Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:05-11-2015 Gestart door Alexander (Beheerder) op BEAST (06-11-2015 00:42:07) Gestart vanaf C:\Users\Alexander\Desktop Geladen Profielen: Alexander (Beschikbare Profielen: Alexander) Platform: Windows 7 Ultimate Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Telegram Messenger LLP) C:\Users\Alexander\AppData\Roaming\Telegram Desktop\Telegram.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKU\S-1-5-21-1798936623-2332150958-109375857-1000\...\Run: [uTorrent] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.) HKU\S-1-5-21-1798936623-2332150958-109375857-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google) Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-11-05] ShortcutTarget: Telegram.lnk -> C:\Users\Alexander\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{415FD70D-FDF8-418A-99DF-C6AFE7549525}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{BB6B7465-218D-4D9C-80CF-E88B3F6E2346}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\S-1-5-21-1798936623-2332150958-109375857-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1798936623-2332150958-109375857-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1798936623-2332150958-109375857-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/ SearchScopes: HKU\S-1-5-21-1798936623-2332150958-109375857-1000 -> DefaultScope {921A0A9F-3917-4B2D-BF9B-2811C8385D41} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} SearchScopes: HKU\S-1-5-21-1798936623-2332150958-109375857-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1798936623-2332150958-109375857-1000 -> {921A0A9F-3917-4B2D-BF9B-2811C8385D41} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.7.0/jinstall-7u67-windows-i586.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\7s0h3xjq.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.nl/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-01] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Geen bestand] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin HKU\S-1-5-21-1798936623-2332150958-109375857-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1798936623-2332150958-109375857-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-09-28] () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-13] FF Extension: Avira Browser Safety - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\7s0h3xjq.default\Extensions\abs@avira.com [2015-11-05] [ niet getekend] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ======================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [Bestand niet getekend] R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-06-22] (Advanced Micro Devices) [Bestand niet getekend] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-06-25] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [Bestand niet getekend] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X] S3 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X] ===================== Drivers (gefilterd) ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297672 2015-08-04] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-15] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [Bestand niet getekend] S3 tosporte; C:\Windows\System32\DRIVERS\tosporte.sys [49152 2008-03-25] (TOSHIBA Corporation) [Bestand niet getekend] S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [165760 2008-03-25] (TOSHIBA CORPORATION) [Bestand niet getekend] S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [44800 2007-11-29] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfcom; C:\Windows\System32\Drivers\tosrfcom.sys [76160 2007-10-02] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [88192 2008-03-19] (TOSHIBA Corporation.) [Bestand niet getekend] S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [28160 2005-07-13] (TOSHIBA Corporation.) [Bestand niet getekend] S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [56320 2008-01-22] (TOSHIBA Corporation) [Bestand niet getekend] S3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [51328 2007-10-18] (TOSHIBA CORPORATION) [Bestand niet getekend] S3 BS2129664642; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\Low\NTFS.sys [X] U3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitim C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitim C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitim C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitim C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitim C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitim C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitim C:\Windows\system32\drivers\aliide.sys ==> MD5 is legitim C:\Windows\system32\drivers\amdacpksd.sys 8D5CFFA30A371610A3700BDA4224F2BF C:\Windows\system32\drivers\amdide.sys ==> MD5 is legitim C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\atikmdag.sys 8A22BE3663C0A93F7E4C1A458FC0817A