgramData\AVS4YOU 2017-11-09 14:19 - 2012-03-23 18:59 - 001700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-11-09 14:19 - 2012-03-23 18:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2017-11-09 14:00 - 2017-11-09 14:00 - 000000000 ____D C:\Users\Gebruiker\.cache 2017-11-09 13:58 - 2017-11-09 13:58 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Keepvid 2017-11-09 13:58 - 2017-11-09 13:58 - 000000000 ____D C:\ProgramData\Aimersoft 2017-11-09 13:57 - 2017-11-09 13:57 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Aimersoft 2017-11-09 13:56 - 2017-11-09 14:08 - 000000000 ____D C:\Program Files (x86)\Keepvid 2017-11-09 13:56 - 2017-11-09 13:57 - 000000000 ____D C:\Users\Public\Documents\Keepvid 2017-11-09 13:56 - 2017-11-09 13:56 - 000000000 ____D C:\ProgramData\KeepVid 2017-11-09 00:33 - 2017-11-09 00:33 - 000001654 _____ C:\Users\UpdatusUser\Desktop\YouTubeToMp4.lnk 2017-11-09 00:33 - 2017-11-09 00:33 - 000001654 _____ C:\Users\Gebruiker\Desktop\YouTubeToMp4.lnk 2017-11-09 00:33 - 2017-11-09 00:33 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTubeToMp4 2017-11-09 00:33 - 2017-11-09 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTubeToMp4 2017-11-09 00:33 - 2017-11-09 00:33 - 000000000 ____D C:\Program Files (x86)\YouTubeToMp4 2017-11-09 00:29 - 2017-11-09 00:31 - 000000000 ____D C:\ProgramData\Freemake 2017-11-09 00:29 - 2017-11-09 00:29 - 000000000 ____D C:\Users\Gebruiker\Documents\Freemake 2017-11-09 00:29 - 2017-11-09 00:29 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\FreemakeVideoConverter 2017-11-09 00:28 - 2017-11-09 00:31 - 000000000 ____D C:\Program Files (x86)\Freemake 2017-11-01 18:14 - 2017-11-01 18:14 - 000003956 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Gebruiker 2017-11-01 10:47 - 2017-11-01 10:47 - 000002332 _____ C:\Users\Public\Desktop\WPS Writer.lnk 2017-11-01 10:47 - 2017-11-01 10:47 - 000002314 _____ C:\Users\Public\Desktop\WPS Spreadsheets.lnk 2017-11-01 10:47 - 2017-11-01 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-11-13 10:36 - 2017-03-14 14:40 - 000000000 ____D C:\ProgramData\Gramblr 2017-11-13 10:33 - 2014-03-07 15:52 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Skype 2017-11-13 10:10 - 2017-09-14 12:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-11-13 10:08 - 2009-07-14 05:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-13 10:08 - 2009-07-14 05:45 - 000031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-13 10:01 - 2014-03-10 13:07 - 000000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2017-11-13 09:59 - 2014-03-07 11:53 - 000003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1FB8921-779B-4911-B1A1-D6976E0949A5} 2017-11-13 09:54 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-10 11:42 - 2017-03-14 14:40 - 000000000 ____D C:\Program Files\Gramblr 2017-11-10 10:41 - 2009-07-14 05:45 - 000411688 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-09 20:45 - 2017-03-31 14:49 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2017-11-09 20:43 - 2017-03-31 14:49 - 000000000 ____D C:\Users\Gebruiker\Documents\Wondershare Filmora 2017-11-09 19:57 - 2014-03-07 12:02 - 000109560 _____ C:\Users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2017-11-09 18:03 - 2016-09-02 10:30 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\chromium 2017-11-09 17:57 - 2017-04-19 20:52 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\NVIDIA 2017-11-09 17:52 - 2014-09-14 15:04 - 000000000 ____D C:\ProgramData\WinZip 2017-11-09 17:51 - 2014-03-07 17:43 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Adobe 2017-11-09 14:07 - 