Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 10.10.2018 Gestart door Frans (Beheerder) op WILLY (15-10-2018 11:41:18) Gestart vanaf C:\Users\Frans\Desktop Geladen Profielen: Frans (Beschikbare Profielen: Frans) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Safe Mode (minimal) Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Frans\Desktop\FRST64 (2).exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) "Path" (C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Process Lasso\;;%systemdrive%\Program Files (x86)\FilExile -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Process Lasso\;;%systemdrive%\Program Files (x86)\FilExile) <==== is met succes gerepareerd HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [173416 2018-10-13] (BullGuard Ltd.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-06-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4630488 2018-06-18] () HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [198688 2018-02-08] () HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (Acronis International GmbH) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [appnhost] => C:\Users\Frans\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [Mailbird] => C:\Program Files (x86)\Mailbird\Mailbird.exe [8538280 2018-06-25] (Mailbird) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [8492880 2017-09-13] (OrdinarySoft) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-06-05] (Skype Technologies S.A.) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-13] (Windscribe Limited) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [Spotify] => C:\Users\Frans\AppData\Roaming\Spotify\Spotify.exe [24221072 2018-06-20] (Spotify Ltd) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe [1587344 2018-03-09] (Toolwiz) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\...\Run: [Spotify Web Helper] => C:\Users\Frans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-20] (Spotify Ltd) HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation) Startup: C:\Users\Frans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk [2017-05-05] ShortcutTarget: Inktwaarschuwingen controleren - .lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Restrictie ? <==== AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Hosts: 127.0.0.1 activation.acronis.com Tcpip\Parameters: [DhcpNameServer] 195.130.130.134 195.130.131.134 Tcpip\..\Interfaces\{36839925-CF92-421D-90FE-3D6186E5BDB1}: [DhcpNameServer] 10.110.232.1 Tcpip\..\Interfaces\{6B3A476E-0353-4853-AB2E-E71E4B496BD4}: [DhcpNameServer] 195.130.130.134 195.130.131.134 Tcpip\..\Interfaces\{734894A9-67DB-4EE5-8437-440504B5C865}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A4B9F4FE-6D61-46E1-8F93-689C362B2051}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022318-A6AA2274B27&form=CONMHP&conlogo=CT3335819 HKU\S-1-5-21-3015601504-3025773419-1296765090-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {7242F108-46F1-4F2A-B916-395765780D25} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3015601504-3025773419-1296765090-1002 -> {7242F108-46F1-4F2A-B916-395765780D25} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.) FireFox: ======== FF ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\Hcp9rwd2.default [2017-12-18] FF Extension: (Avira Browser Safety) - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\Hcp9rwd2.default\Extensions\abs@avira.com [2018-01-02] FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => niet gevonden FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.be/" CHR Profile: C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default [2018-10-15] CHR Extension: (Presentaties) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Documenten) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17] CHR Extension: (YouTube) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17] CHR Extension: (Avira Safe Shopping) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2018-05-16] CHR Extension: (Adblock voor Youtube™) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2018-10-13] CHR Extension: (Video Downloader professional) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-08] CHR Extension: (Spreadsheets) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Offline Documenten) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-13] CHR Extension: (Click&Clean) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2018-10-13] CHR Extension: (AdBlock) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-14] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Click&Clean App) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-10-13] CHR Extension: (Gmail) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17] CHR Extension: (Chrome Media Router) - C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-14] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH) S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1216760 2017-12-22] () S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-09-07] () [Bestand niet getekend] S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-06-22] () S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-07] (Advanced Micro Devices, Inc.) [Bestand niet getekend] S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [452352 2018-06-18] (Avira Operations GmbH & Co. KG) S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [346528 2018-05-17] (Avira Operations GmbH & Co. KG) S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1608552 2018-10-13] (BullGuard Ltd.) S2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [570216 2018-10-13] (BullGuard Ltd.) S3 BsHelper; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardHelper.exe [271856 2018-10-13] (BullGuard Ltd.) S2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5852520 2018-10-13] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [1047912 2018-10-13] (BullGuard Ltd.) S2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [806248 2018-10-13] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [305512 2018-10-13] (BullGuard Ltd.) S2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [462184 2018-10-13] (BullGuard Ltd.) S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [489320 2018-10-13] (BullGuard Ltd.) S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] () S2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [Bestand niet getekend] S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.) S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.) S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [606600 2018-05-08] (Mailbird) S2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH) S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH) S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1747296 2018-06-18] () S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) S2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-12-22] () S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-13] (Windscribe Limited) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 ACSSCR; C:\WINDOWS\system32\DRIVERS\a38usb.sys [78344 2017-09-14] (Advanced Card Systems Ltd.) S3 AE3000; C:\WINDOWS\system32\DRIVERS\AE3000w864.sys [2234520 2015-06-20] (MediaTek Inc.