C:\Windows\System32\DRIVERS\atikmpag.sys C0C27A1094F6EA978FB2CAACFDE0E594 C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legitim C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legitim C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitim C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legitim C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87 C:\Windows\system32\drivers\appid.sys ==> MD5 is legitim C:\Windows\system32\drivers\arc.sys ==> MD5 is legitim C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitim C:\Windows\System32\drivers\atapi.sys ==> MD5 is legitim C:\Windows\System32\drivers\AtihdW76.sys F270AFC3848C54C67E3BFB892CE9B9C6 C:\Windows\System32\DRIVERS\avgdiska.sys E7C8FBDCB1C079C332F962DD1C075E5E C:\Windows\System32\DRIVERS\avgidsdrivera.sys A77AF0ABA67969E7AC28B34E686ACC5C C:\Windows\System32\DRIVERS\avgidsha.sys 87AC702B45501609BE76F703A73FD558 C:\Windows\System32\DRIVERS\avgldx64.sys 0CFB17D66DC1D76214F50E33C41CC8B6 C:\Windows\System32\DRIVERS\avgloga.sys 7EC2B7BBA7A30691D2E0D8478F219B90 C:\Windows\System32\DRIVERS\avgmfx64.sys 93B6EF1B73E7AF384F2574F7FB4282F5 C:\Windows\System32\DRIVERS\avgrkx64.sys 719EF00B1C5BED9CF5675274A4F774B9 C:\Windows\System32\DRIVERS\avgtdia.sys 3D295116030186FC6A014CA5388A4A55 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitim C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitim C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitim C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitim C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitim C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 0D25B6D300BA26A5F2C3B2A8E96B158B C:\Windows\System32\Drivers\BTHUSB.sys 1F9912F8EC5BFA53432E71E150636A8A C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitim C:\Windows\system32\drivers\circlass.sys ==> MD5 is legitim C:\Windows\System32\CLFS.sys ==> MD5 is legitim C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legitim C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitim C:\Windows\System32\Drivers\cng.sys ==> MD5 is legitim C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitim C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitim C:\Windows\System32\drivers\csc.sys ==> MD5 is legitim C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ssudbus.sys 5492F6FB1F32E10AEF02679872AFD194 C:\Windows\System32\drivers\discache.sys ==> MD5 is legitim C:\Windows\System32\drivers\disk.sys ==> MD5 is legitim C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\dtlitescsibus.sys 080598EFE474B7A28D7260C3AC389E36 C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legitim C:\Windows\system32\drivers\evbda.sys ==> MD5 is legitim C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitim C:\Windows\system32\drivers\errdev.sys ==> MD5 is legitim C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitim C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitim C:\Windows\system32\drivers\fdc.sys ==> MD5 is legitim C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitim C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitim C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitim C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitim C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitim C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462 C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legitim C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitim C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitim C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitim C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitim C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitim C:\Windows\system32\drivers\hidir.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitim C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitim C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitim C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitim C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legitim C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitim C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitim C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitim C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitim C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitim C:\Windows\System32\drivers\irenum.sys ==> MD5 is legitim C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitim C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitim C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legitim C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legitim C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitim C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitim C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitim C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitim C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitim C:\Windows\system32\drivers\luafv.sys ==> MD5 is legitim C:\Windows\system32\drivers\megasas.sys ==> MD5 is legitim C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitim C:\Windows\System32\drivers\modem.