Re: Junk Removal Tool
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 19-02-2017
Gestart door F.J.Stols (20-02-2017 16:06:10)
Gestart vanaf C:\Users\Gebruiker\Desktop
Windows 10 Home Versie 1607 (X64) (2016-08-05 07:32:24)
Boot Modus: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1916800224-2560957495-3225600593-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1916800224-2560957495-3225600593-503 - Limited - Disabled)
F.J.Stols (S-1-5-21-1916800224-2560957495-3225600593-1001 - Administrator - Enabled) => C:\Users\Gebruiker
Gast (S-1-5-21-1916800224-2560957495-3225600593-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1916800224-2560957495-3225600593-1003 - Limited - Enabled)
==================== Security Center ========================
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Protection (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
==================== Genstalleerde programma's ======================
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
4Team Safe PST Backup Free Edition (HKLM\...\{BE252E19-3F57-4026-B00C-87A05B3E5660}) (Version: 2.62.0614 - 4Team Corporation)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{4F88ECAA-A619-44CD-ADE2-5CA3685D6C5D}) (Version: 20.0.0 - Helmut Buhler)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 (HKLM-x32\...\{D176CB09-1505-4D2B-838A-4483D7DF23FB}) (Version: 5.0.1 - Adobe)
Adres 2000 Versie 1.93 (HKLM-x32\...\Adres 2000_is1) (Version: - H.C.C. Akkerman)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
AX64 Time Machine (remove only) (HKLM\...\AXTM) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CrystalDiskInfo 5.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.0 - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Easy Rolodex 3.2 (HKLM\...\{48FC3F43-D57D-43A3-B1E6-EE88AFD93DE5}) (Version: 3.2 - Woerdekom Webdesign en Software)
FastStone Capture 4.8 (HKLM-x32\...\FastStone Capture) (Version: 4.8 - FastStone Soft)
FastStone Image Viewer 5.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.9 - FastStone Soft)
FastStone Photo Resizer 3.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.3 - FastStone Soft.)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Gebruikersregistratie voor Canon MG6600 series (HKLM-x32\...\Gebruikersregistratie voor Canon MG6600 series) (Version: - *Canon Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited)
Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 nl)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NVIDIA 3D Vision controllerstuurprogramma 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.00.00.0000 - Panda Security)
Panda Protection (Version: 8.85.00 - Panda Security) Hidden
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TomTom HOME (HKLM-x32\...\{B581E191-A2C1-4CE3-907E-9FE3C728750C}) (Version: 2.9.91 - Uw bedrijfsnaam)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Wise Disk Cleaner 9.42 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.42 - WiseCleaner.com, Inc.)
YTD Video Downloader 5.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.2 - GreenTree Applications SRL) <==== AANDACHT
ZoneAlarm Firewall (x32 Version: 14.2.255.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.2.255.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.2.255.000 - Check Point Software Technologies Ltd.) Hidden
==================== Aangepaste CLSID (gefilterd): ==========================
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
CustomCLSID: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Gebruiker\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Gebruiker\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
==================== Geplande Taken (gefilterd) =============
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
Task: {2A59D428-91CC-4DF3-A332-8FF803DAA1D6} - System32\Tasks\4Team updater => C:\Program Files\4Team Corporation\4Team-Updater\4Team-Updater.exe [2014-06-10] ()
