Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 23.09.2018 Gestart door daved (Beheerder) op DESKTOP-I4E93KF (23-09-2018 20:03:12) Gestart vanaf D:\downloads Geladen Profielen: daved (Beschikbare Profielen: daved) Platform: Windows 10 Pro Versie 1803 17134.228 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) D:\downloads\FRST64(1).exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8529152 2015-10-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-10-06] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-4037813400-2005266614-1342265518-1001\...\Run: [GoogleChromeAutoLaunch_9B8D563EF598F7F0779ABE803032589C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.) HKU\S-1-5-21-4037813400-2005266614-1342265518-1001\...\Run: [uTorrent] => C:\Users\daved\AppData\Roaming\uTorrent\uTorrent.exe [1987256 2018-08-24] (BitTorrent Inc.) HKU\S-1-5-21-4037813400-2005266614-1342265518-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd) Startup: C:\Users\daved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2018-09-04] ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Restrictie ? <==== AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{574cbe13-dbf9-4488-b16b-66751a2980a2}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{e4f55deb-318b-4c38-9048-7ea2ef669abb}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4037813400-2005266614-1342265518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-08] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-08] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Geen bestand FireFox: ======== FF DefaultProfile: 0rbsgeh3.default-1535134718115 FF ProfilePath: C:\Users\daved\AppData\Roaming\TomTom\HOME\Profiles\jjea07e9.default [2018-08-22] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2018-08-22] [Verouderd] [ niet getekend] FF ProfilePath: C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115 [2018-09-23] FF user.js: detected! => C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\user.js [2018-08-28] FF Homepage: Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115 -> hxxps://www.google.be/ FF Extension: (AdBlocker Ultimate) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\Extensions\adblockultimate@adblockultimate.net.xpi [2018-08-30] FF Extension: (Youtube to MP3 Plugin) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\Extensions\flv2mp3@hotger.com.xpi [2018-08-24] FF Extension: (Flash Video Player on Facebook™) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\Extensions\{26a41c76-f114-4a91-baa5-5d8f135f1b82}.xpi [2018-08-24] FF Extension: (Flash Video Player for Facebook™) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\Extensions\{d0bfdcce-52c7-4b32-bb45-948f62db8d3f}.xpi [2018-08-24] FF Extension: (Adblock Plus) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-31] FF Extension: (Firefox Monitor) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\features\{49f3125c-0fae-484c-a995-afd5e0e0fcc1}\fxmonitor@mozilla.org.xpi [2018-09-19] FF Extension: (Telemetry coverage) - C:\Users\daved\AppData\Roaming\Mozilla\Firefox\Profiles\0rbsgeh3.default-1535134718115\features\{49f3125c-0fae-484c-a995-afd5e0e0fcc1}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-19] [Verouderd] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-15] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-24] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default [2018-09-23] CHR Extension: (Presentaties) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-24] CHR Extension: (Documenten) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-24] CHR Extension: (Google Drive) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-24] CHR Extension: (YouTube) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-24] CHR Extension: (Videostream for Google Chromecast™) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-05] CHR Extension: (Spreadsheets) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-24] CHR Extension: (Offline Documenten) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-24] CHR Extension: (Gmail) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-24] CHR Extension: (Chrome Media Router) - C:\Users\daved\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22] ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9659456 2018-08-30] (Microsoft Corporation) S3 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [227472 2015-10-06] () [Bestand niet getekend] S4 NeroBackItUpBackgroundService2018; C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe [287096 2017-12-15] (Nero AG) S3 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2233320 2018-08-17] (Plex, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation) S4 SonosLibraryService; C:\Program Files (x86)\Sonos\SonosLibraryService.exe [26624 2018-07-12] () [Bestand niet getekend] S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-09-23] (Reason Software Company Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-22] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-22] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-09-22] (CPUID) R1 MpKsl5c395c88; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E486C6A5-927E-4EBB-BD86-0295F1EC77B7}\MpKsl5c395c88.sys [58120 2018-09-23] (Microsoft Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation) S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-24] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek ) S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [0 2018-04-12] () <==== AANDACHT (nul byte bestand/map) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-09-22] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-09-22] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-22] (Microsoft Corporation) S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win10_x64.