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitim C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitim C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitim C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitim C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\system32\drivers\msahci.sys ==> MD5 is legitim C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitim C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitim C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitim C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitim C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitim C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitim C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitim C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitim C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitim C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitim C:\Windows\System32\Drivers\mup.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitim C:\Windows\System32\drivers\ndis.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitim C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\netr28ux.sys 5EB01F698C4E2C11598934D4540047CA C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitim C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitim C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitim C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legitim C:\Windows\System32\Drivers\Null.sys ==> MD5 is legitim C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legitim C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legitim C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitim C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitim C:\Windows\system32\drivers\parport.sys ==> MD5 is legitim C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legitim C:\Windows\System32\drivers\pci.sys ==> MD5 is legitim C:\Windows\System32\drivers\pciide.sys ==> MD5 is legitim C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitim C:\Windows\System32\drivers\pcw.sys ==> MD5 is legitim C:\Windows\System32\drivers\peauth.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitim C:\Windows\system32\drivers\processr.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitim C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitim C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitim C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitim C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitim C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitim C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitim C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legitim C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legitim C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\Rt64win7.sys DCF7221D6588EDA8CD77CB27AE9B1844 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitim C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitim C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitim C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitim C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitim C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitim C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitim C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitim C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitim C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitim C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\System32\DRIVERS\ssudmdm.sys 627FFBE52FEDF0460C3D7259FC0EDF50 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitim C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitim C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitim C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legitim C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitim C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitim C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tosporte.sys 0E8A784713A08B39E39565C91ECE48BA C:\Windows\System32\DRIVERS\tosrfbd.sys 7F7BEACB582DAED3355C5AE5220C363B C:\Windows\System32\Drivers\tosrfbnp.sys B955484F53DE2DBB481F99AD10867EBE C:\Windows\System32\Drivers\tosrfcom.sys F31E3217D11158B584711E42E40621EC C:\Windows\System32\DRIVERS\Tosrfhid.sys F3C57806B7ECD2101387B9AF39059FF3 C:\Windows\System32\DRIVERS\tosrfnds.sys 95552D0B11C70846299DCA2FF0082205 C:\Windows\System32\drivers\tosrfsnd.sys 25BD441F1CEC311648DF259B9DF2999B C:\Windows\System32\DRIVERS\tosrfusb.sys CBD52E5DF13FAB87A0206E031EEF42A4 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legitim C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legitim C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitim C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitim C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitim C:\Windows\system32\drivers\umpass.