Task: {5C0ADD45-DB46-4EA7-A2BA-ED509142F69D} - \Adobe Flash Player Updater -> Geen bestand <==== AANDACHT
Task: {5F8E209E-4C48-4828-A1D4-4967CF23B3E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {6C51F13F-AED3-4DF3-B8B8-A67D548EA91E} - \CCleanerSkipUAC -> Geen bestand <==== AANDACHT
Task: {741BB873-7976-413D-85F4-5A0CD5B0A450} - \CreateExplorerShellUnelevatedTask -> Geen bestand <==== AANDACHT
Task: {9112D2F0-4C6C-4CA2-B79D-6D2478C64F31} - System32\Tasks\AXTMApp => C:\Program Files\AXTM\AXTMApp.exe [2014-02-20] (AX64)
Task: {992E9172-8A2C-4406-A3D1-D745EE5CF963} - \Auslogics\Driver Updater\Scan -> Geen bestand <==== AANDACHT
Task: {A5DA14F2-522B-461D-8DF1-E468194F18EE} - \{5C65B28A-5CD0-C9C3-008B-50D3EAE07897} -> Geen bestand <==== AANDACHT
Task: {B023A6D4-5F3D-47BB-8ADA-D2BE786B5CD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {B6BC2ED4-91B8-4B13-9818-55A29FA22F88} - \Auslogics\BoostSpeed\Scan and Repair -> Geen bestand <==== AANDACHT
Task: {F0B3227B-5496-42CC-822D-A29CE088520D} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2017-01-22] (WiseCleaner.com)
Task: {F1620412-BCD4-4918-AAA4-8E7F9A75C574} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AXTMApp.job => C:\Program Files\AXTM\AXTMApp.exe /minimized C:\Program Files\AXTM AZERTY\F.J.Sto
Task: C:\WINDOWS\Tasks\{5C65B28A-5CD0-C9C3-008B-50D3EAE07897}.job =>
==================== Snelkoppelingen =============================
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
==================== Geladen Modules (gefilterd) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 15:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-23 10:08 - 2016-01-22 15:57 - 00089008 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-12-09 09:56 - 2013-06-28 15:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-22 09:10 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2014-02-20 10:34 - 2014-02-20 10:34 - 02641112 _____ () C:\Program Files\AXTM\AXCORE.dll
2016-12-14 15:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-22 09:10 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-16 10:04 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-18 16:36 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-18 16:35 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-18 16:35 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-18 16:35 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-18 16:35 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-18 16:36 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-20 14:14 - 2016-09-20 14:14 - 00023560 _____ () C:\Program Files\4Team Corporation\Safe PST Backup\ForTeam.ServiceClient.dll
2016-09-20 14:14 - 2016-09-20 14:14 - 00066048 _____ () C:\Program Files\4Team Corporation\Safe PST Backup\ForTeam.Settings.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-09-20 14:14 - 2016-09-20 14:14 - 01108488 _____ () C:\Program Files\4Team Corporation\Safe PST Backup\System.Data.SQLite.dll
2015-12-15 18:17 - 2015-12-15 18:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-07-22 09:10 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
==================== Alternate Data Streams (gefilterd) =========
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
==================== Veilige Modus (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== Bestandskoppeling (gefilterd) ===============
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
==================== Internet Explorer vertrouwde/beperkte toegang ===============
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
==================== Hosts inhoud: ===============================
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere gebieden ============================
(Momenteel is er geen automatische fix voor dit onderdeel.)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.254 - 195.121.1.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is uitgeschakeld.