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. ) S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices) S1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.) S0 BdBoot; C:\WINDOWS\System32\DRIVERS\BdBoot.sys [28160 2018-10-13] (BullGuard Ltd.) R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [155568 2017-07-15] (BullGuard Ltd.) S1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [85360 2018-04-24] (BullGuard Ltd.) S1 BdSpy; C:\WINDOWS\System32\DRIVERS\BdSpy.sys [94952 2016-01-13] (BullGuard Ltd.) S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [Bestand niet getekend] S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [Bestand niet getekend] R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [Bestand niet getekend] R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [Bestand niet getekend] S1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [Bestand niet getekend] S1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [Bestand niet getekend] S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [Bestand niet getekend] S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Bestand niet getekend] S2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-06-22] (Acronis International GmbH) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-06-22] (Acronis International GmbH) S3 MMPDrv; C:\WINDOWS\System32\drivers\MMPDrv.sys [21752 2017-06-21] () S3 phantomtap; C:\WINDOWS\system32\DRIVERS\phantomtap.sys [35664 2017-10-25] (The OpenVPN Project) S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation) S3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-06-04] (Synaptics Incorporated) S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated) S3 tapwindscribe0901; C:\WINDOWS\system32\DRIVERS\tapwindscribe0901.sys [45560 2017-09-13] (The OpenVPN Project) R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-06-22] (Acronis International GmbH) S2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-06-22] (Acronis International GmbH) S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-06-22] (Acronis International GmbH) S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [442848 2018-04-23] (BitDefender S.R.L.) R0 TWZDISK; C:\WINDOWS\System32\Drivers\TWZDISK.sys [73360 2018-03-09] (Toolwiz.com) S1 TWZFILE; C:\WINDOWS\System32\Drivers\TWZFILE.sys [43152 2018-03-09] (Toolwiz.com) S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) S2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-06-22] (Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-06-22] (Acronis International GmbH) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (HP) R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-23] (HP) U3 aswbdisk; geen ImagePath S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft2B9E.tmp\amifldrv64.sys [X] <==== AANDACHT ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-10-15 11:41 - 2018-10-15 11:42 - 000024746 _____ C:\Users\Frans\Desktop\FRST.txt 2018-10-15 11:41 - 2018-10-15 09:32 - 002414592 _____ (Farbar) C:\Users\Frans\Desktop\FRST64 (2).exe 2018-10-13 14:35 - 2018-10-15 11:41 - 000000000 ____D C:\FRST 2018-10-13 01:32 - 2018-10-13 01:30 - 000028160 _____ (BullGuard Ltd.) C:\WINDOWS\system32\Drivers\BdBoot.sys 2018-10-13 01:30 - 2018-10-13 01:30 - 000181728 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll 2018-10-13 01:30 - 2018-10-13 01:30 - 000165200 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll 2018-10-13 00:38 - 2018-10-13 00:39 - 000281088 _____ C:\WINDOWS\Minidump\101318-28765-01.dmp 2018-10-13 00:38 - 2018-10-13 00:38 - 717416759 _____ C:\WINDOWS\MEMORY.DMP 2018-10-13 00:38 - 2018-10-13 00:38 - 000000000 ____D C:\WINDOWS\Minidump ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-10-15 11:37 - 2017-03-17 18:21 - 000000000 ____D C:\ProgramData\BullGuard 2018-10-15 11:37 - 2017-03-17 15:36 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-10-15 11:37 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2018-10-15 11:36 - 2017-12-15 00:20 - 000004128 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-10-15 11:36 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-10-15 11:32 - 2017-03-17 18:13 - 000000000 ____D C:\Users\Frans\Documents\Youcam 2018-10-15 11:31 - 2017-03-17 18:17 - 000000000 __RDO C:\Users\Frans\OneDrive 2018-10-15 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-10-15 10:43 - 2017-06-15 13:48 - 000000000 ____D C:\Users\Frans\AppData\Roaming\MuseScore 2018-10-15 09:24 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-10-13 15:25 - 2017-03-17 22:05 - 000000000 ____D C:\Users\Frans\Documents\Outlook-bestanden 2018-10-13 11:28 - 2014-11-24 13:01 - 000783500 _____ C:\WINDOWS\system32\perfh013.dat 2018-10-13 11:28 - 2014-11-24 13:01 - 000174100 _____ C:\WINDOWS\system32\perfc013.dat 2018-10-13 11:28 - 2014-03-18 11:53 - 001809002 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-10-13 11:28 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf 2018-10-13 11:24 - 2018-05-24 10:56 - 000000000 ____D C:\Users\Frans\AppData\Local\CrashDumps 2018-10-13 11:04 - 2013-08-22 17:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-10-13 01:34 - 2018-02-14 15:52 - 000000000 ____D C:\Users\Frans\AppData\Roaming\Spotify 2018-10-13 01:33 - 2018-02-14 15:52 - 000000000 ____D C:\Users\Frans\AppData\Local\Spotify 2018-10-13 01:19 - 2018-06-22 16:34 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2018-10-13 00:39 - 2017-03-17 18:10 - 000000000 ____D C:\Users\Frans ==================== Bestanden in de root van sommige mappen ======= 2017-12-24 12:50 - 2017-12-24 12:50 - 000018621 _____ () C:\Users\Frans\AppData\Roaming\unins000.dat 2017-12-24 12:50 - 2017-12-24 12:50 - 000713104 _____ () C:\Users\Frans\AppData\Roaming\unins000.exe 2017-12-24 12:50 - 2017-12-24 12:50 - 000011397 _____ () C:\Users\Frans\AppData\Roaming\unins000.msg 2018-02-26 13:53 - 2018-02-26 17:41 - 000000191 _____ () C:\Users\Frans\AppData\Local\AmlPagesNews.ini Sommige bestanden in TEMP: ==================== 2018-06-22 14:48 - 2018-06-22 14:48 - 000119512 _____ () C:\Users\Frans\AppData\Local\Temp\AcronisProductUpdateUtility.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend AANDACHT: ==> Kan geen toegang krijgen tot BCD. LastRegBack: 2018-10-13 01:13 ==================== Eind van FRST.txt ============================