Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 12-02-2017 Gestart door ydg63699 (Beheerder) op LUUK-PC (12-02-2017 11:38:08) Gestart vanaf C:\Users\ydg63699\Downloads Geladen Profielen: ydg63699 (Beschikbare Profielen: ydg63699 & Administrator) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINNE.EXE (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.) HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1519384 2017-01-30] (BullGuard Ltd.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.) HKU\S-1-5-21-1068301756-979797124-688642755-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-1068301756-979797124-688642755-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINNE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1068301756-979797124-688642755-1001\...\RunOnce: [Uninstall C:\Users\ydg63699\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ydg63699\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64" HKU\S-1-5-21-1068301756-979797124-688642755-1001\...\MountPoints2: {8302d03b-2fb3-11e6-b3a7-d8fc93d7fb4e} - "K:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1068301756-979797124-688642755-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-01-30] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-01-30] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-01-30] (BullGuard Ltd.) Startup: C:\Users\ydg63699\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2016-05-20] ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.) GroupPolicy: Restrictie <======= AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2a0fd4df-061e-4372-a28f-693751d9805d}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b8f25a70-6daf-4eb0-9e9b-53f1bb58efe6}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1068301756-979797124-688642755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com SearchScopes: HKU\S-1-5-21-1068301756-979797124-688642755-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1068301756-979797124-688642755-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://be.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10281__170212__yaie&p={searchTerms} FireFox: ======== FF ProfilePath: C:\Users\ydg63699\AppData\Roaming\Mozilla\Firefox\Profiles\09arhla4.default-1486894033998 [2017-02-12] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\09arhla4.default-1486894033998 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\09arhla4.default-1486894033998 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\09arhla4.default-1486894033998 -> about:home FF NewTab: Mozilla\Firefox\Profiles\09arhla4.default-1486894033998 -> about:home FF SearchPlugin: C:\Users\ydg63699\AppData\Roaming\Mozilla\Firefox\Profiles\09arhla4.default-1486894033998\searchplugins\yahoo-lavasoft.xml [2017-02-12] FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default [2017-02-12] CHR Extension: (Google Presentaties) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26] CHR Extension: (Google Documenten) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26] CHR Extension: (Google Drive) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26] CHR Extension: (YouTube) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26] CHR Extension: (Google Spreadsheets) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26] CHR Extension: (Offline Documenten) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26] CHR Extension: (mail.com MailCheck) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpebgcnlaohcgdfhbffjajlnpifdkllg [2017-01-12] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26] CHR Extension: (Chrome Media Router) - C:\Users\ydg63699\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1542424 2017-02-01] (BullGuard Ltd.) R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [704792 2017-02-01] (BullGuard Ltd.) R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185112 2017-02-01] (BullGuard Ltd.) R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [487192 2017-01-30] (BullGuard Ltd.) R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [860952 2017-01-30] (BullGuard Ltd.) R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5704472 2017-01-30] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [655640 2017-01-30] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2017-01-30] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2017-01-30] (BullGuard Ltd.) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 AFW; C:\WINDOWS\system32\DRIVERS\afw.sys [52904 2016-01-13] (Agnitum Ltd.) R3 afwcore; C:\WINDOWS\system32\DRIVERS\afwcore.sys [465072 2016-01-13] (Agnitum Ltd.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-02-11] (Advanced Micro Devices) R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-09-29] (BullGuard Ltd.) R3 BdNet; C:\WINDOWS\system32\DRIVERS\BdNet.sys [51856 2016-01-13] (BullGuard Ltd.) R1 BdSpy; C:\WINDOWS\System32\drivers\BdSpy.sys [94952 2016-01-13] (BullGuard Ltd.) S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199680 2016-05-12] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14976 2016-05-12] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET) R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [170792 2016-05-12] (ESET) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4112656 2015-09-23] (Intel Corporation) R1 NovaShieldFilterDriver; C:\WINDOWS\System32\DRIVERS\NSKernel.sys [276144 2016-09-29] (BullGuard Ltd.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-24] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation) R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-03-31] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 ManyCam; \SystemRoot\system32\DRIVERS\mcvidrv.sys [X] S3 mcaudrv_simple; \SystemRoot\system32\drivers\mcaudrv_x64.sys [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160917.001\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160917.001\EX64.SYS [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-12 11:38 - 2017-02-12 11:38 - 00015366 _____ C:\Users\ydg63699\Downloads\FRST.txt 2017-02-12 11:37 - 2017-02-12 11:37 - 02421248 _____ (Farbar) C:\Users\ydg63699\Downloads\FRST64.exe 2017-02-12 11:07 - 2017-02-12 11:07 - 00000000 ____D C:\Users\ydg63699\Desktop\Oude Firefox-gegevens 2017-02-12 11:06 - 2017-02-12 11:06 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-12 11:06 - 2017-02-12 11:06 - 00001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-12 11:06 - 2017-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-12 11:06 - 2017-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-11 22:37 - 2017-02-11 22:37 - 00000053 _____ C:\Users\ydg63699\Desktop\Forums - PC Helpforum.url 2017-02-11 21:46 - 2017-02-11 21:47 - 00000000 ____D C:\rsit 2017-02-11 21:12 - 2017-02-12 09:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2017-02-11 21:12 - 2017-02-11 22:36 - 00000000 ____D C:\ProgramData\Emsisoft 2017-02-11 21:11 - 2017-02-11 21:19 - 00001243 _____ C:\Users\ydg63699\Desktop\MBAM Scanlog.txt 2017-02-11 19:19 - 2017-02-12 11:38 - 00000000 ____D C:\FRST 2017-02-10 23:00 - 2017-02-10 23:00 - 09561227 _____ C:\Users\ydg63699\Downloads\DroneDeTigres1.mp4 2017-02-07 22:42 - 2017-02-07 22:42 - 00896545 _____ C:\Users\ydg63699\Downloads\T-shirt hornito2.pdf 2017-02-01 12:37 - 2017-02-05 18:58 - 00000000 ____D C:\Users\ydg63699\Downloads\VLOTTER_VLOTTERKRAAN_MEMBRAAN 2017-01-31 21:29 - 2017-01-31 21:29 - 00786850 _____ C:\Users\ydg63699\Downloads\Richardson Ellen_plannen.pdf 2017-01-31 21:28 - 2017-01-31 21:28 - 02258724 _____ C:\Users\ydg63699\Downloads\Richardson Ellen_aanvraagdossier.pdf 2017-01-31 18:28 - 2017-01-31 18:28 - 00004721 _____ C:\Users\ydg63699\Desktop\Efemeriden 2017.docx - Snelkoppeling.lnk 2017-01-31 10:12 - 2017-01-31 10:12 - 39028056 _____ C:\Users\ydg63699\Downloads\Nikon 500mm & 600mm f-4E FL ED VR Supertelephoto Lenses- First Look.mp4 2017-01-31 09:55 - 2017-01-31 09:55 - 00002350 _____ C:\Users\ydg63699\Desktop\Van Dale GW 5.0.lnk 2017-01-30 14:29 - 2017-01-30 14:29 - 00170168 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll 2017-01-30 14:29 - 2017-01-30 14:29 - 