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\StartupApproved\Run: => "OneDrive"
==================== Firewall regels (gefilterd) ===============
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D2755A2B-06DB-4474-8D10-0AF0A2E8575F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E1D951B9-B7FC-4490-9341-1921E2E4C9E8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{59EA3820-A3ED-48CE-8BF7-7506ABF7E5F4}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{55538A51-5FF2-47FA-AAB1-24BADF4E0EA5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9B0D8CE7-C7B7-4431-A23F-F42EECFC0BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FA96560-1DB9-4ED3-A8FF-FE22338E6F4E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9086BFF4-7FF5-42CF-AE4A-DEFE3AB8BA23}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D5794640-EB77-4624-A8F0-A4B105DF8BA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{A7B9F7A0-B181-4C2A-B02B-3938EC8828FC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{A2E443CE-62FA-4ECB-84F2-4E721F206CC5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{F243BF7E-4D0D-43D4-818D-7BDA40F375A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E099BB68-2101-44A4-9EEA-B8A919B211B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{488A3F70-9852-44BA-8A1E-A0B392D1F4F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{011A91B2-A543-4B16-AEBA-46AE44D61434}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{362C23CF-B7C9-46BB-B0C5-1BC61769056B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABA5AD78-A109-4F86-BBB3-A5F3CC43EA5A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41B7972C-258B-4159-804A-2C6D5D27C579}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7BB1E9B8-4902-4062-BCB5-5BC9141DAFDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7283925C-E1B6-44DF-A52F-AD5058AE11F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Herstelpunten =========================
19-02-2017 19:43:47 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules
19-02-2017 19:44:21 Removed TomTom HOME Visual Studio Merge Modules
19-02-2017 19:45:06 Revo Uninstaller's restore point - MiniTool Partition Wizard Free 9.1
19-02-2017 19:46:20 Revo Uninstaller's restore point - Microsoft OneDrive
==================== Defecte Apparaatbeheer Apparaten =============
==================== Eventlog fouten: =========================
Applicatiefouten:
==================
Error: (02/20/2017 04:00:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 03:00:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 02:00:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 01:00:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 12:00:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 10:00:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 09:49:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma TFC.exe, versie 3.1.9.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
Proces-id: 23d4
Starttijd: 01d28b554e1380e6
Eindtijd: 4294967295
Toepassingspad: D:\05 P R O G R A M M A 'S en filmpjes en meer\S C H O O N M A K E R S ,diagnostiek,mailwasher\Abraham54\TFC.exe
Rapport-id: 6d076cde-f749-11e6-a784-d05099987272
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:
Error: (02/20/2017 09:00:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/20/2017 08:35:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Error: (02/19/2017 07:46:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Toegang geweigerd.
.
Systeemfouten:
=============
Error: (02/20/2017 01:18:18 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Het browserstuurprogramma heeft te veel ongeldige datagrammen van de externe computer EXPERIA ontvangen om AZERTY op transport NetBT_Tcpip_{B759DC05-4683-4F91-BEB2-29472251C1BA} te kunnen benoemen. Raadpleeg het datagram voor verdere gegevens.
Er worden pas weer gebeurtenissen gegenereerd nadat de herstelfrequentie is verlopen.
Error: (02/20/2017 01:18:08 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
Error: (02/20/2017 01:17:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (02/20/2017 10:15:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (02/20/2017 09:48:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (02/20/2017 09:40:28 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Het browserstuurprogramma heeft te veel ongeldige datagrammen van de externe computer EXPERIA ontvangen om AZERTY op transport NetBT_Tcpip_{B759DC05-4683-4F91-BEB2-29472251C1BA} te kunnen benoemen. Raadpleeg het datagram voor verdere gegevens.
Er worden pas weer gebeurtenissen gegenereerd nadat de herstelfrequentie is verlopen.
Error: (02/20/2017 09:40:15 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
Error: (02/20/2017 09:39:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (02/20/2017 09:39:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Modules Installer-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.
Error: (02/20/2017 09:39:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Office Software Protection Platform-service is onverwacht beindigd. Dit is nu 1 keer gebeurd.
