Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 14.03.2018 Gestart door 4606 (Beheerder) op 4606-JULIEN (09-04-2018 11:31:16) Gestart vanaf C:\Users\4606\Desktop Geladen Profielen: 4606 & (Beschikbare Profielen: UpdatusUser & 4606) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465320 2010-09-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-02] (Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-10-29] (CyberLink) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111200167\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111208481\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKU\S-1-5-21-3980786996-424854653-323187991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111201680\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111201680\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR HKU\S-1-5-21-3980786996-424854653-323187991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111208840\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111208840\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR HKU\S-1-5-21-3980786996-424854653-323187991-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111202803\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111202803\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs HKU\S-1-5-21-3980786996-424854653-323187991-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111209215\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111209215\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs HKU\S-1-5-21-3980786996-424854653-323187991-1001.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111204067\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1001.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111204067\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR HKU\S-1-5-21-3980786996-424854653-323187991-1001.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111209449\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\S-1-5-21-3980786996-424854653-323187991-1001.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111209449\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR HKU\S-1-5-21-3980786996-424854653-323187991-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd) HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd) HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [112232 2010-10-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100968 2010-10-28] (NVIDIA Corporation) BootExecute: autocheck autochk * ᖣ﮽߾Ѐ䰁 ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5 Tcpip\..\Interfaces\{45244AE0-7E18-4054-A8B9-A693A7FB9E6C}: [DhcpNameServer] 195.130.130.5 195.130.131.5 Tcpip\..\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3980786996-424854653-323187991-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> {53503014-3B4C-476F-9886-D3342920A0F0} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> {A8DA5546-5DAD-4580-8592-E0C98614F8F4} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> {F3EE4CE9-22CB-40B4-BE63-C0AAF06CBCA1} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> {53503014-3B4C-476F-9886-D3342920A0F0} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> {A8DA5546-5DAD-4580-8592-E0C98614F8F4} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> {F3EE4CE9-22CB-40B4-BE63-C0AAF06CBCA1} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> {53503014-3B4C-476F-9886-D3342920A0F0} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4817D360-555C-4DA3-8AD3-ABC83F1FC8EC}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716wt&pr=sa&d=2016-08-04 09:49:11&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> {A8DA5546-5DAD-4580-8592-E0C98614F8F4} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> {F3EE4CE9-22CB-40B4-BE63-C0AAF06CBCA1} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2018-04-07] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-04-07] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Geen Naam -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Geen bestand Toolbar: HKLM - Geen Naam - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Geen bestand Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.) Toolbar: HKLM-x32 - Geen Naam - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> Geen Naam - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002 -> Geen Naam - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> Geen Naam - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299 -> Geen Naam - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> Geen Naam - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Geen bestand Toolbar: HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182 -> Geen Naam - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Geen bestand DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll [2007-08-27] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\4606\AppData\Roaming\TomTom\HOME\Profiles\ymfyse0k.default [2018-04-08] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2018-03-16] [Verouderd] [ niet getekend] FF ProfilePath: C:\Users\4606\AppData\Roaming\Mozilla\Firefox\Profiles\lhua3kvr.default [2018-04-09] FF Homepage: Mozilla\Firefox\Profiles\lhua3kvr.default -> hxxps://mysearch.avg.com?cid={2171752D-AEEF-4085-BA64-BB1B2E27D47F}&mid=d4e79eee235a47d2883bd16f6b201ea3-1f58ed96950e7018898be075a351696e4e8eacd0&lang=en&ds=rc011&coid=avgtbdisrc&cmpid=0615tb&pr=sa&d=2015-03-26 11:52:11&v=19.3.0.491&pid=safeguard&sg=&sap=hp FF Extension: (AVG Web TuneUp) - C:\Users\4606\AppData\Roaming\Mozilla\Firefox\Profiles\lhua3kvr.default\Extensions\avg@toolbar.xpi [2018-04-07] FF SearchPlugin: C:\Users\4606\AppData\Roaming\Mozilla\Firefox\Profiles\lhua3kvr.default\searchplugins\avg-secure-search.xml [2018-04-07] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon FF Extension: (Geen Naam) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-07-31] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-04-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-04-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2010-11-30] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Geen bestand] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [Geen bestand] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> mysearch.avg.com CHR StartupUrls: Profile 1 -> "hxxps://www.google.be/" CHR DefaultSearchURL: Profile 1 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> hxxps://mysearch.avg.com CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR Profile: C:\Users\4606\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-08] CHR Profile: C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-08] CHR Extension: (Presentaties) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-07] CHR Extension: (Documenten) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-07] CHR Extension: (Google Drive) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-07] CHR Extension: (YouTube) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-07] CHR Extension: (Adblock Plus) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-07] CHR Extension: (AVG Secure Search) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2018-04-07] CHR Extension: (Norton Security Toolbar) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-07] CHR Extension: (Spreadsheets) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-07] CHR Extension: (Offline Documenten) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-07] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07] CHR Extension: (Gmail) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-07] CHR Extension: (Chrome Media Router) - C:\Users\4606\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-07] CHR Profile: C:\Users\4606\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-08] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3980786996-424854653-323187991-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111205299\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3980786996-424854653-323187991-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092018111210182\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.) R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [Bestand niet getekend] R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [Bestand niet getekend] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [Bestand niet getekend] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation) S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice64.sys [215808 2007-06-21] (eMPIA Technology, Inc.) [Bestand niet getekend] R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-03-16] (Symantec Corporation) S3 emAudio; C:\Windows\System32\drivers\emAudio64.sys [77312 2007-01-12] (eMPIA Technology, Inc.) [Bestand niet getekend] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] () S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter64.sys [6400 2007-06-21] (eMPIA Technology, Inc.) [Bestand niet getekend] R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-07] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-09] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-09] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-09] (Malwarebytes) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan64.sys [6144 2007-06-21] (eMPIA Technology, Inc.) [Bestand niet getekend] S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.) S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [20872 2009-08-26] (IVT Corporation.) S1 BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160316.006\BHDrvx64.sys [X] U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) S1 IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160323.001\IDSvia64.