00149032 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll 2017-01-30 14:29 - 2017-01-30 14:29 - 00076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll 2017-01-30 14:29 - 2017-01-30 14:29 - 00061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll 2017-01-29 23:11 - 2017-01-29 23:11 - 26412165 _____ C:\Users\ydg63699\Downloads\Rundstong in madeirasaus klaarmaken.mp4 2017-01-29 22:37 - 2017-01-29 22:37 - 00042383 _____ C:\Users\ydg63699\Downloads\Decathlon_bestelling_20170126do_verbeterde factuur.pdf 2017-01-29 22:28 - 2017-01-29 22:28 - 08907247 _____ C:\Users\ydg63699\Downloads\Nikon-1064320036-nikkor_lenses_nl_versie500mmf4G_ED_VR_3880gr.pdf 2017-01-29 21:50 - 2017-01-29 21:50 - 01867719 _____ C:\Users\ydg63699\Downloads\Natuurpunt Meetjeslandse kreken_knb_2015_nr2_zw_a4_web (1).pdf 2017-01-29 21:50 - 2017-01-29 21:50 - 01867719 _____ C:\Users\ydg63699\Downloads\knb_2015_nr2_zw_a4_web.pdf 2017-01-28 21:33 - 2017-01-28 21:34 - 57948645 _____ C:\Users\ydg63699\Downloads\Blyth's Pipit - Anthus godlewskii - Mongoolse pieper - Noordwaard - Netherlands - 28-1-2017.mp4 2017-01-28 10:24 - 2017-01-28 10:24 - 00114499 _____ C:\Users\ydg63699\Downloads\VWGZWVL_bestuur 2017.pdf 2017-01-27 21:33 - 2017-01-27 21:33 - 00000000 ____D C:\Users\ydg63699\Desktop\Western Digital2017 2017-01-27 12:41 - 2017-01-27 12:41 - 00042383 _____ C:\Users\ydg63699\Downloads\Decathlon_bestelling_20170126do_factuur.pdf 2017-01-27 10:53 - 2017-01-27 10:53 - 00167055 _____ C:\Users\ydg63699\Downloads\bookmarks_27-01-17.html 2017-01-26 12:17 - 2017-01-26 12:17 - 08395101 _____ C:\Users\ydg63699\Downloads\Pensioen_dipen_recueil_total_201608_2.pdf 2017-01-26 11:58 - 2017-01-26 11:58 - 00133172 _____ C:\Users\ydg63699\Downloads\Pensioen_update_recueil_201608_nl.pdf 2017-01-25 00:00 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 00:00 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-23 14:22 - 2017-01-23 14:22 - 00003450 _____ C:\WINDOWS\System32\Tasks\{FB02E2C2-A12F-4E6C-B90F-4380E8CAB9AD} 2017-01-23 08:47 - 2017-01-23 08:53 - 00000000 ____D C:\Users\ydg63699\Downloads\MARQUE-PAGE 2017-01-22 21:48 - 2017-01-22 21:48 - 00890271 _____ C:\Users\ydg63699\Downloads\regels bestemmingsplan woordweg 11A Groede pdf.pdf 2017-01-22 21:06 - 2017-01-22 21:06 - 00000084 _____ C:\Users\ydg63699\Desktop\Waarnemingen KMI.url 2017-01-21 15:06 - 2017-01-21 15:06 - 00669870 _____ C:\Users\ydg63699\Downloads\natuur.oriolus_2016-1_velduilen_in_de_kustpolders_in_2014.pdf 2017-01-21 14:54 - 2017-01-21 14:54 - 01725058 _____ C:\Users\ydg63699\Downloads\Recour Ruben_Master_dune aphid Schizaphis rufula_RUG01-002272549_2016_0001_AC.pdf 2017-01-19 09:41 - 2017-01-19 09:41 - 00000072 _____ C:\Users\ydg63699\Desktop\Actuele luchtkwaliteit_VMM.url 2017-01-19 09:34 - 2017-01-19 09:34 - 00483054 _____ C:\Users\ydg63699\Downloads\20170119do_KMI_22h-09h.bmp 2017-01-18 22:53 - 2017-01-18 22:53 - 00246694 _____ C:\Users\ydg63699\Downloads\30042817828_condoleancecard_originalpdf.pdf 2017-01-18 12:26 - 2017-01-18 12:26 - 02765113 _____ C:\Users\ydg63699\Downloads\bosrevue_15.pdf 2017-01-18 12:24 - 2017-01-18 12:24 - 07080444 _____ C:\Users\ydg63699\Downloads\Devos_etal_2015_VogelnieuwsDecember2015.pdf 2017-01-17 22:52 - 2017-01-17 22:52 - 03715303 _____ C:\Users\ydg63699\Downloads\Peugeot 5008-gt-be-nl-light-cat-def.pdf 2017-01-17 22:50 - 2017-01-17 22:50 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc 2017-01-17 22:32 - 2017-01-17 22:32 - 01664123 _____ C:\Users\ydg63699\Downloads\boskrant3_2008.pdf 2017-01-17 22:30 - 2017-01-17 22:30 - 29519127 _____ C:\Users\ydg63699\Downloads\Handboek%2520voor%2520beheerders%2520-%2520tweede%2520druk%2520lowres.pdf 2017-01-16 20:08 - 2017-02-01 20:20 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-16 19:02 - 2017-02-12 10:40 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2017-01-16 19:02 - 2017-01-16 19:02 - 00000000 ____D C:\Users\ydg63699\AppData\Local\Western_Digital_Technolog 2017-01-16 19:02 - 2017-01-16 19:02 - 00000000 ____D C:\Program Files\Western