==================== Geheugen info ===========================
Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage geheugen in gebruik: 24%
Totaal fysiek RAM-geheugen: 8127.79 MB
Beschikbaar fysiek RAM-geheugen: 6149.93 MB
Totaal Virtueel geheugen: 9407.79 MB
Beschikbaar Virtual geheugen: 7331.18 MB
==================== Schijven ================================
Drive c: () (Fixed) (Total:223.02 GB) (Free:189.3 GB) NTFS
Drive d: (Ingebouwd) (Fixed) (Total:931.51 GB) (Free:742.64 GB) NTFS
Drive f: (West) (Fixed) (Total:465.76 GB) (Free:344.47 GB) NTFS
Drive m: (Lokale schijf ) (Fixed) (Total:465.38 GB) (Free:299.34 GB) NTFS
==================== MBR & Partitietabel ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 50431FC0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 10373300)
Partition 1: (Active) - (Size=387 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: D9461C26)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Eind van Addition.txt ============================
en dan
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 19-02-2017
Gestart door F.J.Stols (Beheerder) op AZERTY (20-02-2017 16:05:11)
Gestart vanaf C:\Users\Gebruiker\Desktop
Geladen Profielen: F.J.Stols (Beschikbare Profielen: F.J.Stols)
Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: FF)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processen (gefilterd) =================
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(4Team) C:\Program Files\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AX64) C:\Program Files\AXTM\AXTMApp.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(eCOSM) C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
(4Team Corporation) C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Register (gefilterd) ====================
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-06-16] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [114480 2016-10-27] (Panda Security, S.L.)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [MailWasher] => C:\Program Files (x86)\MailWasher Pro\MailWasher.exe [4393984 2003-11-06] (eCOSM)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [Safe PST Backup] => C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [5103608 2016-09-20] (4Team Corporation)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-07-14] (TomTom)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [495616 2007-08-20] (Gadwin Systems, Inc)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\RunOnce: [Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
GroupPolicy: Restrictie <======= AANDACHT
GroupPolicyScripts: Restrictie <======= AANDACHT
GroupPolicyScripts-x32: Restrictie <======= AANDACHT
==================== Internet (gefilterd) ====================
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Tcpip\..\Interfaces\{b759dc05-4683-4f91-beb2-29472251c1ba}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2d618ef8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-2d618ef8
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-2d618ef8&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-2d618ef8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\TomTom\HOME\Profiles\qt9tjb9c.default [2017-02-18]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-09-10] [ niet getekend]
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 [2017-02-20]
FF NewTab: Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 -> Search Provided by Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 ->
www.google.nl
FF Keyword.URL: Mozilla\Firefox\Profiles\guykot6p.default-1469904827259 -> user_pref("keyword.URL", true);
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\langpack-nl@firefox.mozilla.org.xpi [2017-02-17]
FF Extension: (Woordenboek Nederlands) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\nl-NL@dictionaries.addons.mozilla.org [2017-02-15] [ niet getekend]
FF Extension: (uBlock Origin) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\uBlock0@raymondhill.net.xpi [2017-01-26]
FF Extension: (uBlock) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-07-30]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-15]
FF Extension: (Video DownloadHelper) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-31]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\guykot6p.default-1469904827259\features\{67ed4d07-32de-4ee4-a7cd-f2b81b029dd3}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-02-06] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Gebruiker\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-02-06] (Cisco WebEx LLC)
==================== Services (gefilterd) ====================
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-07-23] (Macrovision Europe Ltd.) [Bestand niet getekend]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109816 2016-10-24] (Panda Security, S.L.)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-10-27] (Panda Security, S.L.)
R2 SafePSTShadowCopy; C:\Program Files\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe [15880 2016-09-20] (4Team)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-06-16] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-05-24] (Check Point Software Technologies, Ltd.)
