Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 05-07-2017 Gestart door Johan (05-07-2017 18:02:57) Run:1 Gestart vanaf C:\Users\Johan\Downloads Geladen Profielen: Gebruiker & Johan (Beschikbare Profielen: Gebruiker & Johan) Boot Modus: Normal ============================================== fixlist inhoud: ***************** start CreateRestorePoint: (Secure Driver Updater.) C:\Program Files (x86)\Secure Driver Updater\SDU.exe () C:\Users\Johan\AppData\Roaming\Event Monitor\em.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe GroupPolicy\User: Restrictie <==== AANDACHT GroupPolicyUsers\S-1-5-21-3157429923-292206502-2485843891-1001\User: Restrictie <==== AANDACHT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium HKU\S-1-5-21-3157429923-292206502-2485843891-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.nl/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0EtD0ByCyDtCzzyEtCyE0CzyyBtN0D0Tzu0StCzytCtAtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0FzytAyD0BtDtCtGtB0E0D0FtG0ByDyEtBtGtByCyC0FtGzztC0AtDyDyEtD0Czz0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyC0DtB0DyEyEtGtAyEzzyEtGyE0FtC0BtGzzyByD0BtGtAtBtCtDtB0AtD0E0E0AtAyD2QtN0A0LzutB%26cr%3D14935247%26a%3Dwbf_frmr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO-x32: Geen Naam -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Geen bestand CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [144864 2017-03-22] (Byte Technologies LLC) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-03-28] () 2017-07-03 17:57 - 2017-07-04 21:50 - 00000286 _____ C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job 2017-07-03 17:57 - 2017-07-03 19:06 - 00003036 _____ C:\Windows\System32\Tasks\SecureDriverUpdater_UPDATES 2017-07-03 17:54 - 2017-07-03 17:54 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\sdu 2017-07-03 16:48 - 2017-07-04 22:56 - 00003178 _____ C:\Windows\System32\Tasks\SecureDriverUpdaterRunAtStartup 2017-07-03 16:48 - 2017-07-03 16:48 - 00001067 _____ C:\Users\Public\Desktop\Secure Driver Updater.lnk 2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 ____D C:\Users\Johan\AppData\Roaming\sdu 2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Driver Updater 2017-07-03 16:46 - 2017-07-03 16:48 - 00000000 ____D C:\Program Files (x86)\Secure Driver Updater 2017-07-04 22:55 - 2017-03-30 08:27 - 00000000 ____D C:\Users\Johan\AppData\Roaming\Event Monitor 2017-07-04 22:50 - 2017-03-28 14:57 - 00000000 ____D C:\ProgramData\AVAST Software ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand Task: {4E4F4779-CA1D-4923-9BDD-44C64AE49033} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] (Byte Technologies LLC) <==== AANDACHT Task: {53B513BD-28E0-4596-8462-DED2A7EF4305} - System32\Tasks\RunAtStartup => C:\Users\Johan\AppData\Roaming\Event Monitor\em.exe [2017-05-29] () <==== AANDACHT Task: {58911FBB-2912-4F13-92E1-BE7F6CEE55B1} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] (Byte Technologies LLC) <==== AANDACHT Task: {E3EC2678-0BFC-422C-8E3C-BAAC17E592D2} - System32\Tasks\SecureDriverUpdaterRunAtStartup => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [2017-07-03] (Secure Driver Updater.) Task: {EBE464CA-65B3-4A49-AFF5-738381A63772} - System32\Tasks\SecureDriverUpdater_UPDATES => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [2017-07-03] (Secure Driver Updater.) Task: C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job => C:\Program Files (x86)\Secure Driver Updater\SDU.exe AlternateDataStreams: C:\Users\Johan\Downloads\launch (10).ica:icasource [114] Hosts: Reboot: end ***************** Herstelpunt is succesvol gemaakt. C:\Program Files (x86)\Secure Driver Updater\SDU.exe => Geen lopend proces gevonden [2248] C:\Users\Johan\AppData\Roaming\Event Monitor\em.exe => Proces succesvol afgesloten. [1552] C:\Program Files\ByteFence\ByteFenceService.exe => Proces succesvol afgesloten. [1228] C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe => Proces succesvol afgesloten. [2268] C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe => Proces succesvol afgesloten. C:\Windows\system32\GroupPolicy\User => is succesvol verplaatst C:\Windows\system32\GroupPolicy\GPT.ini => is succesvol verplaatst C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3157429923-292206502-2485843891-1001\User => is succesvol verplaatst HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKU\S-1-5-21-3157429923-292206502-2485843891-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => waarde met succes hersteld HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde met succes hersteld HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel niet gevonden. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => sleutel niet gevonden. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde met succes hersteld HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel is succesvol verwijderd HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => sleutel niet gevonden. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => sleutel is succesvol verwijderd HKLM\Software\Wow6432Node\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => sleutel niet gevonden. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => sleutel is succesvol verwijderd HKLM\Software\Wow6432Node\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => sleutel niet gevonden. HKLM\SOFTWARE\Google\Chrome\Extensions\bmlggjgglgmlgbendppbpmkpakefkmkd => sleutel is succesvol verwijderd HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => sleutel is succesvol verwijderd HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmlggjgglgmlgbendppbpmkpakefkmkd => sleutel is succesvol verwijderd HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => sleutel is succesvol verwijderd HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => sleutel is succesvol verwijderd HKLM\System\CurrentControlSet\Services\ByteFenceService => sleutel is succesvol verwijderd ByteFenceService => dienst is succesvol verwijderd HKLM\System\CurrentControlSet\Services\rtop => sleutel is succesvol verwijderd rtop => dienst is succesvol verwijderd C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job => is succesvol verplaatst C:\Windows\System32\Tasks\SecureDriverUpdater_UPDATES => is succesvol verplaatst C:\Users\Gebruiker\AppData\Roaming\sdu => is succesvol verplaatst C:\Windows\System32\Tasks\SecureDriverUpdaterRunAtStartup => is succesvol verplaatst C:\Users\Public\Desktop\Secure Driver Updater.lnk => is succesvol verplaatst C:\Users\Johan\AppData\Roaming\sdu => is succesvol verplaatst C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Driver Updater => is succesvol verplaatst C:\Program Files (x86)\Secure Driver Updater => is succesvol verplaatst C:\Users\Johan\AppData\Roaming\Event Monitor => is succesvol verplaatst C:\ProgramData\AVAST Software => is succesvol verplaatst HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden. HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => sleutel niet gevonden. HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => sleutel is succesvol verwijderd HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => sleutel niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E4F4779-CA1D-4923-9BDD-44C64AE49033} => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E4F4779-CA1D-4923-9BDD-44C64AE49033} => sleutel is succesvol verwijderd C:\Windows\System32\Tasks\ByteFence => is succesvol verplaatst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53B513BD-28E0-4596-8462-DED2A7EF4305} => sleutel niet gevonden. C:\Windows\System32\Tasks\RunAtStartup => is succesvol verplaatst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAtStartup => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58911FBB-2912-4F13-92E1-BE7F6CEE55B1} => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58911FBB-2912-4F13-92E1-BE7F6CEE55B1} => sleutel is succesvol verwijderd C:\Windows\System32\Tasks\ByteFence Scan => is succesvol verplaatst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3EC2678-0BFC-422C-8E3C-BAAC17E592D2} => sleutel niet gevonden. C:\Windows\System32\Tasks\SecureDriverUpdaterRunAtStartup => niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecureDriverUpdaterRunAtStartup => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBE464CA-65B3-4A49-AFF5-738381A63772} => sleutel is succesvol verwijderd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE464CA-65B3-4A49-AFF5-738381A63772} => sleutel is succesvol verwijderd C:\Windows\System32\Tasks\SecureDriverUpdater_UPDATES => niet gevonden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecureDriverUpdater_UPDATES => sleutel is succesvol verwijderd C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job => niet gevonden. C:\Users\Johan\Downloads\launch (10).ica => ":icasource" ADS is succesvol verwijderd. C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst Hosts met succes hersteld. Het systeem moest herstart worden. ==== Eind van Fixlog 18:03:45 ====