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-09-23 19:10 - 2018-09-23 19:10 - 000000414 __RSH C:\ProgramData\ntuser.pol 2018-09-23 18:19 - 2018-09-23 18:19 - 000000000 ____D C:\AdwCleaner 2018-09-23 18:18 - 2018-09-23 18:18 - 000000000 ____D C:\ProgramData\Unchecky 2018-09-23 18:18 - 2018-09-23 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2018-09-23 18:18 - 2018-09-23 18:18 - 000000000 ____D C:\Program Files (x86)\Unchecky 2018-09-23 11:57 - 2018-09-23 11:58 - 001721388 _____ C:\WINDOWS\Minidump\092318-18578-01.dmp 2018-09-23 10:24 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2018-09-23 09:43 - 2018-09-23 09:43 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4037813400-2005266614-1342265518-1001 2018-09-23 09:43 - 2018-09-23 09:43 - 000002387 _____ C:\Users\daved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-22 14:51 - 2018-09-22 14:51 - 000000080 ___SH C:\bootTel.dat 2018-09-22 14:51 - 2018-09-22 14:51 - 000000000 __SHD C:\found.000 2018-09-21 21:02 - 2018-09-23 20:03 - 000000000 ____D C:\FRST 2018-09-21 21:02 - 2018-09-21 21:02 - 000000000 _____ C:\WINDOWS\erunt.exe 2018-09-21 21:02 - 2018-09-21 21:02 - 000000000 _____ C:\WINDOWS\erdntwin.loc 2018-09-21 21:02 - 2018-09-21 21:02 - 000000000 _____ C:\WINDOWS\erdntdos.loc 2018-09-21 21:02 - 2018-09-21 21:02 - 000000000 _____ C:\WINDOWS\erdnt.e_e 2018-09-21 20:55 - 2018-09-23 11:57 - 641937602 _____ C:\WINDOWS\MEMORY.DMP 2018-09-21 20:55 - 2018-09-21 20:55 - 001236052 _____ C:\WINDOWS\Minidump\092118-24562-01.dmp 2018-09-21 20:44 - 2018-09-21 20:44 - 000003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2018-09-21 20:40 - 2018-09-21 20:44 - 000000415 _____ C:\DelFix.txt 2018-09-21 20:25 - 2018-09-21 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2018-09-21 20:25 - 2018-09-21 20:25 - 000000000 ____D C:\Program Files\Speccy 2018-09-21 20:20 - 2018-09-21 20:20 - 000000000 ____D C:\Users\daved\AppData\Local\ElevatedDiagnostics 2018-09-21 10:21 - 2018-09-21 10:23 - 001112612 _____ C:\WINDOWS\Minidump\092118-28046-01.dmp 2018-09-21 10:12 - 2018-09-21 10:15 - 001065140 _____ C:\WINDOWS\Minidump\092118-36046-01.dmp 2018-09-15 08:05 - 2018-09-15 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-09-11 22:27 - 2018-09-05 01:04 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-09-11 22:27 - 2018-09-05 01:04 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-09-10 23:10 - 2018-09-10 23:10 - 000000000 ____D C:\Users\daved\AppData\Local\MediaHuman 2018-09-10 23:08 - 2018-09-10 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman 2018-09-10 23:08 - 2018-09-10 23:08 - 000000000 ____D C:\Program Files (x86)\MediaHuman 2018-09-08 11:48 - 2018-09-08 11:48 - 000002521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002514 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-09-08 11:48 - 2018-09-08 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office-hulpprogramma's 2018-09-04 21:07 - 2018-09-04 21:07 - 000000000 ____D C:\Users\daved\Documents\OneNote-notitieblokken 2018-09-04 10:10 - 2018-09-04 10:10 - 005214208 _____ C:\WINDOWS\system32\config\DRIVERS.iobit 2018-09-04 10:10 - 2018-09-04 10:10 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2018-09-04 10:10 - 2018-09-04 10:10 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2018-09-04 10:10 - 2018-09-04 10:10 - 000036864 _____ C:\WINDOWS\system32\config\SAM.iobit 2018-09-04 10:09 - 2018-09-04 10:10 - 098516992 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2018-08-28 22:42 - 2018-09-23 18:19 - 000000000 ____D C:\Users\daved\AppData\LocalLow\IObit 2018-08-28 22:42 - 2018-09-21 09:28 - 000000000 ____D C:\ProgramData\ProductData 2018-08-28 22:42 - 2018-08-28 22:42 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2018-08-28 22:42 - 2018-08-28 22:42 - 000000000 ____D C:\ProgramData\BDLogging 2018-08-28 22:42 - 2018-08-28 22:42 - 000000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} 2018-08-28 22:42 - 2018-08-28 22:42 - 000000000 ____D C:\ProgramData\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C} 2018-08-28 22:41 - 2018-09-23 18:19 - 000000000 ____D C:\Users\daved\AppData\Roaming\IObit 2018-08-28 22:41 - 2018-09-23 18:19 - 000000000 ____D C:\ProgramData\IObit 2018-08-28 22:41 - 2018-08-28 22:41 - 000000000 ____D C:\Program Files (x86)\IObit 2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_1.dll 2018-08-24 20:06 - 2018-08-24 20:10 - 000000000 ____D C:\Users\daved\AppData\Local\Plex Media Server 2018-08-24 20:05 - 2018-08-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2018-08-24 20:04 - 2018-08-24 20:04 - 000000000 ____D C:\Program Files (x86)\Plex 2018-08-24 19:54 - 2018-08-24 19:54 - 000000000 ____D C:\Users\daved\AppData\Roaming\Google 2018-08-24 19:53 - 