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160324.003\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160324.003\EX64.SYS [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-04-09 11:31 - 2018-04-09 11:33 - 000029646 _____ C:\Users\4606\Desktop\FRST.txt 2018-04-09 11:30 - 2018-04-09 11:31 - 000000000 ____D C:\FRST 2018-04-09 11:29 - 2018-04-09 11:26 - 002403328 _____ (Farbar) C:\Users\4606\Desktop\FRST64.exe 2018-04-08 17:39 - 2018-04-08 17:39 - 029426256 _____ C:\Users\4606\Downloads\TomTomHOME2winlatest.exe 2018-04-08 17:27 - 2018-04-09 11:11 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-04-08 11:42 - 2018-04-08 17:21 - 000000000 ____D C:\Users\4606\AppData\Local\ESET 2018-04-08 11:42 - 2018-04-08 11:42 - 006968952 _____ (ESET spol. s r.o.) C:\Users\4606\Downloads\esetonlinescanner_enu.exe 2018-04-08 11:30 - 2018-04-08 11:30 - 015333512 _____ (Piriform Ltd) C:\Users\4606\Downloads\ccsetup541.exe 2018-04-08 10:44 - 2018-04-08 11:22 - 000000000 ____D C:\Users\4606\Tracing 2018-04-07 17:29 - 2018-04-07 17:30 - 000000000 ____D C:\Users\4606\Te mijden programma's 2018-04-07 17:25 - 2018-04-07 17:28 - 000003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3980786996-424854653-323187991-1002 2018-04-07 17:12 - 2018-04-07 17:16 - 000000000 ____D C:\Users\4606\Presentaties 2018-04-07 16:46 - 2018-04-07 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2018-04-07 16:44 - 2018-04-07 16:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2018-04-07 16:43 - 2018-04-07 16:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2018-04-07 16:42 - 2018-04-07 16:42 - 000000000 ____D C:\Windows\PCHEALTH 2018-04-07 16:40 - 2018-04-07 16:49 - 000000000 ____D C:\Windows\SHELLNEW 2018-04-07 16:40 - 2018-04-07 16:40 - 000000000 ____D C:\Program Files\Microsoft Office 2018-04-07 16:40 - 2018-04-07 16:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2018-04-07 16:39 - 2018-04-07 17:28 - 000000000 ____D C:\Users\4606\.gimp-2.8 2018-04-07 16:39 - 2018-04-07 16:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-04-07 16:39 - 2018-04-07 16:39 - 000000000 __RHD C:\MSOCache 2018-04-07 14:47 - 2018-04-07 14:47 - 000000000 ____D C:\Users\4606\AppData\Roaming\Sun 2018-04-07 14:46 - 2018-04-07 14:45 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2018-04-07 14:44 - 2018-04-07 14:44 - 000000000 ____D C:\ProgramData\Oracle 2018-04-07 14:44 - 2018-04-07 14:44 - 000000000 ____D C:\Program Files\Java 2018-04-07 14:34 - 2018-04-07 14:34 - 000001237 _____ C:\Users\TEMP\Desktop\Foxit Reader.lnk 2018-04-07 14:33 - 2018-04-07 14:33 - 000000000 ____D C:\Users\4606\AppData\Roaming\Foxit 2018-04-07 14:33 - 2018-04-07 14:33 - 000000000 ____D C:\Program Files (x86)\Foxit Software 2018-04-07 14:14 - 2014-09-05 10:09 - 000000386 _____ C:\Users\4606\Aanmelden.URL 2018-04-07 14:04 - 2018-04-07 14:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-04-07 13:35 - 2018-04-07 13:35 - 000000000 ____D C:\ProgramData\APN 2018-04-07 11:35 - 2018-04-07 11:35 - 000032704 _____ C:\ProgramData\agent.update.1523093712.bdinstall.bin 2018-04-07 11:27 - 2018-04-07 11:27 - 000000351 _____ C:\Users\4606\Desktop\Deze Computer.lnk 2018-04-07 11:16 - 2018-04-07 11:16 - 000001054 _____ C:\Users\4606\Desktop\Hoofd opslagplaats Computer.lnk 2018-04-07 10:40 - 2018-04-09 11:11 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-04-07 10:40 - 2018-04-09 11:11 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-04-07 10:40 - 2018-04-09 11:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-04-07 10:40 - 2018-04-07 12:48 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-04-07 10:39 - 2018-04-07 10:39 - 000000000 ____D C:\ProgramData\MB2Migration 2018-04-07 10:39 - 2018-04-07 10:39 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-07 10:39 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-04-07 10:23 - 2018-04-07 11:42 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2018-04-07 10:21 - 2018-04-07 10:21 - 000048725 _____ C:\ProgramData\agent.1523089272.bdinstall.bin 2018-04-07 10:21 - 2018-04-07 10:21 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2018-04-07 10:09 - 2018-04-08 11:31 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-04-07 09:57 - 2018-04-08 11:41 - 000102912 ___SH C:\Users\4606\Desktop\Thumbs.db 2018-03-16 13:59 - 2018-03-16 13:59 - 000000000 ____D C:\Users\4606\Documents\TomTom 2018-03-16 13:59 - 2018-03-16 13:59 - 000000000 ____D C:\Users\4606\AppData\Roaming\TomTom 2018-03-16 13:59 - 2018-03-16 13:59 - 000000000 ____D C:\Users\4606\AppData\Local\TomTom 2018-03-16 13:59 - 2018-03-16 13:59 - 000000000 ____D C:\ProgramData\TomTom 2018-03-16 13:58 - 2018-04-08 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2018-03-16 13:58 - 2018-03-16 13:58 - 000000000 ____D C:\Program Files (x86)\TomTom HOME 2 2018-03-16 13:55 - 2018-03-16 13:55 - 000000000 ____D C:\Users\4606\AppData\Local\Downloaded Installations ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-04-09 11:29 - 2009-07-14 06:45 - 000018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-04-09 11:29 - 2009-07-14 06:45 - 000018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-04-09 11:10 - 2011-05-08 15:19 - 000005050 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI 2018-04-09 11:10 - 2010-11-24 18:27 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-09 11:10 - 2009-09-07 15:42 - 000000943 _____ C:\Windows\SysWOW64\bscs.ini 2018-04-09 11:10 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-08 17:26 - 2011-02-26 14:51 - 000000000 ____D C:\Users\4606 2018-04-08 14:37 - 2017-03-20 17:05 - 000000000 ____D C:\Windows\rescache 2018-04-08 11:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-04-08 11:31 - 2014-09-05 10:11 - 000000000 ___RD C:\Beveiliging 2018-04-08 10:44 - 2013-02-09 18:58 - 000000000 ____D C:\Users\4606\AppData\Local\Windows Live 2018-04-08 10:04 - 2012-01-17 13:31 - 000032768 _____ C:\Users\4606\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-07 17:28 - 2014-11-20 15:12 - 000002184 _____ C:\Users\4606\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-04-07 17:28 - 2014-11-20 15:12 - 000000000 ___RD C:\Users\4606\OneDrive 2018-04-07 17:28 - 2013-03-25 18:19 - 000000000 ____D C:\Users\4606\AppData\Local\Albelli.be Fotoboeken 2018-04-07 17:27 - 2010-05-12 11:05 - 000746014 _____ C:\Windows\system32\perfh013.dat 2018-04-07 17:27 - 2010-05-12 11:05 - 000153934 _____ C:\Windows\system32\perfc013.dat 2018-04-07 17:27 - 2009-07-14 07:13 - 001679692 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-07 17:25 - 2014-11-20 15:12 - 000002127 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-04-07 17:25 - 2014-11-20 15:12 - 000002127 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-04-07 17:25 - 2014-11-20 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2018-04-07 17:16 - 2011-02-26 14:51 - 000000000 ___RD C:\Users\4606\Mijn muziek 2018-04-07 16:59 - 2011-03-03 19:13 - 000119608 _____ C:\Users\4606\AppData\Local\GDIPFONTCACHEV1.DAT 2018-04-07 16:57 - 2009-07-14 06:45 - 000436208 _____ C:\Windows\system32\FNTCACHE.DAT 2018-04-07 16:44 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-04-07 16:41 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2018-04-07 16:27 - 2011-12-29 20:32 - 000000000 ____D C:\Users\4606\AppData\Roaming\SoftGrid Client 2018-04-07 16:07 - 2011-02-26 14:49 - 000000000 ____D C:\Program Files\Google 2018-04-07 16:07 - 2011-02-26 14:49 - 000000000 ____D C:\Program Files (x86)\Google 2018-04-07 15:41 - 2012-06-28 11:21 - 000000000 ____D C:\Program Files (x86)\Sony 2018-04-07 15:29 - 2016-08-04 09:49 - 000000000 ____D C:\Users\4606\AppData\Local\AVG Web TuneUp 2018-04-07 15:29 - 2016-08-04 09:49 - 000000000 ____D C:\ProgramData\AVG Web TuneUp 2018-04-07 15:20 - 2011-05-01 20:27 - 000000000 ____D C:\Users\4606\AppData\Local\Ashampoo Photo Optimizer Medion 2018-04-07 15:06 - 2010-07-07 18:28 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-04-07 14:59 - 2011-02-26 14:53 - 000000000 ____D C:\Users\4606\AppData\Local\Google 2018-04-07 14:31 - 2014-10-24 15:14 - 000013824 ___SH C:\Users\4606\Documents\Thumbs.db 2018-04-07 14:31 - 2011-02-26 14:51 - 000000000 ___RD C:\Users\4606\Mijn afbeeldingen 2018-04-07 14:29 - 2014-02-06 14:37 - 025600512 ___SH C:\Users\4606\Downloads\Thumbs.db 2018-04-07 12:56 - 2014-09-16 14:33 - 000000000 ____D C:\Program Files (x86)\Norton Internet Security 2018-04-07 12:49 - 2016-11-14 12:17 - 000018944 ___SH C:\Users\4606\Thumbs.db 2018-04-07 11:10 - 2017-06-26 10:37 - 000000000 ____D C:\ProgramData\WinZip 2018-04-07 11:10 - 2014-09-05 11:19 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2018-04-07 11:03 - 2014-12-04 15:16 - 000000000 ____D C:\ProgramData\Uniblue 2018-04-07 10:39 - 2014-06-05 16:58 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-07 10:25 - 2017-02-20 11:12 - 000000000 ____D C:\Users\4606\AppData\Local\AvgSetupLog 2018-04-07 10:09 - 2014-09-05 11:00 - 000000000 ____D C:\Program Files\CCleaner 2018-04-07 09:23 - 2011-08-04 12:45 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E1919611-8702-4136-9B32-89A30EB344A8} 2018-03-22 08:24 - 2014-09-05 10:34 - 000002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-22 08:24 - 2014-09-05 10:34 - 000002207 _____ C:\Users\Public\Desktop\Internet.lnk ==================== Bestanden in de root van sommige mappen ======= 2012-11-21 15:09 - 2012-11-21 15:09 - 000000288 _____ () C:\Users\4606\AppData\Roaming\.backup.dm 2012-01-17 13:31 - 2018-04-08 10:04 - 000032768 _____ () C:\Users\4606\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-12-20 21:34 - 2017-12-20 21:34 - 000000858 _____ () C:\Users\4606\AppData\Local\recently-used.xbel Sommige bestanden in TEMP: ==================== 2018-04-07 13:34 - 2014-02-25 15:08 - 001326512 _____ (Ask.com) C:\Users\4606\AppData\Local\Temp\Offercast_AVIRAV7_.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2018-04-08 14:29 ==================== Eind van FRST.txt ============================