Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 15.11.2018 Gestart door Pieter (Beheerder) op LAPTOPPIETER (18-11-2018 18:56:48) Gestart vanaf C:\Users\Pieter\Downloads Geladen Profielen: Pieter & (Beschikbare Profielen: Pieter) Platform: Windows 10 Pro Versie 1803 17134.48 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe (The CefSharp Authors) C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe () C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe () C:\Program Files (x86)\Acer\Live Updater\updater.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [173416 2018-11-05] (BullGuard Ltd.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-01-17] (Dritek System Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029480 2018-05-09] (Sony Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183429480\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183429871\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\...\Run: [Spotify] => C:\Users\Pieter\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-26] (Spotify Ltd) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-23] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\...\MountPoints2: {5d13ba37-a6cd-11e8-8066-201a06d51559} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\...\MountPoints2: {82b77f2a-b800-11e8-8077-201a06d51559} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\...\Run: [Spotify] => C:\Users\Pieter\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-26] (Spotify Ltd) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-23] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd) HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\...\MountPoints2: {5d13ba37-a6cd-11e8-8066-201a06d51559} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\...\MountPoints2: {82b77f2a-b800-11e8-8077-201a06d51559} - "F:\HiSuiteDownLoader.exe" Startup: C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2014-06-11] ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) GroupPolicy: Restrictie ? <==== AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7e475428-c348-4e5e-881b-0d0a1e4d6148}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e783197a-dc15-49a0-b915-8727b187788d}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google/ HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google/ HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001 -> DefaultScope {12E6D627-49CD-4C60-B789-9494264DD7C1} URL = SearchScopes: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001 -> {12E6D627-49CD-4C60-B789-9494264DD7C1} URL = SearchScopes: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870 -> DefaultScope {12E6D627-49CD-4C60-B789-9494264DD7C1} URL = SearchScopes: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870 -> {12E6D627-49CD-4C60-B789-9494264DD7C1} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.) Toolbar: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.) Toolbar: HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: f8cb9m52.default FF ProfilePath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\f8cb9m52.default [2018-11-18] FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20 => niet gevonden FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard FF Extension: (BullGuard Safe Browsing) - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-08-02] [Verouderd] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2017-06-28] [Verouderd] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-30] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2228361774-2972515982-1438480923-1001: unifiedpost.com/eidReader_ -> C:\Program Files\eid-reader\plugin_win\eidReader.plugin\npeidReader.dll [2017-09-19] (UnifiedPost) FF Plugin HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870: unifiedpost.com/eidReader_ -> C:\Program Files\eid-reader\plugin_win\eidReader.plugin\npeidReader.dll [2017-09-19] (UnifiedPost) Chrome: ======= CHR DefaultProfile: "}, CHR Profile: C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default [2018-11-18] CHR Extension: (Documenten) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Offline Documenten) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (Pinterest-bewaarknop) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-18] CHR Extension: (eidReader Plugin Chrome Extension) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnofmiceklfkodhdhhjcfjhdepfobaf [2018-07-27] CHR Extension: (Solitaire) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2018-07-03] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08] CHR Extension: (Chrome Media Router) - C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02] CHR Profile: C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-17] CHR