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legitim C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legitim C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legitim C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legitim C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitim C:\Windows\System32\drivers\vga.sys ==> MD5 is legitim C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitim C:\Windows\system32\drivers\viaide.sys ==> MD5 is legitim C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legitim C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitim C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitim C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitim C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitim C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legitim C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim C:\Windows\system32\drivers\wd.sys ==> MD5 is legitim C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitim C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitim C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legitim C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitim C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legitim C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legitim ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Drie Maanden Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2015-11-06 00:42 - 2015-11-06 00:42 - 00031125 _____ C:\Users\Alexander\Desktop\FRST.txt 2015-11-06 00:41 - 2015-11-06 00:42 - 00000000 ____D C:\FRST 2015-11-06 00:40 - 2015-11-06 00:40 - 02198528 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe 2015-11-06 00:38 - 2015-11-06 00:38 - 01702400 _____ (Farbar) C:\Users\Alexander\Desktop\FRST.exe 2015-11-06 00:29 - 2015-11-06 00:29 - 00007031 _____ C:\ComboFix.txt 2015-11-06 00:15 - 2015-11-06 00:15 - 00000070 _____ C:\Windows\RAVTC.TMP 2015-11-06 00:13 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-06 00:13 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-06 00:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-06 00:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-06 00:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-06 00:13 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-06 00:13 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-06 00:13 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-06 00:12 - 2015-11-06 00:29 - 00000000 ____D C:\Qoobox 2015-11-06 00:12 - 2015-11-06 00:20 - 00000000 ____D C:\Windows\erdnt 2015-11-06 00:11 - 2015-11-06 00:11 - 05637844 ____R (Swearware) C:\Users\Alexander\Desktop\ComboFix.exe 2015-11-06 00:07 - 2015-11-06 00:11 - 00012714 _____ C:\Windows\system32\DB2129664642 2015-11-05 23:43 - 2015-11-06 00:15 - 00000000 ____D C:\ProgramData\panda_url_filtering 2015-11-05 23:42 - 2015-11-06 00:15 - 00000000 ____D C:\Program Files (x86)\Panda Security 2015-11-05 23:40 - 2015-11-06 00:15 - 00000000 ____D C:\ProgramData\Panda Security 2015-11-05 23:40 - 2015-11-05 23:40 - 02113152 _____ C:\Users\Alexander\Desktop\PANDAFREEAV.exe 2015-11-05 23:27 - 2015-11-05 23:27 - 00000000 ____D C:\Windows\system32\appmgmt 2015-11-05 21:49 - 2015-11-05 21:49 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\Avira 2015-11-05 20:57 - 2015-11-05 20:57 - 00000543 _____ C:\cleanup.bat 2015-11-05 20:31 - 2015-11-05 20:31 - 02924672 _____ (AVG Technologies) C:\Users\Alexander\Downloads\AVG_Protection_Free_698.exe 2015-11-04 01:17 - 2015-11-05 22:48 - 00013900 _____ C:\Windows\system32\CFG2129664642 2015-11-04 01:14 - 2015-11-05 20:47 - 406577145 _____ C:\Windows\MEMORY.DMP 2015-11-04 01:14 - 2015-11-04 01:14 - 00275952 _____ C:\Windows\Minidump\110415-14196-01.dmp 2015-11-04 01:14 - 2015-11-04 01:14 - 00000000 ____D C:\Windows\Minidump 2015-10-22 13:58 - 2015-10-22 13:58 - 00073297 _____ C:\Users\Alexander\Desktop\WA-gesprek 09022014.txt 2015-10-21 12:46 - 2015-10-21 12:46 - 00000216 _____ C:\Users\Alexander\Desktop\Crysis 2 Maximum Edition.url 2015-10-19 22:53 - 2015-10-21 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-19 12:32 - 2015-10-19 12:32 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-10-09 14:41 - 2015-11-05 21:46 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\uTorrent 2015-10-09 13:03 - 2015-10-09 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec 2015-10-09 13:03 - 2015-10-09 13:03 - 00000000 ____D C:\Program Files (x86)\MyFree Codec 2015-10-09 13:03 - 2013-12-30 02:54 - 00233472 _____ (Teruten) C:\Windows\SysWOW64\FsUsbExService.Exe 2015-10-09 13:03 - 2013-12-30 02:54 - 00037344 _____ C:\Windows\SysWOW64\FsUsbExDisk.Sys 2015-10-09 13:03 - 2012-12-18 09:08 - 00110592 _____ () C:\Windows\SysWOW64\FsUsbExDevice.Dll 2015-10-09 13:01 - 2015-10-09 13:28 