===================== Drivers (gefilterd) ======================
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
R3 AXMount; C:\WINDOWS\System32\drivers\AXMount.sys [82232 2016-12-25] (Windows (R) Win 7 DDK provider)
R0 AXTrack; C:\WINDOWS\System32\DRIVERS\AXTrack.sys [60096 2016-12-26] (Windows (R) Win 7 DDK provider)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-02-05] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [106928 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [119728 2016-07-05] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [90032 2016-07-05] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [197040 2016-07-05] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-03] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [179120 2016-10-24] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130992 2016-10-24] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207792 2016-10-24] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-10-24] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-10-24] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-10-24] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-06] ()
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [462296 2016-07-31] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; geen ImagePath
==================== NetSvcs (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
==================== Een Maand Aangemaakt bestanden en mappen ========
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
2017-02-20 16:05 - 2017-02-20 16:05 - 00020695 _____ C:\Users\Gebruiker\Desktop\FRST.txt
2017-02-20 16:02 - 2017-02-20 16:03 - 02422784 _____ (Farbar) C:\Users\Gebruiker\Desktop\FRST64.exe
2017-02-20 15:52 - 2017-02-20 15:54 - 01663040 _____ (Malwarebytes) C:\Users\Gebruiker\Desktop\JRT(1).exe
2017-02-20 10:14 - 2017-02-20 10:14 - 00001241 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2017-02-20 09:40 - 2017-02-20 09:40 - 00405680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-18 15:19 - 2017-02-20 15:30 - 00004208 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA511253-2DBC-4766-8534-549B29B13714}
2017-02-17 10:04 - 2017-02-17 10:04 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-17 10:04 - 2017-02-17 10:04 - 00001180 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-17 10:04 - 2017-02-17 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-16 08:20 - 2017-02-20 15:58 - 00000000 ____D C:\Users\Gebruiker\Desktop\stevenchrista25
2017-02-15 16:26 - 2017-02-15 16:27 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\MangoApps
2017-02-15 09:08 - 2017-02-15 09:08 - 00000000 ____D C:\Users\Gebruiker\Documents\Apowersoft
2017-02-15 09:08 - 2017-01-03 13:48 - 00036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2017-02-13 08:41 - 2017-02-18 09:03 - 00000075 _____ C:\Users\Gebruiker\AppData\Roaming\WB.CFG
2017-02-12 14:51 - 2017-02-12 14:51 - 00001207 _____ C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.ini
2017-02-12 14:51 - 2017-02-12 14:51 - 00000000 _____ C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.Data.ini
2017-02-12 14:47 - 2017-02-12 14:47 - 00000098 _____ C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.command
2017-02-12 11:27 - 2017-02-12 11:27 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-12 11:26 - 2017-02-17 17:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-12 11:26 - 2017-02-14 11:05 - 00000274 _____ C:\WINDOWS\Tasks\{5C65B28A-5CD0-C9C3-008B-50D3EAE07897}.job
2017-02-12 09:21 - 2017-02-12 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-10 19:30 - 2017-02-10 19:30 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Apps\2.0
2017-02-09 10:07 - 2017-02-09 10:08 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-02-09 09:42 - 2017-02-09 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Team Corporation
2017-02-09 09:31 - 2017-02-09 09:31 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-02-08 11:58 - 2017-02-08 11:59 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 10:28 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-06 10:19 - 2017-02-20 10:15 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Wise Disk Cleaner