HKU\S-1-5-21-2228361774-2972515982-1438480923-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcnofmiceklfkodhdhhjcfjhdepfobaf] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2228361774-2972515982-1438480923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11182018183430870\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcnofmiceklfkodhdhhjcfjhdepfobaf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-21] (Broadcom Corp.) [Bestand niet getekend] S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1609064 2018-10-29] (BullGuard Ltd.) R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [570728 2018-11-05] (BullGuard Ltd.) S3 BsHelper; c:\program files\bullguard ltd\bullguard\BullGuardHelper.exe [272368 2018-11-05] (BullGuard Ltd.) R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5855592 2018-11-05] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [1059176 2018-11-05] (BullGuard Ltd.) R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [805736 2018-11-05] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [306024 2018-11-05] (BullGuard Ltd.) R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [463208 2018-11-05] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [488808 2018-11-05] (BullGuard Ltd.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-08-23] () [Bestand niet getekend] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498152 2018-05-09] (Sony Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2014-01-17] (Dritek System INC.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation) S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-09-17] (BullGuard Ltd.) S0 BdBoot; C:\WINDOWS\System32\DRIVERS\BdBoot.sys [28160 2018-08-21] (BullGuard Ltd.) R0 BdNet; C:\WINDOWS\System32\drivers\BdNet.sys [155568 2017-06-27] (BullGuard Ltd.) R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [96184 2018-11-05] (BullGuard Ltd.) R1 BdSpy; C:\WINDOWS\System32\drivers\BdSpy.sys [94952 2015-10-12] (BullGuard Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-17] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-18] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-18] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-18] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-18] (Malwarebytes) R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2014-01-17] (Dritek System Inc.) R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [439928 2018-10-19] (BitDefender S.R.L.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-11-18 18:56 - 2018-11-18 19:00 - 000023449 _____ C:\Users\Pieter\Downloads\FRST.txt 2018-11-18 18:55 - 2018-11-18 18:55 - 002416128 _____ (Farbar) C:\Users\Pieter\Downloads\FRST64.exe 2018-11-18 18:55 - 2018-11-18 18:55 - 000163328 _____ C:\WINDOWS\ERDNT.E_E 2018-11-18 18:55 - 2018-11-18 18:55 - 000004090 _____ C:\WINDOWS\ERUNT.LOC 2018-11-18 18:55 - 2018-11-18 18:55 - 000003275 _____ C:\WINDOWS\ERDNTWIN.LOC 2018-11-18 18:55 - 2018-11-18 18:55 - 000002815 _____ C:\WINDOWS\ERDNTDOS.LOC 2018-11-18 18:51 - 2018-11-18 18:56 - 000000000 ____D C:\FRST 2018-11-18 18:32 - 2018-11-18 18:34 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-11-18 18:32 - 2018-11-18 18:32 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-11-18 18:32 - 2018-11-18 18:32 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-11-18 18:32 - 2018-11-18 18:32 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-11-17 13:42 - 2018-11-17 13:42 - 000000000 ____D C:\Users\Pieter\AppData\Local\mbam 2018-11-17 13:41 - 2018-11-17 13:41 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-11-17 13:41 - 2018-11-17 13:41 - 000000000 ____D C:\Users\Pieter\AppData\Local\mbamtray 2018-11-17 13:40 - 2018-11-17 13:40 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-11-17 13:40 - 2018-11-17 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-11-17 13:40 - 2018-11-17 13:40 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-11-17 13:40 - 2018-11-17 13:40 - 000000000 ____D C:\Program Files\Malwarebytes 2018-11-17 13:40 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-11-17 13:36 - 2018-11-17 13:38 - 080144544 _____ (Malwarebytes ) C:\Users\Pieter\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7873.exe 2018-11-17 11:48 - 2018-11-17 12:06 - 000000000 ____D C:\AdwCleaner 2018-11-17 11:46 - 2018-11-17 11:46 - 007592144 _____ (Malwarebytes) C:\Users\Pieter\Downloads\adwcleaner_7.2.4.0.exe 2018-11-17 11:17 - 2018-11-17 11:17 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-11-17 11:17 - 2018-11-17 11:17 - 000002884 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-11-17 11:17 - 2018-11-17 11:17 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-11-17 11:17 - 2018-11-17 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-11-17 11:17 - 2018-11-17 11:17 - 000000000 ____D C:\Program Files\CCleaner 