Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 12-03-2017 Gestart door hugoke (Beheerder) op HUGO (13-03-2017 11:31:32) Gestart vanaf C:\Users\hugoke\Downloads Geladen Profielen: hugoke (Beschikbare Profielen: UpdatusUser & hugoke) Platform: Windows 8.1 Pro (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Reputation\fsorsp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\fsgk32.exe () C:\Windows\SysWOW64\spdsvc.exe () C:\Windows\SysWOW64\SecUPDUtilSvc.exe (IntelĀ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSHDLL64.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\fssm32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe (Pegatron Corporation) C:\Program Files (x86)\PHotkey\MyWiMax.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\F-Secure KEY\fskey.exe () C:\Program Files (x86)\PHotkey\POsd.exe () C:\Program Files (x86)\PHotkey\GPMTray.exe (TODO: ) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2015-12-14] (Realtek Semiconductor) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-08] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [FSKeyAutoStart] => C:\Program Files (x86)\F-Secure\F-Secure KEY\fskey.exe [6980064 2017-03-02] (F-Secure Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-10870461-3760241935-267325191-1002\...\Run: [DigipassNativeBridge] => C:\Users\hugoke\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-11-15] (VASCO Data Security) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation) AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158384 2017-01-25] (NVIDIA Corporation) GroupPolicy: Restrictie <======= AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.1 195.130.130.1 Tcpip\..\Interfaces\{364E802C-70D9-40A5-829C-BA26C40C9D73}: [DhcpNameServer] 195.130.131.1 195.130.130.1 Tcpip\..\Interfaces\{ECC4C599-5728-488B-B1FE-813B8AC73FF8}: [DhcpNameServer] 195.130.131.1 195.130.130.1 Internet Explorer: ================== HKU\S-1-5-21-10870461-3760241935-267325191-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stamnummer3.be/viewforum.php?f=2 HKU\S-1-5-21-10870461-3760241935-267325191-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://clubbrugge.be/nl/ SearchScopes: HKU\S-1-5-21-10870461-3760241935-267325191-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-02-08] (F-Secure Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-02-08] (F-Secure Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-27] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-27] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\hugoke\AppData\Roaming\Mozilla\Firefox\Profiles\rqculkfo.default-1489313995570 [2017-03-13] FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2017-01-28] [ niet getekend] FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-02-08] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi FF HKU\S-1-5-21-10870461-3760241935-267325191-1002\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\SafeSearch\\Firefox\main.xpi FF Extension: (Search by F-Secure) - C:\Program Files (x86)\F-Secure\SAFE\apps\SafeSearch\\Firefox\main.xpi [2016-10-24] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-26] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-26] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [Geen bestand] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [Geen bestand] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-27] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-15] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default [2017-02-24] CHR Extension: (Google Presentaties) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-05] CHR Extension: (Google Documenten) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-05] CHR Extension: (Google Drive) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05] CHR Extension: (YouTube) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-05] CHR Extension: (Google Spreadsheets) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-05] CHR Extension: (Offline Documenten) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09] CHR Extension: (Browsing Protection by F-Secure) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2017-01-09] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-05] CHR Extension: (Chrome Media Router) - C:\Users\hugoke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31] CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] () R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-10-16] () [Bestand niet getekend] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation) S4 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) S3 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd) R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSMA32.EXE [218080 2016-10-26] (F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Reputation\fsorsp.exe [62432 2016-05-20] (F-Secure Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [Bestand niet getekend] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company) S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [Bestand niet getekend] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () S3 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) S3 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] () R2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [499000 2016-06-18] () R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2016-06-22] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-10-15] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-10-15] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (IntelĀ® Corporation) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] () R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\minifilter\FSgk.sys [229080 2017-02-02] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106712 2017-02-02] (F-Secure Corporation) R0 fsbts; C:\WINDOWS\System32\Drivers\fsbts.sys [73928 2017-01-06] () R3 fsni; C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\fsni64.sys [110288 2017-02-08] (F-Secure Corporation) R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-10-29] () S1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-10-29] () S1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700680 2014-10-29] () R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-10-15] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-10-15] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-10-15] (Microsoft Corporation) R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-13 11:31 - 2017-03-13 11:32 - 00021175 _____ C:\Users\hugoke\Downloads\FRST.txt 2017-03-13 11:31 - 2017-03-13 11:31 - 00000000 ____D C:\FRST 2017-03-13 11:30 - 2017-03-13 11:30 - 02424832 _____ (Farbar) C:\Users\hugoke\Downloads\FRST64.exe 2017-03-10 20:22 - 2017-03-10 20:22 - 00176722 _____ C:\Users\hugoke\Downloads\G182-28-7685-2_NL.pdf 2017-03-09 21:24 - 2017-03-09 21:24 - 03223255 _____ C:\Users\hugoke\Downloads\lijst_wijn_nl.pdf 2017-03-09 11:45 - 2017-03-09 11:45 - 00000000 ____D C:\Users\hugoke\AppData\Local\VASCO 2017-03-09 11:45 - 2017-03-09 11:45 - 00000000 ____D C:\Users\hugoke\AppData\Local\Package Cache 2017-03-09 11:44 - 2017-03-09 11:44 - 02766192 _____ (VASCO Data Security) C:\Users\hugoke\Downloads\digipass-nativebridge-installer(2).exe 2017-03-09 11:43 - 2017-03-09 11:43 - 02766192 _____ (VASCO Data Security) C:\Users\hugoke\Downloads\digipass-nativebridge-installer(1).exe 2017-03-09 11:42 - 2017-03-09 11:43 - 02766192 _____ (VASCO Data Security) C:\Users\hugoke\Downloads\digipass-nativebridge-installer.exe 2017-03-09 10:41 - 2017-03-09 10:42 - 02326690 _____ C:\Users\hugoke\Downloads\metaalstripper.pdf 2017-03-09 10:41 - 2017-03-09 10:41 - 00660195 _____ C:\Users\hugoke\Downloads\35.1064.10.50.IT_f.pdf 2017-03-09 10:19 - 2017-02-23 15:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-03-09 10:19 - 2017-02-22 15:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-03-09 10:19 - 2017-02-22 15:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-03-04 15:21 - 2017-03-09 11:42 - 00000000 ____D C:\Program Files (x86)\NirSoft 2017-03-04 15:14 - 2017-03-04 15:14 - 00314328 _____ C:\WINDOWS\Minidump\030417-144625-01.dmp 2017-03-04 14:09 - 2017-03-04 14:16 - 00000000 ____D C:\Users\hugoke\AppData\Local\LogMeIn Rescue Applet 2017-03-02 15:08 - 2017-03-02 15:08 - 00002523 _____ C:\Users\Public\Desktop\F-Secure KEY.lnk 2017-03-02 15:07 - 2017-03-02 15:07 - 30023680 _____ C:\Users\hugoke\Downloads\f-secure_key_win(1).msi 2017-03-02 12:33 - 2017-03-02 13:55 - 00000000 ____D C:\Users\hugoke\AppData\Roaming\BaisvikSoftware 2017-03-02 12:15 - 2017-03-02 12:15 - 00773216 _____ C:\WINDOWS\Minidump\030217-144390-01.dmp 2017-03-02 11:23 - 2017-03-02 11:23 - 01137816 _____ C:\WINDOWS\Minidump\030217-271468-01.dmp 2017-03-02 10:05 - 2017-03-04 15:14 - 934577961 _____ C:\WINDOWS\MEMORY.DMP 2017-02-22 17:19 - 2017-01-18 15:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-02-22 17:19 - 2017-01-18 15:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-02-22 17:19 - 2017-01-18 15:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-02-22 17:19 - 2017-01-18 15:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2017-02-22 17:19 - 2017-01-18 15:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-02-22 17:19 - 2017-01-18 15:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-02-22 14:12 - 2017-02-22 