Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 11-03-2017 Gestart door Gebruiker (Beheerder) op LAPTOP1 (11-03-2017 11:46:56) Gestart vanaf C:\Users\Gebruiker\Downloads Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe () C:\Windows\SysWOW64\Rezip.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation) HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1519384 2017-03-10] (BullGuard Ltd.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [399312 2011-07-07] (Ask) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-543984391-606257222-1702330859-1001\...\Run: [Google Update] => C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-543984391-606257222-1702330859-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-10] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-10] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-10] (BullGuard Ltd.) GroupPolicy: Restrictie <======= AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66 Tcpip\..\Interfaces\{dbe53070-e9d5-432d-ac71-bc1658bbd4be}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66 Internet Explorer: ================== HKU\S-1-5-21-543984391-606257222-1702330859-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/ SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_nl SearchScopes: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_nl SearchScopes: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> {9E6E1E27-0EA6-4BA6-AF7B-3F427C50ED90} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_nl SearchScopes: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> {FF8FC731-3CFE-415D-89EF-A9180A3A82C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ333YYNL&apn_uid=07E3135A-B45B-4618-8FFD-A1F3CD858AF2&apn_sauid=B5BA2182-B6E2-40F3-BAC6-39EAE0472CF0 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-03] (Sun Microsystems, Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-03] (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-07] (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-07-07] (Ask) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.) Toolbar: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> Geen Naam - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Geen bestand Toolbar: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.) Toolbar: HKU\S-1-5-21-543984391-606257222-1702330859-1001 -> Geen Naam - {D4027C7F-154A-4066-A1AD-4243D8127440} - Geen bestand DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-01] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-02-03] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-01] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [Geen bestand] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-543984391-606257222-1702330859-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-543984391-606257222-1702330859-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://nl.msn.com/?pc=UP30&ocid=univskyhp CHR Plugin: (Native Client) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Geen bestand CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => Geen bestand CHR Plugin: (Shockwave Flash) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => Geen bestand CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Geen bestand CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Geen bestand CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Geen bestand CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Geen bestand CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll => Geen bestand CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => Geen bestand CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll => Geen bestand CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default [2017-03-11] CHR Extension: (Angry Birds) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14] CHR Extension: (PanicButton) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2012-11-02] CHR Extension: (Elite Unzip) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn [2015-03-08] CHR Extension: (Jack Spade) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfhcemponaaoollhcoebkpajgdamieo [2015-10-30] CHR Extension: (Open many tabs) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojdgnbbcikfegdjfggdhncpjdekcjle [2017-01-29] CHR Extension: (Super Mario) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieacoaafajmkiffjfagoekhjjbdhbojp [2011-05-07] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Chrome Media Router) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1542936 2017-03-10] (BullGuard Ltd.) R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [704792 2017-03-10] (BullGuard Ltd.) R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185112 2017-03-10] (BullGuard Ltd.) R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [487192 2017-03-10] (BullGuard Ltd.) R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [821528 2017-03-10] (BullGuard Ltd.) R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [5797144 2017-03-10] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [661272 2017-03-10] (BullGuard Ltd.) R2 BsNetworkScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe [403736 2017-03-10] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2017-03-10] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2017-03-10] (BullGuard Ltd.) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.) R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Bestand niet getekend] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [Bestand niet getekend] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 AFW; C:\WINDOWS\System32\DRIVERS\afw.sys [52912 2015-06-15] (Agnitum Ltd.) R3 afwcore; C:\WINDOWS\System32\DRIVERS\afwcore.sys [465072 2015-06-15] (Agnitum Ltd.) R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.) R3 BdNet; C:\WINDOWS\system32\DRIVERS\BdNet.sys [51856 2016-01-13] (BullGuard Ltd.) R1 BdSpy; C:\WINDOWS\System32\DRIVERS\BdSpy.sys [94952 2016-01-13] (BullGuard Ltd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 NovaShieldFilterDriver; C:\WINDOWS\System32\DRIVERS\NSKernel.sys [276144 2016-07-11] (BullGuard Ltd.) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-06-21] (Windows (R) 2003 DDK 3790 provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-15] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell) U4 aspnet_state; geen ImagePath S1 NovaShieldTDIDriver; system32\DRIVERS\NSNetmon.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-11 11:46 - 2017-03-11 11:47 - 00021992 _____ C:\Users\Gebruiker\Downloads\FRST.txt 2017-03-11 11:44 - 2017-03-11 11:46 - 00000000 ____D C:\FRST 2017-03-11 11:44 - 2017-03-11 11:45 - 02424832 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64.exe 2017-03-11 10:24 - 2017-03-11 10:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gebruiker\Downloads\HijackThis.exe 2017-03-10 22:10 - 2017-03-10 22:10 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Oracle 2017-03-10 21:59 - 2017-03-10 21:59 - 00000000 ____D C:\Users\Gebruiker\Documents\Foto's 2017-03-10 18:47 - 2017-03-10 18:45 - 00171192 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll 2017-03-10 18:42 - 2017-03-10 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard 2017-03-10 18:42 - 2017-03-10 18:42 - 00000000 ____D C:\Program Files\Common Files\AV 2017-03-10 18:39 - 2017-03-10 18:39 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\QuickScan 2017-03-10 18:39 - 2017-03-10 18:39 - 00000000 ____D C:\Program Files\BullGuard Ltd 2017-03-10 18:32 - 2017-03-10 18:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\BullGuard 2017-03-10 18:29 - 2017-03-10 18:29 - 00340296 _____ C:\Users\Gebruiker\Downloads\BullGuardDownloader.exe 2017-03-08 20:32 - 2017-03-08 20:32 - 05145019 _____ C:\Users\Gebruiker\Downloads\nlt2-h012-vaklokaal3.zip 2017-03-06 16:12 - 2017-03-06 16:12 - 09930546 _____ C:\Users\Gebruiker\Downloads\2017 workshop 3 ll pws versie 1.pptx 2017-03-06 16:11 - 2017-03-06 16:12 - 04232973 _____ C:\Users\Gebruiker\Downloads\Pws workshop 2 201617 versie 3 AP.pptx 2017-03-05 15:13 - 2017-03-05 15:13 - 00030877 _____ C:\Users\Gebruiker\Downloads\Presentatie.pptx 2017-02-27 15:27 - 2017-02-27 15:27 - 00076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll 2017-02-27 15:27 - 2017-02-27 15:27 - 00061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll 2017-02-27 15:27 - 2017-02-27 15:26 - 00152128 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll 2017-02-17 20:15 - 2017-02-18 21:07 - 00000000 ____D C:\WINDOWS\Minidump ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-11 11:47 - 2013-01-03 16:22 - 00000000 ____D C:\ProgramData\BullGuard 2017-03-11 11:41 - 2016-11-05 19:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-11 10:03 - 2010-09-24 09:53 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2017-03-11 10:02 - 2016-11-05 19:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-11 10:02 - 2016-11-05 19:45 - 00000532 _____ C:\WINDOWS\system32\config\afw_hm.conf 2017-03-11 10:02 - 2016-11-05 19:45 - 00000004 _____ C:\WINDOWS\system32\config\afw_db.conf 2017-03-11 10:01 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-03-11 09:24 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-03-10 21:43 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-10 21:12 - 2012-11-12 18:04 - 00000000 ____D C:\Users\Gebruiker\Documents\susanne 2017-03-10 21:12 - 2012-04-12 19:51 - 00000000 ____D C:\Users\Gebruiker\Downloads\D 2017-03-10 18:32 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated 2017-03-10 18:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-03-10 16:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-09 17:05 - 2016-10-22 12:26 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Kodi 2017-03-09 15:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-08 12:09 - 2010-12-20 19:41 - 00000000 ____D C:\Users\Gebruiker\Documents\Youcam 2017-02-23 21:28 - 2013-10-25 21:40 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 21:25 - 2010-09-24 11:33 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-22 18:28 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-18 15:35 - 2016-12-14 16:01 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 15:35 - 2015-12-29 17:57 - 00002439 _____ C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-18 15:35 - 2015-12-29 17:57 - 00000000 ___RD C:\Users\Gebruiker\OneDrive 2017-02-18 15:32 - 2016-11-05 19:31 - 00000000 ____D C:\Users\Gebruiker ==================== Bestanden in de root van sommige mappen ======= 2012-02-04 13:12 - 2013-04-27 11:23 - 0038074 _____ () C:\Users\Gebruiker\AppData\Roaming\Microsoft Excel 97-2003.ADR 2016-06-16 15:34 - 2016-06-16 15:34 - 0003584 _____ () C:\Users\Gebruiker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-10 13:48 - 2015-05-10 13:48 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{9509680B-D1F9-407A-85C9-A0D05E51AF99} 2016-11-05 19:28 - 2016-11-05 19:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2010-09-24 09:55 - 2010-01-16 06:17 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2014-07-25 19:32 - 2014-07-25 19:38 - 0006931 _____ () C:\ProgramData\Install_vcredist64.log 2014-07-25 19:36 - 2014-07-25 19:38 - 0168568 _____ () C:\ProgramData\Install_vcredist64_0_vcRuntimeMinimum_x64.log 2014-07-25 19:36 - 2014-07-25 19:38 - 0209864 _____ () C:\ProgramData\Install_vcredist64_1_vcRuntimeAdditional_x64.log 2014-07-25 19:37 - 2014-07-25 19:40 - 0006856 _____ () C:\ProgramData\Install_vcredist86.log 2014-07-25 19:37 - 2014-07-25 19:39 - 0173440 _____ () C:\ProgramData\Install_vcredist86_0_vcRuntimeMinimum_x86.log 2014-07-25 19:37 - 2014-07-25 19:39 - 0230462 _____ () C:\ProgramData\Install_vcredist86_1_vcRuntimeAdditional_x86.log 2010-04-26 01:22 - 2010-04-26 01:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-04-26 01:20 - 2010-04-26 01:21 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-04-26 01:16 - 2010-04-26 01:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-04-26 01:21 - 2010-04-26 01:21 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-04-26 01:16 - 2010-04-26 01:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-04-26 01:17 - 2010-04-26 01:20 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Sommige bestanden in TEMP: ==================== 2016-12-14 19:04 - 2016-12-14 19:04 - 0739904 _____ (Oracle Corporation) C:\Users\Gebruiker\AppData\Local\Temp\jre-8u121-windows-au.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-03-03 20:43 ==================== Eind van FRST.txt ============================