2018-08-24 19:53 - 000000000 ____D C:\Users\daved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps 2018-08-24 19:45 - 2018-09-21 09:29 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-24 19:44 - 2018-08-28 23:02 - 000004532 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-08-24 19:44 - 2018-08-28 23:02 - 000004300 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-08-24 19:44 - 2018-08-24 19:44 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-24 19:41 - 2018-08-24 19:42 - 000000000 ____D C:\Users\daved\AppData\Local\Nero 2018-08-24 19:41 - 2018-08-24 19:41 - 000000000 ____D C:\Users\daved\AppData\Local\Nero_AG 2018-08-24 19:29 - 2018-09-22 10:04 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-08-24 19:29 - 2018-08-28 23:01 - 000003048 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-08-24 19:29 - 2018-08-24 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-08-24 19:29 - 2018-08-24 19:29 - 000000000 ____D C:\Program Files\CCleaner ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-09-23 20:01 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-09-23 19:48 - 2018-05-26 22:15 - 000000000 ____D C:\Users\daved\AppData\Local\ClassicShell 2018-09-23 19:15 - 2018-05-24 22:11 - 000000000 ____D C:\Users\daved\AppData\LocalLow\Mozilla 2018-09-23 19:08 - 2018-05-24 22:09 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-09-23 18:27 - 2018-06-28 22:51 - 001521674 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-23 18:27 - 2018-04-12 18:02 - 000647074 _____ C:\WINDOWS\system32\perfh013.dat 2018-09-23 18:27 - 2018-04-12 18:02 - 000122386 _____ C:\WINDOWS\system32\perfc013.dat 2018-09-23 18:27 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2018-09-23 18:20 - 2018-06-28 22:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-23 18:20 - 2018-05-24 21:46 - 000000000 ____D C:\ProgramData\NVIDIA 2018-09-23 18:20 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-09-23 18:12 - 2018-06-28 22:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-09-23 17:20 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-09-23 13:44 - 2018-06-28 22:44 - 000000000 ____D C:\Users\daved 2018-09-23 11:57 - 2018-07-20 10:34 - 000000000 ____D C:\WINDOWS\Minidump 2018-09-23 10:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-09-23 09:54 - 2018-06-29 09:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2018-09-23 09:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-09-23 09:53 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-09-23 09:43 - 2018-05-24 22:07 - 000000000 ___RD C:\Users\daved\OneDrive 2018-09-22 14:35 - 2018-05-26 18:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-09-22 14:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-09-21 20:37 - 2018-05-26 18:39 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2018-09-21 19:57 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-09-21 10:15 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-09-15 08:18 - 2018-05-24 22:05 - 000000000 ____D C:\Users\daved\AppData\Local\Packages 2018-09-11 22:31 - 2018-05-26 18:38 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-09-11 22:28 - 2018-05-26 18:37 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-09-10 23:16 - 2018-06-02 20:33 - 000000000 ____D C:\Users\daved\AppData\Roaming\uTorrent 2018-09-10 23:10 - 2018-05-24 22:05 - 000000000 ____D C:\Users\daved\AppData\Local\VirtualStore 2018-09-10 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\schemas 2018-09-10 23:04 - 2018-08-10 11:02 - 000000000 ____D C:\Users\daved\AppData\LocalLow\uTorrent 2018-09-09 22:32 - 2018-08-09 22:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-09-09 22:32 - 2018-05-24 22:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-09-09 09:53 - 2018-05-24 22:11 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-09-08 11:48 - 2018-05-26 18:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-09-03 13:43 - 2018-08-01 20:53 - 000000000 ____D C:\ProgramData\Sonos,_Inc 2018-08-28 22:59 - 2018-05-26 22:15 - 000000000 ____D C:\Program Files\Classic Shell 2018-08-28 22:55 - 2018-06-23 22:57 - 000000000 ___DC C:\WINDOWS\Panther 2018-08-24 20:04 - 2018-06-02 22:09 - 000000000 ____D C:\ProgramData\Package Cache 2018-08-24 19:54 - 2018-08-01 21:55 - 000000000 ____D C:\Users\daved\AppData\Local\Google 2018-08-24 19:41 - 2018-06-05 18:11 - 000000000 ____D C:\Users\daved\AppData\Roaming\Nero 2018-08-24 19:37 - 2018-06-28 22:35 - 000401056 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-08-24 19:35 - 2018-06-28 22:52 - 000003922 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-24 19:35 - 2018-06-28 22:52 - 000003616 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater Sommige nul byte grootte bestanden/mappen: ========================== C:\Windows\erunt.exe C:\Windows\SysWOW64\DavSyncProvider.dll C:\Windows\SysWOW64\msjter40.dll C:\Windows\SysWOW64\spwizimg.dll C:\Windows\System32\bidispl.dll C:\Windows\System32\clfsw32.dll C:\Windows\System32\PinEnrollmentBroker.exe C:\Windows\System32\SettingsHandlers_Maps.dll C:\Windows\System32\SyncAppvPublishingServer.exe C:\Windows\System32\Drivers\Synth3dVsc.sys ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2018-06-28 22:34 ==================== Eind van FRST.txt ============================