14:12 - 29564928 _____ C:\Users\hugoke\Downloads\f-secure_key_win.msi 2017-02-19 11:30 - 2017-03-09 18:05 - 00000000 ____D C:\Users\hugoke\AppData\Local\CrashDumps ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-03-13 08:38 - 2015-10-15 13:10 - 00000000 ____D C:\Users\hugoke\AppData\Local\Packages 2017-03-13 08:35 - 2016-11-17 08:56 - 00000000 ____D C:\Users\hugoke\AppData\LocalLow\Mozilla 2017-03-13 08:35 - 2015-10-15 20:23 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{833E24E7-E24D-423C-95FD-11F958550EE7} 2017-03-13 08:34 - 2015-10-15 14:17 - 00000000 ____D C:\Users\hugoke\Documents\Outlook-bestanden 2017-03-13 08:32 - 2017-01-06 09:52 - 00003412 _____ C:\WINDOWS\System32\Tasks\Scheduled scanning task 2017-03-13 08:32 - 2017-01-06 09:52 - 00000674 _____ C:\WINDOWS\Tasks\Scheduled scanning task.job 2017-03-13 08:32 - 2015-10-15 17:52 - 00000000 __SHD C:\Users\hugoke\IntelGraphicsProfiles 2017-03-12 21:46 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2017-03-12 20:32 - 2017-01-30 07:41 - 00000000 ____D C:\Users\hugoke\AppData\Local\VirtualStore 2017-03-12 11:20 - 2016-04-06 13:02 - 00000000 ____D C:\Users\hugoke\Desktop\Oude Firefox-gegevens 2017-03-12 11:12 - 2017-01-28 07:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-12 11:12 - 2017-01-09 14:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-11 08:24 - 2015-10-15 13:20 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-10870461-3760241935-267325191-1002 2017-03-09 11:31 - 2015-10-15 20:06 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-09 11:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-09 11:28 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-03-09 10:21 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-03-09 10:19 - 2015-10-15 21:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-03-09 09:32 - 2012-11-13 05:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-03-08 14:27 - 2015-10-21 15:31 - 00000000 ___RD C:\Users\hugoke\Documents\Scanned Documents 2017-03-06 10:48 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-06 10:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-04 15:14 - 2015-11-24 16:16 - 00000000 ____D C:\WINDOWS\Minidump 2017-03-04 14:20 - 2016-05-14 09:43 - 00241664 ___SH C:\Users\hugoke\Downloads\Thumbs.db 2017-03-03 07:54 - 2014-11-21 09:44 - 01861508 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-03 07:54 - 2014-11-21 09:05 - 00824302 _____ C:\WINDOWS\system32\perfh013.dat 2017-03-03 07:54 - 2014-11-21 09:05 - 00168066 _____ C:\WINDOWS\system32\perfc013.dat 2017-03-02 15:08 - 2017-01-06 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2017-03-02 15:08 - 2016-10-20 14:39 - 00000000 ____D C:\Program Files (x86)\F-Secure 2017-03-02 15:08 - 2015-10-15 13:21 - 00000000 ____D C:\Users\hugoke\AppData\Local\F-Secure 2017-03-02 12:33 - 2013-08-22 14:25 - 00000190 _____ C:\WINDOWS\win.ini 2017-03-02 12:17 - 2016-09-22 08:24 - 00010240 ___SH C:\Users\hugoke\Desktop\Thumbs.db 2017-03-02 10:15 - 2017-01-30 10:19 - 00000582 __RSH C:\ProgramData\ntuser.pol 2017-03-02 10:11 - 2015-10-15 20:52 - 00000000 ____D C:\Users\hugoke\OneDrive 2017-03-02 10:11 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-02 10:08 - 2015-10-15 20:09 - 00000000 ____D C:\Users\hugoke 2017-03-02 10:08 - 2015-10-15 13:37 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-03-02 08:01 - 2016-12-13 17:48 - 00003166 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-02 08:00 - 2016-04-23 20:44 - 00002355 _____ C:\Users\hugoke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk 2017-03-02 08:00 - 2015-10-22 15:32 - 00003174 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-10870461-3760241935-267325191-1002 2017-02-26 09:45 - 2015-10-20 19:14 - 00000000 ____D C:\Users\hugoke\AppData\Local\Adobe 2017-02-26 09:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-26 09:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-23 10:47 - 2015-10-15 15:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 10:44 - 2012-11-13 04:52 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-21 19:55 - 2015-12-07 12:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-18 08:11 - 2016-09-25 07:30 - 00000030 _____ C:\AVScanner.ini ==================== Bestanden in de root van sommige mappen ======= 2015-10-31 09:52 - 2016-02-07 10:35 - 0038432 _____ () C:\Users\hugoke\AppData\Roaming\Door komma's gescheiden waarden.ADR 2012-11-13 06:19 - 2012-11-13 06:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-10-21 18:52 - 2016-06-22 16:53 - 0016840 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-03-06 11:09 ==================== Eind van FRST.txt ============================