Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 26-12-2017 Gestart door Rik (Beheerder) op RIK-HP (26-12-2017 18:33:14) Gestart vanaf C:\Users\Rik\Downloads Geladen Profielen: Rik (Beschikbare Profielen: Rik & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\n360.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\n360.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.) C:\Program Files\hp\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\Program Files\hp\HP Touchpoint Analytics Client\TAInstaller.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.) HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard) HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-13] (Easybits) HKLM-x32\...\Run: [DT HWP] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122336 2015-05-20] (Portrait Displays, Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2017-11-08] (PDF Complete Inc) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-870238790-3972679876-3293455752-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.) HKU\S-1-5-21-870238790-3972679876-3293455752-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-870238790-3972679876-3293455752-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-18] (EasyBits Software Corp.) BootExecute: autocheck autochk /p \??\F:autocheck autochk * ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4F49CA2C-8004-43F4-B909-D653CC5213F0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://nl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/1553-111073-34115-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://nl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/1553-111073-34115-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {7063D35A-2424-4320-BDE2-BBC58BF0A6E1} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=BE&ver=22&locale=nl_BE&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://nl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/1553-111073-34115-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&r= BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Geen bestand BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Geen bestand BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-16] (Oracle Corporation) BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-16] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) Toolbar: HKU\S-1-5-21-870238790-3972679876-3293455752-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} hxxps://www.icloud.com/system/iCloud.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-16] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-870238790-3972679876-3293455752-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Rik\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security) FF Plugin HKU\S-1-5-21-870238790-3972679876-3293455752-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Rik\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.be/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default [2017-12-26] CHR Extension: (Belfius Smart Card Reader Chrome Extensie) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi [2015-05-01] CHR Extension: (Documenten) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Search) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Adobe Acrobat) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Offline Documenten) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (Norton Identity Safe) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-18] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\Rik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.) R2 Asset Management Daemon; C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [134624 2015-05-20] () S4 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2011-06-06] (Autodata Limited) [Bestand niet getekend] R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138720 2015-05-20] (Portrait Displays, Inc.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Bestand niet getekend] S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [Bestand niet getekend] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\22.11.2.7\N360.exe [326144 2017-11-11] (Symantec Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1793088 2017-11-08] (PDF Complete Inc) R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216760 2016-04-27] (SPAMfighter ApS) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [77832 2016-11-28] (Advanced Card Systems Ltd.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20171213.001\BHDrvx64.sys [1872024 2017-10-11] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160B020.007\ccSetx64.sys [187544 2017-11-11] (Symantec Corporation) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-19] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.) S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] () R1 IDSVia64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20171218.001\IDSvia64.sys [1056920 2017-10-14] (Symantec Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-08] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-18] (Malwarebytes) S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-18] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-26] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-18] (Malwarebytes) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\160B020.007\SRTSP64.SYS [812696 2017-11-11] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160B020.007\SRTSPX64.SYS [49304 2017-11-11] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102600 2017-11-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\160B020.007\Ironx64.SYS [309984 2017-11-11] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\160B020.007\SYMNETS.SYS [566936 2017-11-11] (Symantec Corporation) S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [3584 2005-07-11] (TOSHIBA Corporation.) [Bestand niet getekend] S3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [49152 2008-03-25] (TOSHIBA Corporation) [Bestand niet getekend] S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [165760 2008-03-25] (TOSHIBA CORPORATION) [Bestand niet getekend] S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [44800 2007-11-29] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [76160 2007-10-02] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [88192 2008-03-19] (TOSHIBA Corporation.) [Bestand niet getekend] S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [28160 2005-07-13] (TOSHIBA Corporation.) [Bestand niet getekend] S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [56320 