2018-10-29 14:06 - 2018-10-29 14:05 - 000181728 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll 2018-10-29 14:06 - 2018-10-29 14:05 - 000165200 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll 2018-10-24 09:13 - 2018-10-24 09:13 - 000000000 ____D C:\Users\Pieter\Desktop\Documents\Garmin 2018-10-24 09:08 - 2018-10-24 09:08 - 000001967 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2018-10-24 09:08 - 2018-10-24 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2018-10-24 09:03 - 2018-10-24 09:05 - 086433544 _____ (Garmin Ltd or its subsidiaries) C:\Users\Pieter\Downloads\GarminExpress (1).exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-11-18 19:02 - 2014-05-13 15:59 - 000000000 ____D C:\ProgramData\BullGuard 2018-11-18 19:00 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-11-18 19:00 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-11-18 18:32 - 2015-08-26 22:25 - 000000000 __SHD C:\Users\Pieter\IntelGraphicsProfiles 2018-11-18 18:31 - 2018-05-21 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-11-17 19:55 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-11-17 19:51 - 2018-05-21 11:14 - 000000000 ____D C:\Users\Pieter 2018-11-17 19:34 - 2018-10-04 09:01 - 000000000 ____D C:\WINDOWS\Minidump 2018-11-17 19:34 - 2018-05-21 11:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-11-17 19:34 - 2017-07-19 10:03 - 000696591 ____N C:\WINDOWS\Minidump\111718-107859-01.dmp 2018-11-17 15:47 - 2018-01-12 23:37 - 000000000 ____D C:\Program Files\rempl 2018-11-17 15:09 - 2018-06-15 18:46 - 000000000 ____D C:\Users\Pieter\AppData\Local\CrashDumps 2018-11-17 12:22 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-11-17 11:48 - 2014-11-29 13:57 - 000000000 ____D C:\Users\Pieter\AppData\Roaming\Spotify 2018-11-17 11:34 - 2018-05-21 11:42 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2228361774-2972515982-1438480923-1001 2018-11-17 11:34 - 2014-05-15 08:48 - 000000000 __RDO C:\Users\Pieter\OneDrive 2018-11-17 11:33 - 2018-09-21 08:30 - 000002418 _____ C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-11-17 11:32 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-11-17 11:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-11-17 11:32 - 2018-01-31 12:41 - 000000000 ____D C:\Users\Pieter\AppData\Local\Packages 2018-11-17 11:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-11-17 11:20 - 2014-10-01 23:42 - 000000000 ____D C:\Program Files\Fotoservice 2018-11-15 22:10 - 2018-05-21 11:30 - 001767124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-11-15 22:10 - 2018-04-12 17:02 - 000785364 _____ C:\WINDOWS\system32\perfh013.dat 2018-11-15 22:10 - 2018-04-12 17:02 - 000153682 _____ C:\WINDOWS\system32\perfc013.dat 2018-11-15 22:10 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2018-11-15 09:47 - 2016-02-20 10:21 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-11-14 12:41 - 2014-05-13 17:03 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-11-14 12:33 - 2014-05-13 17:03 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-11-14 11:16 - 2014-05-15 19:30 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-14 11:16 - 2014-05-15 19:30 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-11-13 12:50 - 2014-11-29 13:58 - 000000000 ____D C:\Users\Pieter\AppData\Local\Spotify 2018-11-06 13:07 - 2018-05-07 19:49 - 000002075 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2018-11-06 13:07 - 2018-05-07 19:49 - 000002065 _____ C:\Users\Public\Desktop\Google Docs.lnk 2018-11-06 13:07 - 2018-05-07 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2018-11-05 18:34 - 2018-04-12 00:41 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-11-05 18:34 - 2018-04-12 00:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-11-05 14:43 - 2018-01-30 00:38 - 000096184 _____ (BullGuard Ltd.) C:\WINDOWS\system32\Drivers\BdSentry.sys 2018-10-27 09:30 - 2015-02-25 09:26 - 000000000 ____D C:\Users\Pieter\AppData\LocalLow\Adobe 2018-10-24 09:18 - 2014-09-10 13:07 - 000000000 ____D C:\Users\Pieter\AppData\Local\Garmin 2018-10-24 09:12 - 2014-09-10 13:06 - 000000000 ____D C:\ProgramData\Garmin 2018-10-24 09:09 - 2014-09-10 13:06 - 000000000 ____D C:\Program Files (x86)\Garmin 2018-10-24 09:09 - 2014-05-13 16:00 - 000000000 ____D C:\ProgramData\Package Cache 2018-10-24 09:08 - 2018-05-21 11:42 - 000003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2018-10-19 23:52 - 2013-12-18 11:01 - 000439928 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\Trufos.sys ==================== Bestanden in de root van sommige mappen ======= 2016-10-11 20:55 - 2016-10-11 20:55 - 000000017 _____ () C:\Users\Pieter\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2018-05-21 11:07 ==================== Eind van FRST.txt ============================