Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LAG/FREEZE, Crashes, Insufficient Memory, Eating HD Space [Closed]

Started by DutchCoastWest , Oct 04 2016 03:41 PM

  • This topic is locked This topic is locked

#1
DutchCoastWest
Posted 04 October 2016 - 03:41 PM

DutchCoastWest

    Member

  • Member
  • PipPip
  • 21 posts
LAG/FREEZE (Screen often freezing 15-30 seconds on both Windows Desktop and any Internet Browser I try to use)
 
CRASHING: Display Driver, Adobe Reader, 'some' Word files suddenly show a registry problem while they've been good for years
 
HIGH CPU USE / INSUFFICIENT MEMORY MESSAGES
 
DISK SPACE BEING EATEN (this stopped after removing the latest Office)
 
SYSTEM: Windows 8.1. 32 bits x64 processor
 
Question: Additionally to tracing Malware, which programs are recommended to detect/remove virusses?

Edited by DutchCoastWest, 09 October 2016 - 12:15 AM.

  • 0

Advertisements

#2
DutchCoastWest
Posted 09 October 2016 - 12:12 AM

DutchCoastWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 04-10-2016

Gestart door Tim (Beheerder) op NOTEBOOK (09-10-2016 07:59:26)
Gestart vanaf C:\Users\Tim\Desktop
Geladen Profielen: Tim (Beschikbare Profielen: Tim)
Platform: Microsoft Windows 8.1 met Bing (X86) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiWF.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fmon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-05-12] (ASUSTek Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-24] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920 2014-09-22] (Realtek Semiconductor)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc6e2-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc7e3-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk [2016-10-08]
ShortcutTarget: Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21
Tcpip\..\Interfaces\{18E1ADCD-3EB8-486B-955A-50F3C0A0AD8D}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{FDD3A532-872B-44B5-B689-698AD0D3A9B5}: [DhcpNameServer] 84.116.46.20 84.116.46.21
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
 