2008-01-22] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [51328 2007-10-18] (TOSHIBA CORPORATION) [Bestand niet getekend] S3 EraserUtilDrv11721; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11721.sys [X] S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160630.020\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160630.020\EX64.SYS [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-12-26 18:27 - 2017-12-26 18:31 - 000058095 _____ C:\Users\Rik\Downloads\Addition.txt 2017-12-26 18:23 - 2017-12-26 18:34 - 000026859 _____ C:\Users\Rik\Downloads\FRST.txt 2017-12-26 18:21 - 2017-12-26 18:33 - 000000000 ____D C:\FRST 2017-12-26 18:15 - 2017-12-26 18:15 - 002391552 _____ (Farbar) C:\Users\Rik\Downloads\FRST64.exe 2017-12-26 14:37 - 2017-12-26 14:43 - 000221570 _____ C:\Windows\ntbtlog.txt 2017-12-25 17:00 - 2017-12-25 17:00 - 000003288 ____N C:\bootsqm.dat 2017-12-25 15:20 - 2017-12-25 15:25 - 000000000 ____D C:\Users\Public\Documents\Offertes prijsvraag 2017-12-21 11:30 - 2017-12-21 11:30 - 000000000 ___HD C:\ProgramData\Backup 2017-12-19 00:02 - 2017-12-26 22:51 - 000000000 ____D C:\Windows\System32\Tasks\Remediation 2017-12-12 18:31 - 2017-12-18 23:25 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-12-09 17:47 - 2017-12-09 17:47 - 015804259 _____ C:\Users\Rik\Downloads\MFL68823613_06 (2).pdf 2017-12-08 09:07 - 2017-12-26 18:11 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-12-08 09:07 - 2017-12-18 23:29 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-12-08 09:07 - 2017-12-18 23:25 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-12-08 09:07 - 2017-12-08 09:07 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-12-08 09:06 - 2017-12-26 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-08 09:06 - 2017-12-26 22:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-08 09:06 - 2017-12-26 22:51 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-08 09:06 - 2017-12-08 09:06 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-08 09:06 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-12-08 09:05 - 2017-12-08 09:06 - 083316440 _____ (Malwarebytes ) C:\Users\Rik\Downloads\mb3-setup-2005.2005-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-07 10:01 - 2017-12-07 10:01 - 000739757 _____ C:\Users\Rik\Documents\uwgratisgids_vlaamse_premiegids_2017_v.pdf 2017-12-03 13:38 - 2017-12-03 13:39 - 394340934 _____ C:\Users\Rik\Documents\03 12 2017 registerbestand.reg 2017-12-03 10:46 - 2017-12-03 10:46 - 000000000 _____ C:\autoexec.bat 2017-11-29 17:20 - 2017-11-29 17:18 - 011923854 _____ C:\Users\Rik\Documents\syndicale premie 2017.bmp 2017-11-26 15:01 - 2017-11-26 15:01 - 000000000 ____D C:\Users\Rik\Documents\LPG ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-12-26 22:51 - 2015-07-19 18:02 - 000000000 ____D C:\Users\Rik\Downloads\vlaamse-ardennen 2017-12-26 22:51 - 2012-12-12 20:15 - 000000000 ____D C:\ProgramData\Norton 2017-12-26 22:51 - 2012-02-25 18:42 - 000000000 ____D C:\Users\UpdatusUser 2017-12-26 22:51 - 2011-05-30 12:38 - 000000000 ____D C:\Users\Rik\AppData\Local\Hewlett-Packard 2017-12-26 22:51 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD 2017-12-26 22:51 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-12-26 22:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration 2017-12-26 22:48 - 2015-02-14 14:14 - 000000000 __RHD C:\MSOCache 2017-12-26 18:20 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-26 18:20 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-26 18:11 - 2011-03-18 21:11 - 000000000 ____D C:\ProgramData\PDFC 2017-12-26 18:11 - 2011-03-18 20:55 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-26 18:10 - 2009-07-14 06:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-12-26 18:10 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-26 14:38 - 2011-05-30 12:37 - 000000000 ____D C:\Users\Rik 2017-12-26 13:35 - 2011-05-30 21:29 - 000354653 _____ C:\DUMP44cc.tmp 2017-12-25 17:35 - 2013-11-13 17:30 - 000000000 ____D C:\Users\Rik\Documents\BURTON CAR 2017-12-25 17:33 - 2015-01-19 19:52 - 000000000 ____D C:\Users\Rik\Documents\KOGA- registratie 2017-12-25 17:27 - 2012-09-28 17:23 - 000000000 ____D C:\Users\Rik\Documents\COYOTE 2017-12-24 19:40 - 2011-09-06 12:51 - 000000000 ____D C:\Users\Rik\AppData\Local\ElevatedDiagnostics 2017-12-18 15:08 - 2016-01-08 17:25 - 000000324 _____ C:\Windows\Tasks\HPCeeScheduleForRik.job 2017-12-18 15:07 - 2016-06-29 13:35 - 000003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRik 2017-12-14 06:52 - 2014-04-18 17:32 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-12 15:44 - 2012-04-02 16:23 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-12-12 15:43 - 2012-04-02 16:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-12-12 15:43 - 2011-11-30 16:26 - 000000000 ____D C:\Windows\system32\Macromed 2017-12-12 15:43 - 2011-06-04 09:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-12 15:43 - 2011-03-18 20:57 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-12-08 09:24 - 2016-11-12 09:23 - 000000000 ___RD C:\Users\Rik\iCloudDrive 2017-12-08 09:21 - 2011-05-30 12:38 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bezoek eBay.be.lnk 2017-12-08 09:20 - 2015-07-19 17:32 - 000000000 ____D C:\Program Files\FileViewPro 2017-12-08 09:20 - 2013-03-15 11:06 - 000000000 ____D C:\ProgramData\Fighters 2017-12-08 09:20 - 2012-12-17 20:12 - 000000000 ____D C:\Program Files (x86)\Softonic 2017-12-08 09:19 - 2014-02-15 19:08 - 000000000 ____D C:\ProgramData\APN 2017-12-07 09:58 - 2011-03-18 21:24 - 000745764 _____ C:\Windows\system32\perfh013.dat 2017-12-07 09:58 - 2011-03-18 21:24 - 000153716 _____ C:\Windows\system32\perfc013.dat 2017-12-07 09:58 - 2009-07-14 06:13 - 001670960 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-02 18:54 - 2016-01-10 13:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-12-02 18:42 - 2014-07-05 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Test-Aankoop 2017-12-02 18:41 - 2014-07-05 10:29 - 000000000 ____D C:\Program Files (x86)\Test-A 2017-11-29 17:17 - 2013-02-11 13:57 - 000000000 ____D C:\Users\Public\Documents\NMBS GGC 2017-11-27 19:42 - 2012-12-22 12:53 - 000000000 ____D C:\Users\Rik\AppData\Local\CrashDumps ==================== Bestanden in de root van sommige mappen ======= 2011-07-27 15:30 - 2011-07-27 15:30 - 000001854 _____ () C:\Users\Rik\AppData\Roaming\GhostObjGAFix.xml ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-12-19 00:36 ==================== Eind van FRST.txt ============================