Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 13-11-2019 Gestart door Carl (Beheerder) op LENOVO-PC (LENOVO 10131) (13-11-2019 12:28:50) Gestart vanaf C:\Users\Carl\Desktop Geladen Profielen: Carl (Beschikbare Profielen: Carl & Administrator) Platform: Windows 8.1 (Update) (X64) Taal: Nederlands (Nederland) Standaardbrowser: IE Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) () [Bestand niet getekend] C:\Windows\jmesoft\JME_LOAD.exe () [Bestand niet getekend] C:\Windows\jmesoft\Service.exe () [Bestand niet getekend] C:\Windows\SysWOW64\UMonit64.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) [Bestand niet getekend] C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe (HP) [Bestand niet getekend] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel(R) Corporation) [Bestand niet getekend] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] C:\Program Files\Classic Shell\ClassicStartMenu.exe (Lenovo -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo) [Bestand niet getekend] C:\Windows\jmesoft\hotkey.exe (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) [Bestand niet getekend] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (WhatsApp, Inc -> WhatsApp) C:\Users\Carl\AppData\Local\WhatsApp\app-0.3.5374\WhatsApp.exe (WhatsApp, Inc -> WhatsApp) C:\Users\Carl\AppData\Local\WhatsApp\app-0.3.5374\WhatsApp.exe (WhatsApp, Inc -> WhatsApp) C:\Users\Carl\AppData\Local\WhatsApp\app-0.3.5374\WhatsApp.exe (WhatsApp, Inc -> WhatsApp) C:\Users\Carl\AppData\Local\WhatsApp\app-0.3.5374\WhatsApp.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Register (gefilterd) =================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [Bestand niet getekend] HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [Bestand niet getekend] HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink -> CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-09-20] (Mixbyte Inc -> ) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft) HKU\S-1-5-21-3613076481-972898892-3462059891-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3613076481-972898892-3462059891-1001\...\Run: [Spotify] => C:\Users\Carl\AppData\Roaming\Spotify\Spotify.exe [25972968 2019-01-04] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3613076481-972898892-3462059891-1001\...\Run: [Chromium] => c:\users\carl\appdata\local\chromium\application\chrome.exe [859648 2017-02-26] (The Chromium Authors) [Bestand niet getekend] HKU\S-1-5-21-3613076481-972898892-3462059891-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-10] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-09-13] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Geen bestand) Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar921.lnk [2019-11-13] ShortcutTarget: Sidebar921.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [Bestand niet getekend] ==================== Geplande Taken (gefilterd) ============ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {35A199A7-50C9-44BC-86E9-42C3363F87A3} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe Task: {4158566B-71AC-42E8-B3C2-84594F80BA0D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321240 2018-09-06] (Lenovo -> Lenovo) Task: {4E6F7777-638A-406C-A622-39424EEDB7AE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-21] (AVAST Software s.r.o. -> AVAST Software) Task: {52660C85-7D7B-4BBF-9AB0-AE1D4F6571DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {543A54D9-738C-4793-95E4-38C964D5AF42} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10920216 2018-09-06] (Lenovo -> Lenovo) Task: {6F8E41DB-57D1-48A0-B476-645106A1EB49} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [331544 2018-09-06] (Lenovo -> ) Task: {7C89BC34-ED50-4D65-94B3-F81248373AE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {8188867D-ED54-4F84-95B2-E76492B201DE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe) Task: {85F2E555-669C-4025-80FE-9D75DA578C71} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {866CD9CF-0394-4AF9-805A-89EDC4A7534F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {966BDC14-B622-4AE8-8DBB-0B4FFABBACBF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {972D9E03-2CDF-4D95-8E67-7A5B4721E82B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-13] (Adobe Inc. -> Adobe) Task: {A095B37B-0771-416A-97FA-283953BA4C20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-10-09] (Google Inc -> Google Inc.) Task: {A66D387E-C6CA-45DD-A290-861FA445B369} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {B29FCA6A-495C-4130-9835-C9D6D0D9260F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3613076481-972898892-3462059891-1001 => C:\Users\Carl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2019-09-28] (Microsoft Corporation -> Microsoft Corporation) Task: {BB59DEE5-65CF-40A3-9B2D-E9376DF9A641} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {BEFC041A-A08B-4A68-B309-770C8E0F3B05} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2013-10-25] () [Bestand niet getekend] Task: {D3DCB2DC-830E-4D2F-83D2-B9CE57BF8F5A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {E61D950B-E1D4-4B6C-9B4D-102371658740} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-21] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {F22ACC8F-451F-402E-8F5E-04D387CB5C19} - System32\Tasks\{4A35A59C-8423-45AF-BC74-C3482D10F6BB} => C:\WINDOWS\system32\pcalua.exe -a E:\setupstb.exe -d E:\ Task: {F51A09CE-0469-465E-A34E-FCC21F308C0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {FDC7EBF2-B03B-4083-BDB3-4D0DD6B48126} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-10-09] (Google Inc -> Google Inc.) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21 Tcpip\..\Interfaces\{321F408E-6E14-47DB-A592-DC375E4886EA}: [DhcpNameServer] 84.116.46.20 84.116.46.21 Tcpip\..\Interfaces\{9B0651E8-7596-4E97-B2D6-4A98C06863B4}: [DhcpNameServer] 84.116.46.20 84.116.46.21 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-eb30cd4c47e308a2 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-eb30cd4c47e308a2 HKU\S-1-5-21-3613076481-972898892-3462059891-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3613076481-972898892-3462059891-1001 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-eb30cd4c47e308a2&q={searchTerms} SearchScopes: HKU\S-1-5-21-3613076481-972898892-3462059891-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-eb30cd4c47e308a2&q={searchTerms} SearchScopes: HKU\S-1-5-21-3613076481-972898892-3462059891-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7545FB1C-C230-48F2-9BC6-C5CAC0254386}&mid=cca36e74701547cca1ca117693704f15-b7e2e6d4c8df9182df3e638658f2a6bc6cf15537&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-29 18:08:26&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] BHO: Geen Naam -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Geen bestand BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] Toolbar: HKU\S-1-5-21-3613076481-972898892-3462059891-1001 -> Geen Naam - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Geen bestand Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - Geen bestand StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: dy8ygbz6.default FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dy8ygbz6.default [2019-04-16] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF Software -> Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-10] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-10] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-16] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default [2019-11-13] CHR Extension: (Tampermonkey) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-11-10] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-10] CHR Extension: (Chrome Media Router) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-10] CHR HKU\S-1-5-21-3613076481-972898892-3462059891-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-09-20] (Mixbyte Inc -> Freemake) R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Bestand niet getekend] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [Bestand niet getekend] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Bestand niet getekend] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [Bestand niet getekend] S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [337688 2018-09-06] (Lenovo -> Lenovo) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software -> Nitro PDF Software) R2 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-13] (Nitro PDF Software -> Nalpeiron Ltd.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> ) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X] ===================== Drivers (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) S1 crlscsi; C:\Windows\SysWow64\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation) [Bestand niet getekend] R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-21] (Genesys Logic,INC. -> GenesysLogic) S3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Bestand niet getekend] R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-11-10] (Malwarebytes Corporation -> Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation ) R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2018-05-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tapnordvpn; C:\WINDOWS\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink) U3 aswbdisk; geen ImagePath U3 avgbdisk; geen ImagePath ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een maand (aangemaakt) =================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2019-11-13 12:28 - 2019-11-13 12:29 - 000025484 _____ C:\Users\Carl\Desktop\FRST.txt 2019-11-13 12:26 - 2019-11-13 12:27 - 002260480 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe 2019-11-13 12:20 - 2019-11-13 12:20 - 000000000 ___HD C:\OneDriveTemp 2019-11-13 12:18 - 2019-11-13 12:20 - 000000000 ____D C:\Users\Carl\OneDrive 2019-11-11 11:41 - 2019-11-11 12:09 - 000024064 _____ C:\Users\Carl\Desktop\Back-up van Familie.wbk 2019-11-10 10:43 - 2019-11-10 18:00 - 000002266 _____ C:\Users\Carl\Desktop\Google Chrome.lnk 2019-11-10 10:42 - 2019-11-10 10:43 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-09 