2014-03-07 10:50 - 000000000 ____D C:\Users\Gebruiker 2017-11-08 10:49 - 2014-03-07 13:32 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-07 23:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2017-11-02 11:23 - 2010-11-21 17:48 - 000745650 _____ C:\Windows\system32\perfh013.dat 2017-11-02 11:23 - 2010-11-21 17:48 - 000153602 _____ C:\Windows\system32\perfc013.dat 2017-11-02 11:23 - 2009-07-14 06:13 - 001670472 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-02 11:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-11-01 18:46 - 2015-01-27 11:49 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\CutePDF Writer 2017-10-26 08:41 - 2016-09-03 09:24 - 000004576 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-10-26 08:41 - 2014-03-10 16:35 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-26 08:41 - 2014-03-10 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-26 08:41 - 2014-03-10 16:35 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-26 08:41 - 2014-03-10 16:35 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-26 08:41 - 2014-03-07 17:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-14 10:27 - 2017-09-14 12:44 - 001071832 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-10-14 10:27 - 2017-09-14 12:44 - 000206040 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-10-14 10:27 - 2017-09-14 12:44 - 000149304 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll 2017-10-14 10:27 - 2017-06-23 20:08 - 000350944 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-10-14 10:27 - 2016-12-27 06:56 - 000091352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys 2017-10-14 10:27 - 2016-12-22 06:13 - 000070872 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys ==================== Bestanden in de root van sommige mappen ======= 2016-07-04 22:29 - 2016-07-04 22:29 - 006870016 _____ () C:\Users\Gebruiker\AppData\Roaming\agent.dat 2015-01-21 12:42 - 2015-01-31 10:07 - 000000004 _____ () C:\Users\Gebruiker\AppData\Roaming\appdataFr2.bin 2016-07-04 22:29 - 2016-07-04 22:29 - 001760781 _____ () C:\Users\Gebruiker\AppData\Roaming\Blue-Tip.tst 2016-07-04 22:29 - 2016-07-04 22:29 - 000067968 _____ () C:\Users\Gebruiker\AppData\Roaming\Config.xml 2016-07-04 22:29 - 2016-07-04 22:29 - 000014448 _____ () C:\Users\Gebruiker\AppData\Roaming\InstallationConfiguration.xml 2016-07-04 22:29 - 2016-07-04 22:29 - 000128512 _____ () C:\Users\Gebruiker\AppData\Roaming\Installer.dat 2016-07-04 22:29 - 2016-07-04 22:29 - 000005568 _____ () C:\Users\Gebruiker\AppData\Roaming\md.xml 2016-07-04 22:29 - 2016-07-04 22:29 - 000126464 _____ () C:\Users\Gebruiker\AppData\Roaming\noah.dat 2016-07-04 22:29 - 2016-07-04 22:29 - 000032038 _____ () C:\Users\Gebruiker\AppData\Roaming\uninstall_temp.ico 2016-07-05 10:29 - 2016-09-19 09:29 - 000000175 _____ () C:\Users\Gebruiker\AppData\Roaming\WB.CFG 2015-08-10 20:13 - 2015-08-10 20:13 - 013545694 _____ () C:\Users\Gebruiker\AppData\Local\package.nw.new 2014-03-10 13:05 - 2014-03-10 13:05 - 000000057 _____ () C:\ProgramData\Ament.ini Bestanden om te verplaatsen of verwijderen: ==================== C:\Windows\Tasks\{6CB858E7-716A-1B47-2EBA-0224A3EE0564}.job Sommige bestanden in TEMP: ==================== 2017-11-09 17:49 - 2017-11-09 17:47 - 001055936 _____ (Adobe) C:\Users\Gebruiker\AppData\Local\Temp\flashplayer_setup.exe 2017-11-09 00:28 - 2017-11-09 00:28 - 034776472 _____ (Ellora Assets Corporation ) C:\Users\Gebruiker\AppData\Local\Temp\FreemakeVideoConverterFull.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-11-09 13:39 ==================== Eind van FRST.txt ============================