FireFox:
========
FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2016-10-09]
CHR Extension: (Google Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Google Spreadsheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (Offline Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-01]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-12-17] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-06-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [75264 2014-06-24] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [89088 2014-06-24] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [82432 2014-06-24] (Intel Corporation)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [107026 2015-10-06] (Fortinet Inc.) [Bestand niet getekend]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277976 2014-06-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280304 2014-05-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation)
S3 AvgAMPS; "C:\Program Files\AVG\Av\avgamps.exe" [X]
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [70936 2015-08-17] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [307928 2014-12-17] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [145112 2014-12-17] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [132312 2014-12-17] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-24] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-24] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-24] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-24] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [174080 2014-06-24] (Intel Corporation)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15232 2015-10-06] (Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [40176 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [32128 2015-10-06] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [13696 2015-10-06] (Fortinet Inc)
R1 fortimon3; C:\Windows\System32\drivers\fortimon3.sys [37760 2015-10-06] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126848 2015-10-06] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [39296 2015-10-06] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [64896 2015-10-06] (Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [32128 2015-10-06] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28032 2015-10-06] (Fortinet Inc)
R3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [58120 2015-08-26] (Fortinet Inc)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-05-16] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-05-16] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-07] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [260608 2014-06-27] (Intel® Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-07] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation)
S3 mdareDriver_60; C:\Program Files\Fortinet\FortiClient\mdare32_60.sys [93056 2016-03-10] (Fortinet Inc.)
R3 mdareDriver_62; C:\Program Files\Fortinet\FortiClient\mdare32_62.sys [93056 2016-10-08] (Fortinet Inc.)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation)
R3 pppop; C:\Windows\system32\DRIVERS\pppop.sys [46856 2015-07-23] (Fortinet Inc.)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [209624 2014-10-23] (Realtek Semiconductor Corp.)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-05-13] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [203096 2014-05-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93016 2014-05-13] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Gemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-10-09 07:59 - 2016-10-09 07:59 - 00017796 _____ C:\Users\Tim\Desktop\FRST.txt
2016-10-09 07:52 - 2016-10-09 07:59 - 00000000 ____D C:\FRST
2016-10-09 07:52 - 2016-10-09 07:52 - 01755136 _____ (Farbar) C:\Users\Tim\Desktop\FRST.exe
2016-10-07 13:36 - 2016-10-07 13:36 - 03625695 _____ C:\Users\Tim\Downloads\scsetup.zip
2016-10-07 13:17 - 2016-10-07 13:17 - 00000000 ____D C:\ProgramData\Western Digital
2016-10-07 13:17 - 2016-10-07 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2016-10-07 13:16 - 2016-10-07 13:17 - 00000000 ____D C:\Program Files\Western Digital
2016-10-07 13:15 - 2016-10-07 13:15 - 12364143 _____ C:\Users\Tim\Downloads\WDSecuritySetup_for_web_1.3.0.18.zip
2016-10-06 09:06 - 2016-10-06 09:07 - 08289152 _____ C:\Users\Tim\Downloads\Fwd%3a_.zip
2016-10-04 21:30 - 2016-10-04 21:30 - 00000000 ____D C:\Users\Tim\Desktop\TRANSAVIA PRINT ETC
2016-09-29 16:22 - 2016-09-29 16:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-09-27 09:04 - 2016-09-27 09:04 - 00001624 _____ C:\Users\Tim\Desktop\STENEN GROOTHANDEL - Snelkoppeling.lnk
2016-09-21 06:42 - 2016-09-21 06:42 - 00001786 _____ C:\Users\Tim\Desktop\REIKI 1 ROUTES - Snelkoppeling.lnk
2016-09-20 15:39 - 2016-09-20 15:39 - 00001786 _____ C:\Users\Tim\Desktop\REIKI 2 ROUTES - Snelkoppeling.lnk
2016-09-20 14:31 - 2016-09-20 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-09-13 13:49 - 2016-10-04 21:20 - 00000000 ____D C:\Users\Tim\Desktop\GEUPDATE
2016-09-09 17:18 - 2016-09-09 17:18 - 00001665 _____ C:\Users\Tim\Desktop\Reiki Diploma - Snelkoppeling.lnk
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-10-09 07:36 - 2016-03-09 17:25 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff.job
2016-10-09 07:06 - 2016-03-23 01:56 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-09 07:06 - 2016-03-09 14:25 - 00000093 _____ C:\Users\Tim\AppData\Roaming\sp_data.sys
2016-10-09 02:16 - 2016-03-23 01:56 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-08 17:12 - 2014-05-13 04:14 - 00808252 _____ C:\Windows\system32\perfh013.dat
2016-10-08 17:12 - 2014-05-13 04:14 - 00163020 _____ C:\Windows\system32\perfc013.dat
2016-10-08 17:12 - 2014-03-18 09:46 - 01823174 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-08 17:12 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2016-10-08 17:06 - 2016-03-13 15:02 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-10-08 17:06 - 2016-03-09 17:25 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-08 17:06 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-08 14:17 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-07 13:18 - 2014-12-17 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-05 17:12 - 2016-03-09 16:55 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2016-10-04 21:41 - 2016-08-31 16:57 - 00000000 ____D C:\Users\Tim\Downloads\(31-8-16)_Zorgovereenkomsten_Pa_Ma_LAATSTE_VERSIE
2016-10-04 12:33 - 2016-03-09 17:27 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-02 09:03 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\NDF
2016-09-29 16:22 - 2016-03-09 16:55 - 00000000 ____D C:\ProgramData\Skype
2016-09-21 07:44 - 2016-08-26 13:20 - 00001841 _____ C:\Users\Tim\Desktop\ANDRE UPDATE ZOMER 2016 - Snelkoppeling.lnk
2016-09-20 14:31 - 2016-03-09 17:24 - 00000000 ____D C:\Program Files\Google
2016-09-13 20:06 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-11 14:55 - 2016-03-09 16:55 - 00000000 ___RD C:\Program Files\Skype
 
==================== Bestanden in de root van sommige mappen =======
 
2016-03-09 14:25 - 2016-10-09 07:06 - 0000093 _____ () C:\Users\Tim\AppData\Roaming\sp_data.sys
2016-05-27 10:16 - 2016-05-27 10:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-12 19:43 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-05-12 19:43 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-12 19:43 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2016-10-04 12:17
 
==================== Eind van FRST.txt ============================
 
 
 
 
 
 
 
