Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 29-03-2020 Gestart door rita (Beheerder) op ERWIN (Packard Bell ENLE11BZ) (30-03-2020 23:23:07) Gestart vanaf C:\Users\rita\Desktop Geladen Profielen: rita (Beschikbare Profielen: rita & Gast) Platform: Windows 10 Home Versie 1909 18363.752 (X64) Taal: Nederlands (Nederland) Standaardbrowser: Edge Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) () [Bestand niet getekend] C:\Program Files (x86)\BrytonBridge2\BBDaemon.exe () [Bestand niet getekend] C:\Program Files (x86)\BrytonBridge2\BBService.exe () [Bestand niet getekend] C:\Program Files (x86)\BrytonBridge2\BrytonBridge2.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices, Inc. -> ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc.) [Bestand niet getekend] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc. -> Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe (Facebook, Inc. -> Facebook Inc.) C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\rita\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros -> Atheros) [Bestand niet getekend] C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe ==================== Register (gefilterd) =================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [706440 2015-09-28] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2020-01-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-01-16] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261248 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [Facebook Update] => C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-19] (Facebook, Inc. -> Facebook Inc.) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1579368 2020-03-17] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [BingSvc] => C:\Users\rita\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (Microsoft Corporation -> © 2015 Microsoft Corporation) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91511144 2020-01-24] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\rita\AppData\Local\Microsoft\Teams\Update.exe [2342544 2020-03-30] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-455634102-3971962441-1493714179-1001\...\Policies\Explorer: [] HKU\S-1-5-21-455634102-3971962441-1493714179-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\DEAARD~1.SCR [10638336 2013-10-22] () [Bestand niet getekend] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8237E44A-0054-442C-B6B6-EA0509993955}] -> C:\Program Files (x86)\Google\Chrome Beta\Application\81.0.4044.83\Installer\chrmstp.exe [2020-03-26] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BrytonBridge2.lnk [2017-02-18] ShortcutTarget: BrytonBridge2.lnk -> C:\Program Files (x86)\BrytonBridge2\BrytonBridge2.exe () [Bestand niet getekend] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrictie <==== AANDACHT ==================== Geplande Taken (gefilterd) ============ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {05C020B1-46CA-4BA7-80E2-89A72020DA66} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-455634102-3971962441-1493714179-1001Core => C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-19] (Facebook, Inc. -> Facebook Inc.) Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {1B407A2D-AB73-46DF-B1E5-742A00622E5B} - System32\Tasks\{7E363E3F-BDFC-43DD-B474-8063D18A6AF8} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\rita\SkyDrive\Documenten\Education 2.5.4.9380\setup.exe" -d "C:\Users\rita\SkyDrive\Documenten\Education 2.5.4.9380" Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {2B033C1F-C2FC-4613-9997-7171D84F986F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-07] (Microsoft Corporation -> Microsoft Corporation) Task: {2FB6E6E5-D882-4B7D-A0AA-34006B5F3421} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {32ACD327-9160-43CE-A38E-ECED9E0D4D62} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {47238C0A-AE41-47E9-9C04-D88C26D800F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [1332736 2018-01-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {494BA159-6DDE-4B42-B5F7-754AC16BAE11} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation) Task: {4BE70922-CF3B-4EBD-A68B-5A444FC63DE8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {5567A2AB-C72E-496A-9057-130928656A87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {567CDFCD-D4CA-412D-8F72-4C36B5B4661C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation) Task: {5A8EBA1B-45C1-4955-8351-8DB4C3836130} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5B881B55-9289-4553-892B-1DFFCED40768} - System32\Tasks\{2522551F-65FB-4163-969D-21A79F1EE7AC} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.7.64.103/nl/go/help.faq.installer?LastError=1618 Task: {5E2C0485-BA38-40E3-8712-F0BC744CF49D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-455634102-3971962441-1493714179-1001UA => C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-19] (Facebook, Inc. -> Facebook Inc.) Task: {67EBACFF-E126-4F7F-8CF7-22A49AE52FBA} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {6EAE309D-635B-4B16-9334-96AD9FD63AC5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {6FDFC4E5-03E9-4A02-8EC8-70FF6C202C54} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-25] (Adobe Inc. -> Adobe) Task: {73157B7C-A0A9-4CAC-814D-DC898601CD19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6154584 2020-03-07] (Microsoft Corporation -> Microsoft Corporation)