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Samsung 2015-10-09 13:01 - 2015-10-09 13:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-10-09 13:01 - 2015-10-09 13:01 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2015-10-09 13:01 - 2015-10-09 13:01 - 00000000 ____D C:\Users\Alexander\Documents\samsung 2015-10-09 13:01 - 2015-10-09 13:01 - 00000000 ____D C:\Users\Alexander\AppData\Local\Samsung 2015-10-09 13:01 - 2015-10-09 13:01 - 00000000 ____D C:\Program Files (x86)\MarkAny 2015-10-09 13:00 - 2015-05-21 07:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-10-09 13:00 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-10-09 12:59 - 2012-12-18 09:06 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2015-10-09 12:58 - 2015-10-09 13:28 - 00000000 ____D C:\ProgramData\Samsung 2015-10-09 12:58 - 2015-10-09 13:00 - 00000000 ____D C:\Program Files (x86)\Samsung 2015-10-09 12:58 - 2015-10-09 12:58 - 00000000 ____D C:\Users\Alexander\AppData\Local\Downloaded Installations 2015-10-06 16:35 - 2015-10-06 16:36 - 51953829 _____ (Popcorn Time ) C:\Users\Alexander\Downloads\PopcornTime-latest(1).exe 2015-10-01 09:03 - 2015-10-01 09:03 - 00000000 _____ C:\Windows\SysWOW64\REN6519.tmp 2015-10-01 09:02 - 2015-10-21 11:58 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-10-01 09:02 - 2015-10-21 11:58 - 00000000 ____D C:\Users\Alexander\.oracle_jre_usage 2015-10-01 09:02 - 2015-10-21 11:58 - 00000000 ____D C:\Program Files\Java 2015-10-01 09:02 - 2015-10-01 09:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Sun 2015-10-01 09:01 - 2015-10-01 09:02 - 56501344 _____ (Oracle Corporation) C:\Users\Alexander\Downloads\jre-8u60-windows-x64.exe 2015-09-29 09:14 - 2015-09-29 09:14 - 00000000 ____D C:\Users\Alexander\Documents\Bluetooth 2015-09-29 09:14 - 2015-09-29 09:14 - 00000000 ____D C:\Users\Alexander\AppData\Local\Toshiba 2015-09-23 22:48 - 2015-09-23 22:48 - 00000000 ___HD C:\Users\Alexander\AppData\LocalLow\38F44B94 2015-09-21 14:23 - 2015-09-21 14:24 - 00000631 _____ C:\Users\Alexander\Documents\Uninstall STAR WARS The Old Republic.log 2015-09-09 20:55 - 2015-09-09 20:55 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201509092155125177.log 2015-09-09 20:55 - 2015-09-09 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-09-09 20:55 - 2015-09-09 20:55 - 00000000 ____D C:\ProgramData\ATI 2015-09-08 18:37 - 2015-09-08 18:37 - 00000000 ____D C:\Users\Alexander\AppData\Local\Skyrim 2015-09-08 18:08 - 2015-09-08 18:08 - 00000232 _____ C:\Users\Alexander\Desktop\The Elder Scrolls V Skyrim.lnk 2015-09-04 14:02 - 2015-09-08 13:13 - 00000349 _____ C:\Users\Alexander\Desktop\vinyl.txt.txt 2015-09-02 21:27 - 2015-10-02 19:16 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2015-08-20 19:47 - 2015-08-20 19:47 - 20791480 _____ (OpenSubtitles.org ) C:\Users\Alexander\Desktop\OpenSubtitlesPlayerC.exe 2015-08-19 10:53 - 2015-08-19 10:53 - 00297904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2015-08-12 21:14 - 2015-10-09 13:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-12 21:14 - 2015-08-12 21:14 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-08-12 21:14 - 2015-08-12 21:13 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2015-08-12 21:14 - 2015-08-12 21:13 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2015-08-12 21:14 - 2015-08-12 21:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll ==================== Drie Maanden Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2015-11-06 00:31 - 2014-09-11 10:39 - 01237590 _____ C:\Windows\WindowsUpdate.log 2015-11-06 00:29 - 2015-06-18 10:08 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-06 00:28 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-06 00:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2015-11-06 00:09 - 2014-09-11 10:58 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\uTorrent 2015-11-05 23:46 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-05 23:46 - 2009-07-14 05:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-05 23:44 - 2014-09-11 11:12 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\vlc 2015-11-05 23:26 - 2014-09-11 11:16 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-05 21:52 - 2011-04-12 14:00 - 00745020 _____ C:\Windows\system32\perfh013.dat 2015-11-05 21:52 - 2011-04-12 14:00 - 00152972 _____ C:\Windows\system32\perfc013.dat 2015-11-05 21:52 - 2009-07-14 06:13 - 01668596 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-05 21:46 - 2015-06-18 10:08 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-05 21:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-05 21:46 - 2009-07-14 05:51 - 00098841 _____ C:\Windows\setupact.log 2015-11-05 21:45 - 2014-09-11 11:22 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2015-11-05 19:27 - 2014-09-11 11:17 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Raptr 2015-11-05 19:16 - 2015-04-28 15:00 