Digital 2017-01-16 19:02 - 2017-01-16 19:02 - 00000000 ____D C:\Program Files\Common Files\Western Digital 2017-01-16 19:01 - 2017-02-01 20:20 - 00000000 ____D C:\Program Files (x86)\Western Digital 2017-01-16 19:01 - 2017-01-16 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2017-01-16 18:54 - 2017-01-16 18:54 - 11572361 _____ C:\Users\ydg63699\Downloads\Oral B Triump BRAUN 5000 gebruikershandleiding-com.pdf 2017-01-14 16:45 - 2017-01-14 16:45 - 02039837 _____ C:\Users\ydg63699\Downloads\Grieche_44_-_mars_2016.pdf 2017-01-14 16:44 - 2017-01-14 16:44 - 05443548 _____ C:\Users\ydg63699\Downloads\Grièche_47photoMilanRoyal.pdf 2017-01-14 11:13 - 2017-01-14 11:13 - 00103201 _____ C:\Users\ydg63699\Downloads\DELL_ultrasharp_premium_lmt_guarantee.pdf 2017-01-13 21:26 - 2017-01-13 21:26 - 00000058 _____ C:\Users\ydg63699\Desktop\Belgiumdigital forum - Digitale fotografie.url 2017-01-13 21:22 - 2017-01-13 21:22 - 00000446 _____ C:\Users\ydg63699\Downloads\Internet_20170113-212201.csv 2017-01-13 21:13 - 2017-01-13 21:13 - 00504992 _____ C:\Users\ydg63699\Downloads\Club van Rome 201609.pdf 2017-01-13 21:02 - 2017-01-13 21:02 - 00195334 _____ C:\Users\ydg63699\Downloads\krant20170113Duterte belooft gratis pil.pdf 2017-01-13 21:01 - 2017-01-13 21:01 - 01565163 _____ C:\Users\ydg63699\Downloads\WEER_20170117vr_springtij.pdf ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-12 11:38 - 2016-09-29 09:17 - 00000000 ____D C:\ProgramData\BullGuard 2017-02-12 11:35 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-12 11:34 - 2016-06-09 08:45 - 00000000 ____D C:\Program Files (x86)\ManyCam 2017-02-12 11:28 - 2016-08-13 10:08 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll 2017-02-12 11:28 - 2016-08-13 10:08 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll 2017-02-12 11:10 - 2016-11-17 23:43 - 00000000 ____D C:\Users\ydg63699\AppData\LocalLow\Mozilla 2017-02-12 10:56 - 2016-09-22 08:30 - 00004138 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-02-12 10:56 - 2016-09-22 08:30 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-12 10:56 - 2016-08-17 09:11 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-12 10:56 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-12 10:56 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-12 10:56 - 2016-05-18 15:07 - 00000000 ____D C:\Users\ydg63699\AppData\Local\Adobe 2017-02-12 10:47 - 2016-07-16 23:15 - 06205924 _____ C:\WINDOWS\system32\perfh013.dat 2017-02-12 10:47 - 2016-07-16 23:15 - 01848368 _____ C:\WINDOWS\system32\perfc013.dat 2017-02-12 10:47 - 2016-05-17 07:31 - 12667824 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-12 10:41 - 2016-05-20 15:54 - 00000000 ____D C:\Users\ydg63699\AppData\Local\CANON_INC 2017-02-12 10:40 - 2016-08-04 10:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-12 10:37 - 2016-09-11 16:58 - 00221060 _____ C:\WINDOWS\system32\config\afw_db.conf 2017-02-12 10:37 - 2016-09-11 16:58 - 00000268 _____ C:\WINDOWS\system32\config\afw_hm.conf 2017-02-12 10:37 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-12 09:49 - 2016-09-23 12:00 - 157975552 _____ C:\Users\ydg63699\Downloads\archive.pst 2017-02-12 09:46 - 2016-05-19 09:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-12 09:41 - 2016-08-04 10:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-11 22:37 - 2016-09-14 20:56 - 00000000 ____D C:\Users\ydg63699\AppData\Local\CrashDumps 2017-02-11 22:29 - 2016-05-21 11:43 - 00000000 ____D C:\Users\ydg63699\Downloads\Varia 2017-02-11 21:55 - 2016-05-21 11:43 - 00000000 ____D C:\Users\ydg63699\Downloads\COMPUTER_SOFTWARE 2017-02-11 21:47 - 2016-05-31 22:00 - 00000000 ____D C:\Program Files\trend micro 2017-02-11 18:57 - 2016-10-06 14:47 - 00000000 ____D C:\Users\ydg63699\Downloads\BIRDS 2016 _ BIRDS 2016 2017-02-11 15:46 - 2016-08-04 10:03 - 00000000 ____D C:\Users\ydg63699 2017-02-11 15:18 - 2016-08-04 19:21 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-11 15:07 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2017-02-11 10:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-10 