Extra scanresultaten van Farbar Recovery Scan Tool (x86) Versie: 04-10-2016
Gestart door Tim (09-10-2016 08:00:14)
Gestart vanaf C:\Users\Tim\Desktop
Microsoft Windows 8.1 met Bing (X86) (2016-03-09 12:25:24)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1556124094-4218111898-1118812907-500 - Administrator - Disabled)
Gast (S-1-5-21-1556124094-4218111898-1118812907-501 - Limited - Disabled)
Tim (S-1-5-21-1556124094-4218111898-1118812907-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: FortiClient AntiVirus (Enabled - Up to date) {71629DC5-BE6F-CCD3-C5A5-014980643264}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: FortiClient AntiVirus (Enabled - Up to date) {CA037C21-9855-C35D-FF15-3A3BFBE378D9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.103.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FortiClient (HKLM\...\{B5E0B33F-91D4-408B-BE40-46BCA75F3914}) (Version: 5.4.0.0780 - Fortinet Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{2DAFEEDC-792D-4F00-A854-C4F2AD2A2A73}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{2C355CC7-B163-4A89-8970-6C7B60FDA88A}) (Version: 12.5.32.37 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{C9340C9F-E64D-4705-8C4D-6C191E530A7B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4192 - Realtek Semiconductor Corp.)
Skype™ 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Security (HKLM\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\WinDirStat) (Version:  - )
Windows-stuurprogrammapakket - ASUS (AsusHID) Mouse  (02/11/2015 3.0.0.45) (HKLM\...\A552D97B1B8FC58219CD2CF1374B13186F1FE6F0) (Version: 02/11/2015 3.0.0.45 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
CustomCLSID: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuthLib.dll ()
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {00BF703C-828F-475D-A6F3-B30EA29C0A58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {2266C6E7-AF90-42B9-AF05-2A1C826A4E6D} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {28F92BBD-6006-4B66-B896-F4FD38F8ABDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {4C96F785-60EF-4E4F-A78A-786948B84B54} - System32\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {6FE97451-73E2-48BB-A492-0E81D9945AEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {8376A16A-E897-446E-8A66-FBE85D0126DF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-17] (AsusTek)
Task: {8C38D76A-91B2-4498-8FA6-349885A6250D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {99C95E1C-8CFC-408C-9314-E863597E4B5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {9FF19096-4A42-4520-94B8-55783CD66E23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {A0CB0AFA-6E7C-42EE-9219-DE8C2C098451} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {AB98B912-E968-4B06-841E-79C8ABB962ED} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1556124094-4218111898-1118812907-1001 => C:\Users\Tim\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation)
Task: {AC447C2B-DC6D-4124-9605-CC4C6974965C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B52E8B5A-810C-4320-A0E3-A1FBD6F56945} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {EAE83D03-C342-47BF-AD5C-6A23C44C7649} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {EDFC9097-63BD-46DE-A623-E8C8AD8E67A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F4A46B36-D3DB-41E6-83EC-FB7A75EB7EBF} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {FD4D379A-2E71-4A85-8CAD-A65793A31A32} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {FE397AAF-449B-4481-96E1-EEAB39F31145} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Snelkoppelingen =============================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
==================== Geladen Modules (gefilterd) ==============
 
2015-10-06 12:08 - 2015-10-06 12:08 - 00552978 _____ () C:\Program Files\Fortinet\FortiClient\sqlite3.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00117248 _____ () C:\Program Files\ASUS\Splendid\CCTAdjust.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00037936 _____ () C:\Program Files\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00018992 _____ () C:\Program Files\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00020528 _____ () C:\Program Files\ASUS\Splendid\AMDRegammaAndGamut.dll
2016-08-23 07:50 - 2016-08-23 07:50 - 01383616 _____ () C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-03-09 17:11 - 2004-07-26 18:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2016-10-04 12:33 - 2016-09-25 05:47 - 01805416 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-04 12:33 - 2016-09-25 05:47 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.143\libegl.dll
2016-07-28 21:46 - 2016-07-28 21:46 - 22393528 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-16 18:44 - 2016-05-16 18:44 - 00322232 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-06-30 13:55 - 2016-06-30 13:55 - 46476472 _____ () C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
 
