Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 02.01.2018 Gestart door Anja (Beheerder) op LAPTOP-ANJA (03-01-2018 13:38:18) Gestart vanaf C:\Users\Anja\Desktop Geladen Profielen: Anja (Beschikbare Profielen: Anja) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fsorsp64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fshoster64.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (Spotify Ltd) C:\Users\Anja\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe () C:\Program Files (x86)\SABnzbd\SABnzbd.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.12.577\ASUSWSLoader.exe [63968 2016-10-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [MediaFace Integration] => C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2003-08-18] (Fellowes, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [Spotify] => C:\Users\Anja\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-21] (Spotify Ltd) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [Spotify Web Helper] => C:\Users\Anja\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-21] (Spotify Ltd) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-06] (Google Inc.) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-15] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk [2015-12-18] ShortcutTarget: SearchTooKnowDesktopSearch.lnk -> C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe () Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-06-20] ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe () ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.121.1.34 195.121.1.66 Tcpip\..\Interfaces\{AE63B002-04F2-4779-B01C-82D2F2C3EB2B}: [DhcpNameServer] 192.168.96.1 Tcpip\..\Interfaces\{D17055EE-C03B-4C0F-A90B-58D8B35D1F85}: [DhcpNameServer] 195.121.1.34 195.121.1.66 Internet Explorer: ================== HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/ HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.kpnvandaag.nl/ SearchScopes: HKU\S-1-5-21-3923666968-2032427885-3240601155-1001 -> DefaultScope {31C231EA-22AF-4A64-A6CF-0FC260EE2BFF} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} SearchScopes: HKU\S-1-5-21-3923666968-2032427885-3240601155-1001 -> {31C231EA-22AF-4A64-A6CF-0FC260EE2BFF} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-15] (Microsoft Corporation) BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\browser\install\fs_ie_https\fs_ie_https64.dll [2017-12-06] (F-Secure Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-15] (Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\browser\install\fs_ie_https\fs_ie_https.dll [2017-12-06] (F-Secure Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-15] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-12-06] FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-02] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.kpnvandaag.nl/","hxxp://www.google.nl/" CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default [2018-01-03] CHR Extension: (Presentaties) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Documenten) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06] CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06] CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06] CHR Extension: (Spreadsheets) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Offline Documenten) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18] CHR Extension: (Cisco WebEx Extension) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-11-13] CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-18] CHR Extension: (Skype) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03] CHR Extension: (Google Hangouts) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-16] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-03] CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21] CHR Extension: (Chrome Media Router) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-12-30] CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-30] CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [Bestand niet getekend] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation) R2 fshoster; C:\Program Files (x86)\KPN Veilig\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\KPN Veilig\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsulhoster; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fshoster64.exe [343008 2017-12-06] (F-Secure Corporation) R2 fsulorsp; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fsorsp64.exe [78304 2017-12-06] (F-Secure Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [Bestand niet getekend] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation) R3 F-Secure Gatekeeper; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fsulgk.sys [221888 2017-12-06] (F-Secure Corporation) R1 F-Secure UL HIPS; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1511165593\fshs.sys [100032 2017-12-06] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [73928 2017-12-06] () R3 fsni; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1512041808\fsni64.sys [120520 2017-12-06] (F-Secure Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-01-03] (Windows (R) Win 7 DDK provider) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-01-03 13:38 - 2018-01-03 13:40 - 000021689 _____ C:\Users\Anja\Desktop\FRST.txt 2018-01-03 13:36 - 2018-01-03 13:36 - 000000000 ____D C:\Users\Anja\Desktop\FRST-OlderVersion 2018-01-02 19:25 - 2018-01-02 19:25 - 000011418 _____ C:\Users\Anja\Documents\cc_20180102_192538.reg 2018-01-02 19:24 - 2018-01-02 19:24 - 000308306 _____ C:\Users\Anja\Documents\cc_20180102_192411.reg 2018-01-02 19:21 - 2018-01-02 19:21 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-01-02 19:21 - 2018-01-02 19:21 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-01-02 19:21 - 2018-01-02 19:21 - 000000836 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-01-02 19:21 - 2018-01-02 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-01-02 19:21 - 2018-01-02 19:21 - 000000000 ____D C:\Program Files\CCleaner 2018-01-02 19:19 - 2018-01-02 19:19 - 011201632 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup538.exe 2018-01-01 16:18 - 2018-01-01 16:18 - 000004122 _____ C:\Users\Anja\Desktop\AdwCleaner[C0].txt 2018-01-01 16:06 - 2018-01-01 16:07 - 000000000 ____D C:\AdwCleaner 2017-12-31 13:33 - 2017-12-31 13:33 - 008198432 _____ (Malwarebytes) C:\Users\Anja\Desktop\adwcleaner_7.0.6.0.exe 2017-12-30 18:26 - 2017-12-30 18:40 - 000009433 _____ C:\Users\Anja\Desktop\Fixlog.txt 2017-12-29 18:13 - 2017-12-29 18:17 - 000048360 _____ C:\Users\Anja\Downloads\Addition.txt 2017-12-29 18:10 - 2017-12-29 18:17 - 000035214 _____ C:\Users\Anja\Downloads\FRST.txt 2017-12-29 18:09 - 2017-12-29 18:09 - 000001164 _____ C:\Users\Anja\Desktop\FRST64 - Snelkoppeling.lnk 2017-12-29 18:08 - 2018-01-03 13:36 - 002393088 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2017-12-29 18:06 - 2018-01-03 13:38 - 000000000 ____D C:\FRST 2017-12-28 13:40 - 2017-12-28 13:40 - 000061772 _____ C:\Users\Anja\Downloads\BevestigingWijzigingRoodstand.pdf 2017-12-15 23:23 - 2017-12-04 17:23 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-12-15 23:23 - 2017-12-04 17:23 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-15 16:34 - 2017-12-15 16:34 - 000000000 ___SD C:\Users\Anja\Documents\Mijn gegevensbronnen 2017-12-13 07:54 - 2017-11-17 16:37 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-12-13 07:54 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-12-13 07:54 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-12-13 07:54 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-12-13 07:54 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-12-13 07:54 - 2017-11-14 03:55 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-12-13 07:54 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-12-13 07:54 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-12-13 07:54 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-12-13 07:54 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-12-13 07:54 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-12-13 07:54 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-12-13 07:54 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-12-13 07:54 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-12-13 07:54 - 2017-11-08 16:55 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-12-13 07:54 - 2017-11-07 22:15 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2017-12-13 07:54 - 2017-11-07 21:49 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2017-12-13 07:54 - 2017-11-07 21:46 - 000285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2017-12-13 07:54 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-12-13 07:54 - 2017-11-07 21:29 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2017-12-13 07:54 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-12-13 07:54 - 2017-11-07 21:27 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll 2017-12-13 07:54 - 2017-11-07 21:22 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-12-13 07:54 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-12-13 07:54 - 2017-11-07 21:08 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2017-12-13 07:54 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-12-13 07:54 - 2017-11-07 21:02 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2017-12-13 07:54 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-12-13 07:54 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-12-13 07:54 - 2017-10-18 18:14 - 000136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-12-13 07:54 - 2017-10-14 08:55 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-12-13 07:54 - 2017-10-14 08:29 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-12-13 07:54 - 2017-10-14 08:23 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-12-13 07:54 - 2017-10-14 08:17 - 003717632 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-12-13 07:54 - 2017-10-14 07:41 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-12-13 07:54 - 2017-10-14 07:19 - 000780800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-12-13 07:54 - 2017-10-10 17:39 - 001192960 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2017-12-13 07:54 - 2017-10-10 17:29 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2017-12-13 07:54 - 2017-10-10 16:42 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2017-12-13 07:54 - 2017-10-10 15:58 - 000949760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2018-01-03 12:59 - 2015-06-18 22:23 - 000003822 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02229865-6608-4024-8940-29F8DE35AA20} 2018-01-02 19:21 - 2015-06-20 00:33 - 000000000 ____D C:\Users\Anja\AppData\Local\Spotify 2018-01-02 18:19 - 2015-06-20 00:32 - 000000000 ____D C:\Users\Anja\AppData\Roaming\Spotify 2018-01-02 14:29 - 2017-03-14 17:39 - 000003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnja 2018-01-02 14:29 - 2017-03-14 17:39 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForAnja.job 2018-01-02 13:51 - 2015-06-18 22:23 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3923666968-2032427885-3240601155-1001 2018-01-02 13:31 - 2016-01-30 20:02 - 000001543 _____ C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk 2018-01-02 13:26 - 2015-06-18 22:19 - 000000074 _____ C:\Users\Anja\AppData\Roaming\sp_data.sys 2018-01-02 13:18 - 2016-01-30 20:01 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture 2018-01-02 13:16 - 2015-06-18 22:22 - 000000000 __RDO C:\Users\Anja\SkyDrive 2018-01-01 16:09 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-01 16:08 - 2015-06-21 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2018-01-01 16:08 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-12-30 19:12 - 2015-08-09 23:27 - 000000000 ____D C:\Users\Anja\Documents\Anja 2017-12-20 18:09 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2017-12-17 21:24 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2017-12-15 23:21 - 2015-06-18 22:35 - 000000000 ____D C:\Program Files (x86)\KPN Veilig 2017-12-15 23:21 - 2013-08-22 15:44 - 000380856 _____ C:\Windows\system32\FNTCACHE.DAT 2017-12-15 22:23 - 2015-06-21 00:38 - 000000000 ____D C:\ProgramData\Spotnet 2017-12-15 22:22 - 2015-07-02 22:45 - 000001125 _____ C:\Users\Public\Desktop\Spotnet.lnk 2017-12-15 22:22 - 2015-07-02 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet 2017-12-15 22:22 - 2015-07-02 22:45 - 000000000 ____D C:\Program Files (x86)\Spotnet 2017-12-15 21:16 - 2015-12-13 01:41 - 000002076 _____ C:\Users\Public\Desktop\Design&Print.lnk 2017-12-15 21:16 - 2015-12-13 01:37 - 000000000 ____D C:\Program Files (x86)\Design&Print 2017-12-15 15:48 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-15 15:46 - 2015-06-20 00:18 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-12-14 22:42 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp 2017-12-14 22:35 - 2015-06-19 23:41 - 000000000 ____D C:\Windows\system32\MRT 2017-12-14 22:31 - 2017-11-29 20:28 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-12-14 22:31 - 2015-06-19 23:41 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-12-14 19:14 - 2015-08-21 21:54 - 000002225 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-12-12 12:04 - 2015-06-24 14:17 - 000000000 ____D C:\Users\Anja\AppData\Roaming\Skype 2017-12-10 20:20 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-06 09:18 - 2015-06-18 22:45 - 000073928 _____ C:\Windows\system32\Drivers\fsbts.sys 2017-12-06 09:18 - 2015-06-18 22:35 - 000000000 ____D C:\ProgramData\F-Secure ==================== Bestanden in de root van sommige mappen ======= 2015-08-04 19:26 - 2016-02-28 21:53 - 000099384 _____ () C:\Users\Anja\AppData\Roaming\inst.exe 2015-08-04 19:26 - 2016-02-28 21:53 - 000007859 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.cat 2015-08-04 19:26 - 2016-02-28 21:53 - 000001167 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.inf 2015-08-04 19:26 - 2016-02-28 21:53 - 000000055 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.log 2015-08-04 19:26 - 2016-02-28 21:53 - 000082816 _____ (VSO Software) C:\Users\Anja\AppData\Roaming\pcouffin.sys 2015-06-18 22:19 - 2018-01-02 13:26 - 000000074 _____ () C:\Users\Anja\AppData\Roaming\sp_data.sys ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-01-08 19:05 ==================== Eind van FRST.txt ============================