2017-02-06 10:19 - 2017-02-20 10:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2017-02-06 10:19 - 2017-02-20 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2017-02-06 10:19 - 2017-02-06 10:19 - 00000000 ____D C:\Program Files (x86)\Wise
2017-02-04 14:39 - 2017-02-20 13:18 - 00000310 _____ C:\WINDOWS\Tasks\AXTMApp.job
2017-02-04 14:39 - 2017-02-04 14:39 - 00002724 _____ C:\WINDOWS\System32\Tasks\AXTMApp
2017-02-02 14:05 - 2017-02-02 14:10 - 00000000 ____D C:\Users\Gebruiker\Downloads\Macrium
2017-02-02 14:03 - 2017-02-02 14:17 - 00000000 ____D C:\ProgramData\Macrium
2017-02-02 11:36 - 2017-02-02 11:36 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\CrystalIdea Software
2017-01-29 10:57 - 2017-01-29 11:03 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\IrfanView
2017-01-28 10:30 - 2017-01-28 10:42 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2017-01-28 10:30 - 2017-01-28 10:30 - 00001024 ____H C:\SYSTAG.BIN
2017-01-28 10:30 - 2017-01-28 10:30 - 00000000 ____D C:\ProgramData\AomeiBR
2017-01-28 10:29 - 2016-12-22 16:24 - 00171952 _____ C:\WINDOWS\system32\ammntdrv.sys
2017-01-28 10:29 - 2016-12-22 16:24 - 00051120 _____ C:\WINDOWS\system32\ambakdrv.sys
2017-01-28 10:29 - 2016-12-22 16:24 - 00038320 _____ C:\WINDOWS\system32\amwrtdrv.sys
2017-01-27 19:51 - 2017-01-27 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-01-27 09:49 - 2017-02-19 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 15:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 15:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 12:26 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-01-23 15:37 - 2017-01-24 13:50 - 00001381 _____ C:\Users\Gebruiker\Desktop\Laatste schijf (M).lnk
==================== Een Maand Gewijzigd bestanden en mappen ========
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
2017-02-20 16:05 - 2016-08-05 12:54 - 00000000 ____D C:\FRST
2017-02-20 16:05 - 2016-07-22 11:25 - 00000000 ____D C:\Users\Gebruiker\Documents\Outlook-bestanden
2017-02-20 16:04 - 2016-11-18 14:52 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Mozilla
2017-02-20 15:49 - 2016-08-05 08:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-20 14:52 - 2016-12-24 14:08 - 00000000 ____D C:\Osiris Rex
2017-02-20 13:22 - 2016-07-22 08:29 - 06917216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-20 13:22 - 2016-07-16 23:15 - 03283112 _____ C:\WINDOWS\system32\perfh013.dat
2017-02-20 13:22 - 2016-07-16 23:15 - 00943148 _____ C:\WINDOWS\system32\perfc013.dat
2017-02-20 13:18 - 2016-08-05 08:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 13:18 - 2016-08-05 08:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-20 13:18 - 2016-07-22 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\MailWasherPro
2017-02-20 13:17 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 09:39 - 2016-08-04 10:28 - 00000000 ____D C:\AdwCleaner
2017-02-19 19:53 - 2016-07-23 01:08 - 00000545 _____ C:\Users\Gebruiker\Desktop\Lokale schijf (C).lnk
2017-02-19 19:46 - 2016-07-22 08:28 - 00000000 ___RD C:\Users\Gebruiker\OneDrive
2017-02-19 18:01 - 2016-07-25 11:15 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\vlc
2017-02-19 16:30 - 2015-10-30 08:24 - 00000230 _____ C:\WINDOWS\win.ini
2017-02-18 19:44 - 2016-07-23 09:02 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\DesktopOK
2017-02-18 14:27 - 2016-11-18 16:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 14:12 - 2016-09-10 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2017-02-18 09:11 - 2016-10-09 09:24 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-18 09:11 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-18 09:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 21:25 - 2016-08-05 08:28 - 00000000 ____D C:\Users\Gebruiker
2017-02-17 10:00 - 2016-07-24 08:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-15 16:27 - 2016-07-22 09:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-14 11:48 - 2016-07-22 11:12 - 00001389 _____ C:\Users\Gebruiker\Desktop\Ingebouwd (D).lnk
2017-02-12 14:52 - 2016-10-09 08:30 - 00004547 _____ C:\Users\Gebruiker\AppData\Roaming\CamStudio.cfg
2017-02-12 14:52 - 2016-10-09 08:30 - 00000408 _____ C:\Users\Gebruiker\AppData\Roaming\CamShapes.ini
2017-02-12 14:52 - 2016-10-09 08:30 - 00000408 _____ C:\Users\Gebruiker\AppData\Roaming\CamLayout.ini
2017-02-12 14:52 - 2016-10-09 08:30 - 00000107 _____ C:\Users\Gebruiker\AppData\Roaming\Camdata.ini