12:30 - 2015-06-19 20:56 - 00000515 _____ C:\Users\ydg63699\Desktop\Google Maps.website 2017-02-10 12:22 - 2015-06-16 06:54 - 00000538 _____ C:\Users\ydg63699\Desktop\weer7dagen.website 2017-02-10 12:20 - 2015-07-20 16:22 - 00000501 _____ C:\Users\ydg63699\Desktop\Digital Photography Review.website 2017-02-10 11:16 - 2016-06-01 11:03 - 00000000 ____D C:\Users\ydg63699\AppData\Local\ElevatedDiagnostics 2017-02-10 09:55 - 2016-10-01 22:27 - 00000000 ____D C:\Users\ydg63699\Downloads\HEMD 2017-02-10 09:36 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-09 23:00 - 2016-08-04 10:02 - 00313632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-09 22:59 - 2016-05-17 08:19 - 00000000 ____D C:\WINDOWS\ShellNew 2017-02-09 14:30 - 2016-05-17 21:58 - 00050704 _____ C:\Users\ydg63699\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-09 11:10 - 2016-05-17 08:19 - 00000167 _____ C:\WINDOWS\win.ini 2017-02-09 10:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-02-05 15:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-04 23:35 - 2016-11-22 12:17 - 00000000 ____D C:\Users\ydg63699\Downloads\HUIS TE KOOP_HUIZEN TE KOOP_2016 2017-02-04 23:32 - 2015-07-04 20:40 - 00000478 _____ C:\Users\ydg63699\Desktop\Bing Kaarten.website 2017-02-03 18:33 - 2015-09-02 20:45 - 00000521 _____ C:\Users\ydg63699\Desktop\BirdForum.website 2017-02-02 12:29 - 2016-11-26 12:39 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-02 12:29 - 2016-11-26 12:39 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-01 20:16 - 2016-07-16 23:15 - 00000000 ____D C:\WINDOWS\DigitalLocker 2017-01-31 14:28 - 2016-06-17 22:19 - 00000000 ____D C:\Users\ydg63699\AppData\Roaming\ParetoLogic 2017-01-29 11:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-27 10:50 - 2016-06-08 16:33 - 00001129 _____ C:\Users\ydg63699\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2017-01-27 10:28 - 2016-12-16 15:06 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-27 10:28 - 2016-05-17 07:30 - 00002394 _____ C:\Users\ydg63699\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-27 10:28 - 2016-05-11 21:52 - 00000000 ___RD C:\Users\ydg63699\OneDrive 2017-01-25 10:00 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-23 14:24 - 2016-12-08 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-23 14:24 - 2016-12-08 22:57 - 00000000 ____D C:\Program Files\Dell 2017-01-23 14:22 - 2016-11-24 23:47 - 00000000 ____D C:\Users\ydg63699\AppData\Local\Deployment 2017-01-20 09:44 - 2016-05-19 10:05 - 00000000 ____D C:\Program Files (x86)\Real 2017-01-20 09:44 - 2016-05-19 10:04 - 00000000 ____D C:\Users\ydg63699\AppData\Roaming\Real 2017-01-20 09:44 - 2016-05-19 10:03 - 00000000 ____D C:\ProgramData\Real 2017-01-18 12:39 - 2016-05-18 10:33 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-01-17 23:13 - 2016-05-11 21:52 - 00000000 ____D C:\Users\ydg63699\Documents\20151222Re Belgian_birds veelwijverij bij bonte vlieg artikel gezocht_bestanden 2017-01-17 22:50 - 2016-12-08 22:56 - 00000000 ____D C:\Users\ydg63699\AppData\Roaming\PCDr 2017-01-16 19:02 - 2016-05-30 22:04 - 00000000 ____D C:\ProgramData\Western Digital 2017-01-15 11:06 - 2016-05-11 21:52 - 00000000 ____D C:\Users\ydg63699\Desktop\weinig gebruikt 2017-01-14 12:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-13 21:25 - 2015-07-27 09:53 - 00000641 _____ C:\Users\ydg63699\Desktop\Natuur.forum.website 2017-01-13 20:25 - 2016-07-31 12:01 - 00000000 ____D C:\Users\ydg63699\Downloads\WASMACHINES_2016 ==================== Bestanden in de root van sommige mappen ======= 2016-08-14 11:17 - 2016-08-14 11:17 - 0000000 _____ () C:\Users\ydg63699\AppData\Roaming\gdfw.log 2016-08-14 11:17 - 2016-09-14 15:32 - 0001558 _____ () C:\Users\ydg63699\AppData\Roaming\gdscan.log 2016-12-24 23:03 - 2016-12-24 23:03 - 0001650 _____ () C:\Users\ydg63699\AppData\Local\recently-used.xbel 2016-08-04 10:02 - 2016-08-04 10:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-02 23:09 ==================== Eind van FRST.txt ============================