==================== Hosts Inhoud: ===============================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Control Panel\Desktop\\Wallpaper -> C:\ONTWIKKELINGEN\OVERZICHT - 3D ZAKEN\ELEKTRONICA\COMPUTER\Featured-Image-Palazzo-Versace.jpg
DNS Servers: 84.116.46.20 - 84.116.46.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6DE25E97-2325-48BB-8C66-365A01D765E4}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{25DDB58A-9B0A-4C2A-BFDF-CCE0FBFB573C}] => (Allow) C:\Program Files\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{74AD9D60-0851-4DF1-9C70-ED7BD0C4B21E}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{AC234BFC-0570-405E-9C91-51D04D2F750B}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{E1BDC74F-A09B-4153-93C8-9FDCE519B4C5}] => (Allow) C:\Users\Tim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{37E39FEA-EC6E-41B7-9920-9E11FD966208}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{8EB7679A-A0D9-4CBB-8AEB-00A319CC768F}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{657E7A52-860A-4ACB-9843-E7AC58E4E6C6}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{311CE309-019B-4FCE-BCD0-4FA2E80F9004}] => (Allow) LPort=5357
FirewallRules: [{21C50817-0081-4BCA-B561-D0FD84715818}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E23F3911-9934-468D-A092-04D6A5E1A1FE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Herstelpunten =========================
 
AANDACHT: Systeemherstel is uitgeschakeld
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (10/08/2016 09:36:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/08/2016 09:36:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/08/2016 09:36:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/08/2016 09:36:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/08/2016 09:36:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\VirtualPTP\AsusVirtualPTP\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/08/2016 09:36:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win81\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/05/2016 03:04:12 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: De lijst met opgenomen en uitgesloten locaties kan niet worden verwerkt door de Windows-zoekservice met de fout <30, 0x80040d07, "iehistory://{S-1-5-21-1556124094-4218111898-1118812907-1001}/">.
 
Error: (10/05/2016 10:12:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/05/2016 10:12:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (10/05/2016 10:12:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
 
Systeemfouten:
=============
Error: (10/09/2016 05:38:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM heeft de foutmelding 1053 gekregen bij het starten van de gupdate-service met de argumenten /comsvc om de server 
{4EB61BAC-A3B6-4760-9581-655041EF4D69} te starten
 
Error: (10/09/2016 05:38:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Google Update-service (gupdate)-service kan vanwege de volgende fout niet worden gestart: 
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.
 
Error: (10/09/2016 05:38:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Google Update-service (gupdate).
 
Error: (10/09/2016 03:57:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: WSearch.
 
Error: (10/09/2016 03:46:47 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (10/09/2016 03:46:17 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (10/09/2016 03:45:46 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (10/09/2016 03:45:10 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (10/09/2016 12:38:01 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM heeft de foutmelding 1053 gekregen bij het starten van de gupdate-service met de argumenten /comsvc om de server 
{4EB61BAC-A3B6-4760-9581-655041EF4D69} te starten
 
Error: (10/09/2016 12:38:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Google Update-service (gupdate)-service kan vanwege de volgende fout niet worden gestart: 
%%1053 = De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-09 16:36:39.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 16:36:39.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 16:36:37.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Atom™ CPU Z3735F @ 1.33GHz
Percentage geheugen in gebruik: 72%
Totaal fysiek RAM-geheugen: 1983.15 MB
Beschikbaar fysiek RAM-geheugen: 546.77 MB
Totaal Virtueel geheugen: 4031.15 MB
Beschikbaar Virtual geheugen: 2167.52 MB
 
==================== Schijven ================================
 
Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:6.17 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7A5C92A5)
 
Partition: GPT.
 
==================== Eind van Addition.txt ============================

Edited by DutchCoastWest, 09 October 2016 - 12:13 AM.

  • 0

#3
dbreeze
Posted 05 November 2016 - 10:45 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi DutchCoastWest,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


 


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.



Let's get started....

Sorry for the delay in replying to you; sometimes the forum gets busy and unfurtunate things happen.

Do you still need assistance with your system?  If so, can you run the following to produce new logs and post them?

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

This is an updated version of FRST.exe and will include the latest detections.

 

  • Right click on the FRST.exe file on your desktop and select "Rename".  Change the name to EnglishFRST.exe
  • Right click the EnglishFRST.exe file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#4
dbreeze
Posted 21 November 2016 - 01:16 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP