Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 10.10.2018 Gestart door Anja (Beheerder) op LAPTOP-ANJA (18-10-2018 17:58:51) Gestart vanaf C:\Users\Anja\Downloads Geladen Profielen: Anja (Beschikbare Profielen: Anja) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fshoster64.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fsorsp64.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (F-Secure Corporation) C:\Program Files (x86)\KPN Veilig\fshoster32.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\SABnzbd\SABnzbd.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.12.577\ASUSWSLoader.exe [63968 2016-10-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [MediaFace Integration] => C:\Program Files (x86)\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2003-08-18] (Fellowes, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [Spotify] => C:\Users\Anja\AppData\Roaming\Spotify\Spotify.exe [24945384 2018-10-17] (Spotify Ltd) HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-13] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-15] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk [2015-12-19] ShortcutTarget: SearchTooKnowDesktopSearch.lnk -> C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe (Geen bestand) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-06-20] ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe () ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 Tcpip\..\Interfaces\{AE63B002-04F2-4779-B01C-82D2F2C3EB2B}: [DhcpNameServer] 192.168.2.254 Tcpip\..\Interfaces\{D17055EE-C03B-4C0F-A90B-58D8B35D1F85}: [DhcpNameServer] 192.168.2.254 Internet Explorer: ================== HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/ HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB HKU\S-1-5-21-3923666968-2032427885-3240601155-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.kpnvandaag.nl/ SearchScopes: HKU\S-1-5-21-3923666968-2032427885-3240601155-1001 -> DefaultScope {31C231EA-22AF-4A64-A6CF-0FC260EE2BFF} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} SearchScopes: HKU\S-1-5-21-3923666968-2032427885-3240601155-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3923666968-2032427885-3240601155-1001 -> {31C231EA-22AF-4A64-A6CF-0FC260EE2BFF} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-07-13] (Microsoft Corporation) BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https64.dll [2018-09-18] (F-Secure Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-13] (Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https.dll [2018-09-18] (F-Secure Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-15] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-09-18] FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-02] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.kpnvandaag.nl/","hxxp://www.google.nl/" CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default [2018-10-17] CHR Extension: (Presentaties) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Documenten) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06] CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06] CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06] CHR Extension: (Spreadsheets) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Offline Documenten) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24] CHR Extension: (Cisco Webex Extension) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-18] CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-02-10] CHR Extension: (Skype) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03] CHR Extension: (Google Hangouts) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-05-23] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21] CHR Extension: (Chrome Media Router) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13] CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-12-30] CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-30] CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [Bestand niet getekend] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation) R2 fshoster; C:\Program Files (x86)\KPN Veilig\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\KPN Veilig\fshoster32.exe [184800 2017-11-08] (F-Secure Corporation) R2 fsulhoster; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fshoster64.exe [581160 2018-09-18] (F-Secure Corporation) R2 fsulorsp; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fsorsp64.exe [78304 2018-09-18] (F-Secure Corporation) R2 fsulprothoster; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe [581160 2018-09-18] (F-Secure Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent) R2 HPSLPSVC; C:\Users\Anja\AppData\Local\Temp\7zS1A57\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [Bestand niet getekend] <==== AANDACHT R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [Bestand niet getekend] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation) R3 F-Secure Gatekeeper; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fsulgk.sys [251728 2018-09-18] (F-Secure Corporation) R1 F-Secure UL HIPS; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\ulcore\1537179249\fshs.sys [112312 2018-09-18] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [65872 2018-08-08] () R3 fsni; C:\Program Files (x86)\KPN Veilig\apps\Ultralight\nif\1537173264\fsni64.sys [112456 2018-09-18] (F-Secure Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-01-03] (Windows (R) Win 7 DDK provider) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-10-18 17:58 - 2018-10-18 18:00 - 000021724 _____ C:\Users\Anja\Downloads\FRST.txt 2018-10-18 17:58 - 2018-10-18 17:58 - 000001164 _____ C:\Users\Anja\Desktop\FRST64 - Snelkoppeling.lnk 2018-10-18 17:54 - 2018-10-18 17:58 - 000000000 ____D C:\FRST 2018-10-18 17:54 - 2018-10-18 17:54 - 002414592 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe 2018-10-18 16:38 - 2018-10-02 19:59 - 000835152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-10-18 16:38 - 2018-10-02 19:59 - 000179792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-10-13 16:30 - 2018-09-18 07:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-10-13 16:30 - 2018-09-18 07:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-10-13 16:30 - 2018-09-18 07:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-10-13 16:30 - 2018-09-18 07:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-10-13 16:30 - 2018-09-18 06:49 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2018-10-13 16:30 - 2018-09-18 06:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-10-13 16:30 - 2018-09-18 06:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-10-13 16:30 - 2018-09-18 06:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-10-13 16:30 - 2018-09-18 06:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-10-13 16:30 - 2018-09-18 06:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-10-13 16:30 - 2018-09-18 06:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-10-13 16:30 - 2018-09-18 06:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-10-13 16:30 - 2018-09-18 05:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-10-13 16:30 - 2018-09-18 05:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2018-10-13 16:30 - 2018-09-18 05:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-10-13 16:30 - 2018-09-18 05:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-10-13 16:30 - 2018-09-18 05:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-10-13 16:30 - 2018-09-18 05:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-10-13 16:30 - 2018-09-11 18:38 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-10-13 16:30 - 2018-09-08 22:53 - 002532552 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2018-10-13 16:30 - 2018-08-26 05:13 - 015441920 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2018-10-13 16:30 - 2018-08-26 05:08 - 013321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2018-10-13 16:30 - 2018-08-14 21:04 - 004171264 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll 2018-10-13 16:30 - 2018-08-09 15:16 - 004876800 _____ (Gracenote, Inc.) C:\Windows\system32\gnsdk_fp.dll 2018-10-13 16:29 - 2018-09-18 06:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-10-13 16:29 - 2018-09-18 05:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-10-13 16:29 - 2018-09-18 02:26 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2018-10-13 16:29 - 2018-09-08 20:40 - 007372224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-10-13 16:29 - 2018-09-08 20:40 - 002014136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2018-10-13 16:29 - 2018-09-08 20:33 - 001368776 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2018-10-13 16:29 - 2018-09-08 20:22 - 001737696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-10-13 16:29 - 2018-09-08 20:22 - 001676152 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-10-13 16:29 - 2018-09-08 20:22 - 001536216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2018-10-13 16:29 - 2018-09-08 20:22 - 001500528 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-10-13 16:29 - 2018-09-08 20:22 - 001371448 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2018-10-13 16:29 - 2018-09-08 19:58 - 001902936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2018-10-13 16:29 - 2018-09-08 17:43 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2018-10-13 16:29 - 2018-09-08 04:12 - 001549040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2018-10-13 16:29 - 2018-09-08 04:12 - 000388336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2018-10-13 16:29 - 2018-09-07 19:39 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2018-10-13 16:29 - 2018-09-07 18:51 - 002849280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2018-10-13 16:29 - 2018-09-01 18:43 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-10-13 16:29 - 2018-08-29 15:51 - 002451800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-10-13 16:29 - 2018-08-26 06:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2018-10-13 16:29 - 2018-08-26 06:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2018-10-13 16:29 - 2018-08-12 22:25 - 000149632 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-10-13 16:29 - 2018-08-12 19:07 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2018-10-13 16:29 - 2018-08-12 18:32 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll 2018-10-13 16:29 - 2018-08-12 16:21 - 001633008 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2018-09-26 13:30 - 2018-09-26 13:30 - 000000000 ____D C:\Users\Anja\Documents\Mijn scans 2018-09-25 08:34 - 2018-10-17 17:18 - 000003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnja 2018-09-25 08:34 - 2018-10-17 17:18 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForAnja.job 2018-09-19 17:57 - 2018-09-19 17:57 - 000000000 ____D C:\ProgramData\WEBREG ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-10-18 17:56 - 2015-06-20 01:33 - 000000000 ____D C:\Users\Anja\AppData\Local\Spotify 2018-10-18 17:51 - 2015-06-18 23:23 - 000003822 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02229865-6608-4024-8940-29F8DE35AA20} 2018-10-18 17:36 - 2015-06-18 23:23 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3923666968-2032427885-3240601155-1001 2018-10-18 17:34 - 2015-06-20 01:32 - 000000000 ____D C:\Users\Anja\AppData\Roaming\Spotify 2018-10-18 17:31 - 2018-05-22 16:30 - 000001543 _____ C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk 2018-10-18 17:31 - 2015-06-18 23:19 - 000000074 _____ C:\Users\Anja\AppData\Roaming\sp_data.sys 2018-10-18 17:30 - 2016-01-30 21:01 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture 2018-10-18 17:30 - 2015-06-18 23:22 - 000000000 ___DO C:\Users\Anja\SkyDrive 2018-10-18 16:37 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-18 16:36 - 2013-08-22 16:44 - 000380856 _____ C:\Windows\system32\FNTCACHE.DAT 2018-10-18 16:36 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2018-10-18 16:28 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-10-18 16:09 - 2015-06-20 00:41 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-10-18 16:09 - 2015-06-20 00:41 - 000000000 ____D C:\Windows\system32\MRT 2018-10-18 16:07 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2018-10-17 16:34 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-17 16:31 - 2015-06-20 01:18 - 000000000 ____D C:\Program Files\Microsoft Office 15 2018-10-14 20:14 - 2017-03-16 17:34 - 000000000 ____D C:\Users\Anja\AppData\Local\CutePDF Writer 2018-10-14 20:14 - 2015-08-10 00:27 - 000000000 ____D C:\Users\Anja\Documents\Anja 2018-10-09 16:55 - 2015-08-10 00:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-03 23:56 - 2015-08-10 00:42 - 000000000 ____D C:\Users\Anja\AppData\LocalLow\Adobe 2018-09-26 13:29 - 2013-12-13 13:27 - 000808154 _____ C:\Windows\system32\perfh013.dat 2018-09-26 13:29 - 2013-12-13 13:27 - 000162364 _____ C:\Windows\system32\perfc013.dat 2018-09-26 13:29 - 2013-12-13 06:09 - 001815760 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-26 13:25 - 2016-11-15 01:05 - 000233180 _____ C:\Windows\hpoins47.dat 2018-09-26 13:23 - 2018-02-21 17:48 - 000000000 ____D C:\Users\Anja\AppData\Local\HP 2018-09-26 13:23 - 2016-11-15 01:41 - 000000000 ____D C:\Users\Anja\AppData\Roaming\HP 2018-09-26 13:23 - 2013-08-22 15:25 - 000000159 _____ C:\Windows\win.ini 2018-09-26 12:36 - 2018-01-02 20:21 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-09-22 13:27 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData 2018-09-19 17:57 - 2016-11-14 14:23 - 000000000 ____D C:\ProgramData\HP 2018-09-19 16:11 - 2015-08-10 00:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-09-19 16:07 - 2015-06-18 23:18 - 000000000 ____D C:\Users\Anja\AppData\Local\Packages 2018-09-18 17:52 - 2015-08-21 22:54 - 000002225 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-18 16:18 - 2018-01-02 20:21 - 000000000 ____D C:\Program Files\CCleaner ==================== Bestanden in de root van sommige mappen ======= 2015-08-04 20:26 - 2016-02-28 22:53 - 000099384 _____ () C:\Users\Anja\AppData\Roaming\inst.exe 2015-08-04 20:26 - 2016-02-28 22:53 - 000007859 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.cat 2015-08-04 20:26 - 2016-02-28 22:53 - 000001167 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.inf 2015-08-04 20:26 - 2016-02-28 22:53 - 000000055 _____ () C:\Users\Anja\AppData\Roaming\pcouffin.log 2015-08-04 20:26 - 2016-02-28 22:53 - 000082816 _____ (VSO Software) C:\Users\Anja\AppData\Roaming\pcouffin.sys 2015-06-18 23:19 - 2018-10-18 17:31 - 000000074 _____ () C:\Users\Anja\AppData\Roaming\sp_data.sys Sommige bestanden in TEMP: ==================== 2018-02-21 17:50 - 2018-02-21 18:03 - 155202304 _____ () C:\Users\Anja\AppData\Local\Temp\HPInstaller.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\system32\winlogon.exe => Bestand is getekend C:\Windows\system32\wininit.exe => Bestand is getekend C:\Windows\explorer.exe => Bestand is getekend C:\Windows\SysWOW64\explorer.exe => Bestand is getekend C:\Windows\system32\svchost.exe => Bestand is getekend C:\Windows\SysWOW64\svchost.exe => Bestand is getekend C:\Windows\system32\services.exe => Bestand is getekend C:\Windows\system32\User32.dll => Bestand is getekend C:\Windows\SysWOW64\User32.dll => Bestand is getekend C:\Windows\system32\userinit.exe => Bestand is getekend C:\Windows\SysWOW64\userinit.exe => Bestand is getekend C:\Windows\system32\rpcss.dll => Bestand is getekend C:\Windows\system32\dnsapi.dll => Bestand is getekend C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-01-08 20:05 ==================== Eind van FRST.txt ============================