11:13 - 2019-11-09 11:33 - 000026112 _____ C:\Users\Carl\Desktop\Back-up van DecorTrein_1.wbk 2019-11-07 14:37 - 2019-11-07 15:03 - 000204288 _____ C:\Users\Carl\Desktop\Back-up van Feedback_antwoorden.wbk 2019-11-07 14:06 - 2019-11-08 16:46 - 000036864 _____ C:\Users\Carl\Desktop\Back-up van Training LL.wbk 2019-11-04 12:47 - 2019-11-04 14:19 - 000000140 _____ C:\Users\Carl\Desktop\RABOBANK.url 2019-11-03 17:05 - 2019-11-03 17:05 - 000244484 _____ C:\Users\Carl\Downloads\keen1.zip 2019-10-17 13:26 - 2019-10-17 13:26 - 000108398 _____ C:\Users\Carl\Downloads\12025300_443848496.pdf ==================== Een maand (gewijzigd) ================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2019-11-13 12:29 - 2018-05-22 09:46 - 000000000 ____D C:\FRST 2019-11-13 12:26 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-11-13 12:24 - 2015-10-26 04:46 - 000000000 ____D C:\Users\Carl\AppData\Roaming\ClassicShell 2019-11-13 12:24 - 2015-10-26 04:44 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3613076481-972898892-3462059891-1001 2019-11-13 12:20 - 2015-10-20 21:15 - 000000000 ____D C:\Users\Carl\AppData\Local\Packages 2019-11-13 12:19 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2019-11-13 12:18 - 2019-06-12 08:35 - 000000000 ___RD C:\Users\Carl\OneDrive (3).old 2019-11-13 12:18 - 2015-10-26 04:36 - 000000000 ____D C:\Users\Carl 2019-11-13 11:53 - 2018-02-21 12:52 - 000004584 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2019-11-13 11:53 - 2018-02-21 12:52 - 000004434 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2019-11-13 11:53 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-11-13 11:53 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-11-13 11:46 - 2018-07-20 15:46 - 000000000 ____D C:\Users\Carl\AppData\Local\CrashDumps 2019-11-13 10:42 - 2017-12-31 12:35 - 000000000 ____D C:\Users\Carl\AppData\Roaming\WhatsApp 2019-11-13 09:48 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-11-13 09:46 - 2015-10-26 06:39 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-11-13 09:42 - 2015-10-26 06:39 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-11-12 22:03 - 2015-10-26 05:40 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-11-12 13:19 - 2017-10-09 13:56 - 000000000 ____D C:\Users\Carl\Documents\WORD 2019-11-11 10:42 - 2017-10-09 12:24 - 005262848 ___SH C:\Users\Carl\Desktop\Thumbs.db 2019-11-10 10:51 - 2017-10-09 14:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-11-10 10:44 - 2014-06-10 17:14 - 000800524 _____ C:\WINDOWS\system32\perfh013.dat 2019-11-10 10:44 - 2014-06-10 17:14 - 000159750 _____ C:\WINDOWS\system32\perfc013.dat 2019-11-10 10:44 - 2013-08-31 16:40 - 001819182 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-11-10 10:44 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2019-11-10 10:42 - 2017-10-09 14:17 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-10 10:40 - 2019-10-12 08:25 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-11-10 10:40 - 2017-10-09 14:17 - 000003492 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-11-10 10:40 - 2017-10-09 14:17 - 000003364 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-11-10 10:38 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-11-10 10:36 - 2018-10-07 10:30 - 000000000 ____D C:\Users\Carl\AppData\Local\HP 2019-11-10 10:36 - 2013-08-31 16:38 - 000000000 ____D C:\Users\Administrator 2019-11-10 10:28 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\registration 2019-11-10 10:26 - 2017-10-09 14:17 - 000000000 ____D C:\Users\Carl\AppData\Local\Google 2019-11-07 11:05 - 2017-10-10 11:16 - 000000000 ____D C:\Users\Carl\Documents\FOTO'S 2019-11-03 11:18 - 2019-01-09 15:05 - 000128512 ___SH C:\Users\Carl\Documents\Thumbs.db 2019-10-28 17:34 - 2018-12-07 16:44 - 000000276 _____ C:\Users\Carl\Desktop\VERTALEN NL-DTS.url 2019-10-24 13:49 - 2019-09-22 10:11 - 000000000 ____D C:\Users\Carl\AppData\Local\WhatsApp 2019-10-17 15:16 - 2017-10-09 14:17 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2019-10-14 14:57 - 2018-03-15 15:35 - 000000000 ____D C:\Aldfaer 2019-10-14 14:34 - 2015-11-26 13:23 - 000000000 ____D C:\Users\Carl\AppData\Local\Adobe 2019-10-14 11:20 - 2017-12-12 12:43 - 000000000 ____D C:\Users\Carl\AppData\LocalLow\Mozilla 2019-10-14 11:13 - 2019-09-28 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-10-14 11:13 - 2019-03-25 15:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2019-10-14 09:06 - 2019-03-05 09:54 - 000000000 ____D C:\Users\Carl\Desktop\NAMEN ==================== Bestanden in de root van sommige mappen ======== 2015-10-26 05:31 - 2019-09-30 12:00 - 000025263 _____ () C:\Users\Carl\AppData\Roaming\LENOVO-PC.MTBF.txt 2019-01-05 09:47 - 2019-01-05 09:47 - 000000042 _____ () C:\Users\Carl\AppData\Roaming\WB.CFG 2015-10-26 05:32 - 2019-01-09 14:21 - 000137728 _____ () C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== SigCheck ============================ (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) LastRegBack: 2019-11-13 09:40 ==================== Einde van FRST.txt ========================