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\CDisplayEx 2015-11-04 17:50 - 2015-03-26 18:00 - 00000000 ____D C:\Users\Alexander\Downloads\PopcornTime 2015-11-03 23:02 - 2014-09-11 10:53 - 00000000 ____D C:\ProgramData\MFAData 2015-11-01 20:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-10-23 10:48 - 2014-09-11 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-10-22 11:29 - 2015-06-18 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-10-21 17:10 - 2014-09-12 00:51 - 00306112 _____ C:\Windows\DirectX.log 2015-10-21 12:13 - 2015-01-21 19:07 - 00000000 ____D C:\ProgramData\Oracle 2015-10-21 11:58 - 2015-01-21 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-10-21 11:49 - 2014-09-11 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-21 11:49 - 2010-11-21 04:47 - 00020374 _____ C:\Windows\PFRO.log 2015-10-10 13:06 - 2015-02-08 15:22 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Skype 2015-10-09 13:28 - 2014-09-11 10:58 - 00000000 ____D C:\ProgramData\AVG2015 ==================== Bestanden in de root van sommige mappen ======= 2015-07-03 16:48 - 2015-07-03 16:48 - 0003584 _____ () C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ================= (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\SysWOW64\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => MD5 is legitim C:\Windows\SysWOW64\User32.dll => MD5 is legitim C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend ==================== BCD ================================ Windows-opstartbeheer --------------------- id {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale nl-NL inherit {globalsettings} default {current} resumeobject {8fe5196d-2b00-11e4-8e1b-f6598f59298c} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-opstartlaadprogramma ---------------------------- id {8fe51965-2b00-11e4-8e1b-f6598f59298c} device ramdisk=[C:]\Recovery\8fe51965-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe51966-2b00-11e4-8e1b-f6598f59298c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\8fe51965-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe51966-2b00-11e4-8e1b-f6598f59298c} systemroot \windows nx OptIn winpe Yes Windows-opstartlaadprogramma ---------------------------- id {8fe5196b-2b00-11e4-8e1b-f6598f59298c} device ramdisk=[C:]\Recovery\8fe5196b-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe5196c-2b00-11e4-8e1b-f6598f59298c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\8fe5196b-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe5196c-2b00-11e4-8e1b-f6598f59298c} systemroot \windows nx OptIn winpe Yes Windows-opstartlaadprogramma ---------------------------- id {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale nl-NL inherit {bootloadersettings} recoverysequence {8fe5196f-2b00-11e4-8e1b-f6598f59298c} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {8fe5196d-2b00-11e4-8e1b-f6598f59298c} nx OptIn Windows-opstartlaadprogramma ---------------------------- id {8fe5196f-2b00-11e4-8e1b-f6598f59298c} device ramdisk=[C:]\Recovery\8fe5196f-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe51970-2b00-11e4-8e1b-f6598f59298c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\8fe5196f-2b00-11e4-8e1b-f6598f59298c\Winre.wim,{8fe51970-2b00-11e4-8e1b-f6598f59298c} systemroot \windows nx OptIn winpe Yes Hervatten uit sluimerstand -------------------------- id {8fe5196d-2b00-11e4-8e1b-f6598f59298c} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale nl-NL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-geheugentest -------------------- id {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Geheugencontrole locale nl-NL inherit {globalsettings} badmemoryaccess Yes EMS-instellingen ---------------- id {emssettings} bootems Yes Debugger-instellingen --------------------- id {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-defecten ------------ id {badmemory} Globale instellingen -------------------- id {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Instellingen voor opstartlaadprogramma -------------------------------------- id {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor-instellingen ------------------- id {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Instellingen voor hervattingslaadprogramma ------------------------------------------ id {resumeloadersettings} inherit {globalsettings} Apparaatopties -------------- id {8fe51966-2b00-11e4-8e1b-f6598f59298c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\8fe51965-2b00-11e4-8e1b-f6598f59298c\boot.sdi Apparaatopties -------------- id {8fe5196c-2b00-11e4-8e1b-f6598f59298c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\8fe5196b-2b00-11e4-8e1b-f6598f59298c\boot.sdi Apparaatopties -------------- id {8fe51970-2b00-11e4-8e1b-f6598f59298c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\8fe5196f-2b00-11e4-8e1b-f6598f59298c\boot.sdi LastRegBack: 2015-11-02 11:05 ==================== Eind van FRST.txt ============================