2017-02-12 14:33 - 2016-10-09 08:03 - 00000096 _____ C:\Users\Gebruiker\AppData\Roaming\version2.xml
2017-02-12 11:26 - 2016-08-30 10:19 - 00000262 __RSH C:\ProgramData\ntuser.pol
2017-02-12 09:28 - 2016-12-04 04:30 - 00000000 ____D C:\Program Files (x86)\Synology
2017-02-12 09:20 - 2016-08-02 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-11 13:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-11 13:38 - 2016-08-14 14:17 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Wise Euask
2017-02-10 19:39 - 2016-07-24 08:49 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2017-02-10 19:21 - 2016-07-24 08:49 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-02-10 07:01 - 2016-12-04 09:40 - 00004000 _____ C:\WINDOWS\System32\Tasks\4Team updater
2017-02-09 09:42 - 2016-07-23 10:49 - 00000000 ____D C:\Program Files\4Team Corporation
2017-02-08 11:57 - 2016-12-09 09:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-08 10:28 - 2016-08-05 08:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 10:27 - 2016-08-05 08:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-06 10:30 - 2016-07-22 11:02 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Mozilla
2017-02-06 10:24 - 2016-08-07 07:52 - 00000000 ___RD C:\Users\Gebruiker\3D Objects
2017-02-06 10:24 - 2016-08-05 09:25 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 10:22 - 2016-07-22 11:14 - 00000000 __RHD C:\MSOCache
2017-02-06 10:21 - 2016-07-22 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-05 14:27 - 2016-12-03 09:18 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-28 10:59 - 2016-07-23 20:09 - 00038510 _____ C:\Users\Gebruiker\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2017-01-25 15:57 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 13:43 - 2016-08-27 12:54 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\dvdcss
2017-01-24 12:28 - 2016-07-23 06:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-24 12:28 - 2016-07-22 08:26 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Adobe
2017-01-22 09:46 - 2016-10-18 15:24 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-21 15:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-21 15:48 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
==================== Bestanden in de root van sommige mappen =======
2016-10-09 08:30 - 2017-02-12 14:52 - 0000107 _____ () C:\Users\Gebruiker\AppData\Roaming\Camdata.ini
2016-10-09 08:30 - 2017-02-12 14:52 - 0000408 _____ () C:\Users\Gebruiker\AppData\Roaming\CamLayout.ini
2016-10-09 08:30 - 2017-02-12 14:52 - 0000408 _____ () C:\Users\Gebruiker\AppData\Roaming\CamShapes.ini
2016-10-09 08:30 - 2017-02-12 14:52 - 0004547 _____ () C:\Users\Gebruiker\AppData\Roaming\CamStudio.cfg
2017-02-12 14:47 - 2017-02-12 14:47 - 0000098 _____ () C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.command
2017-02-12 14:51 - 2017-02-12 14:51 - 0000000 _____ () C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.Data.ini
2017-02-12 14:51 - 2017-02-12 14:51 - 0001207 _____ () C:\Users\Gebruiker\AppData\Roaming\CamStudio.Producer.ini
2016-07-23 20:09 - 2017-01-28 10:59 - 0038510 _____ () C:\Users\Gebruiker\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2016-10-09 08:03 - 2017-02-12 14:33 - 0000096 _____ () C:\Users\Gebruiker\AppData\Roaming\version2.xml
2017-02-13 08:41 - 2017-02-18 09:03 - 0000075 _____ () C:\Users\Gebruiker\AppData\Roaming\WB.CFG
2016-08-04 09:35 - 2016-08-04 09:36 - 0007666 _____ () C:\Users\Gebruiker\AppData\Local\resmon.resmoncfg
2016-11-05 10:38 - 2016-11-05 10:38 - 0047443 _____ () C:\ProgramData\agent.1478338715.bdinstall.bin
2016-11-05 12:50 - 2016-11-05 12:50 - 0029058 _____ () C:\ProgramData\agent.1478346655.bdinstall.bin
2016-11-05 12:49 - 2016-11-05 12:49 - 0215268 _____ () C:\ProgramData\cl.1478346510.bdinstall.bin
2016-12-10 09:21 - 2016-12-10 09:21 - 0005051 _____ () C:\ProgramData\czchsjpj.srw
Bestanden om te verplaatsen of verwijderen:
====================
C:\Windows\Tasks\{5C65B28A-5CD0-C9C3-008B-50D3EAE07897}.job
==================== Bamital & volsnap ======================
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
AANDACHT: ==> Kan geen toegang krijgen tot BCD.
LastRegBack: 2017-02-18 09:30
==================== Eind van FRST.txt ============================