Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 14-03-2021 Gestart door Thierry (Beheerder) op THIERRYLAPTOP (Hewlett-Packard HP Pavilion 15 Notebook PC) (16-03-2021 18:25:15) Gestart vanaf C:\Users\Thierry\Desktop Geladen Profielen: Thierry Platform: Windows 10 Home Versie 2004 19041.804 (X64) Taal: Nederlands (Nederland) Standaardbrowser: Chrome Boot Modus: Normal ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) () [Bestand niet getekend] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\A84912C4-14B9-41C1-9DBC-373B22CF9A3E\MpSigStub.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\117.4.378\QtWebEngineProcess.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B7381030-7EB8-4DE5-A038-F929C1A651E9}\MicrosoftEdge_X64_89.0.774.54_89.0.774.50.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <3> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe <2> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Thierry\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Thierry\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-30d69606.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Temp\EDGEMITMP_8CA3F.tmp\setup.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WaaSMedicAgent.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MpCmdRun.exe <2> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Register (gefilterd) =================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992032 2021-03-03] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-1049643930-549260389-1984244956-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1049643930-549260389-1984244956-1001\...\MountPoints2: {8fee3a28-989f-11e7-8ffc-a01d48d49b9d} - "G:\OnePlus_setup.exe" /s HKLM\...\Windows x64\Print Processors\Canon MX890 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAZ.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX890 series: C:\WINDOWS\system32\CNCALAZ.DLL [302592 2011-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX890 series: C:\WINDOWS\system32\CNMLMAZ.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX890 series XPS: C:\WINDOWS\system32\CNMXLMAZ.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [356864 2011-10-03] (CANON INC.) [Bestand niet getekend] HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-13] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrictie <==== AANDACHT ==================== Geplande Taken (gefilterd) ============ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {02C27BAF-9F81-438E-8326-F777FB814EA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-11] (Google Inc -> Google Inc.) Task: {07A2C4EC-7919-4F53-860E-69B590D8796C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-08] (Microsoft Corporation -> Microsoft Corporation) Task: {137728B4-2B12-46CF-BEEB-ACDEC1D19D67} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Task: {1586A3E3-5242-4356-82AC-5B2C54F3BB9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {19EE1EB5-DBAE-43EF-852C-6724D64F42CA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-13] (Mozilla Corporation -> Mozilla Foundation) Task: {1A7973A8-B4AE-43F6-B53E-B3CEA87A7555} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {4CEF8FB4-C3B0-4FFA-9730-2167977A0004} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-11] (Google Inc -> Google Inc.) Task: {4F899329-B288-46E6-8FED-5D79F8770E50} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {54454DBF-0566-4424-8086-2F0B2639D9F7} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) Task: {55FD5672-2CDE-4564-8E6F-83F8785BE485} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6317D557-A2E1-4830-A707-AEAE405E20F9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {6FD2D423-CC32-45A7-AF9C-ED09552695A0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {78536872-0E81-4350-A8C7-44F7097CB8E3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {82094E92-BD79-48D8-9E01-52FD5596158B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-28] (Dropbox, Inc -> Dropbox, Inc.) Task: {850D7A02-C570-437E-8B33-68E7472D8188} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform) Task: {8E615E55-A1D4-4AE4-8721-5B4B7D52E8D4} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2019-01-30] (Corel Corporation -> Corel Corporation) Task: {B32EF2DB-8095-4225-96BF-0C1A5C5F21B7} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Thierry\Desktop\adwcleaner_7.3(1).exe Task: {B7E366C7-4BE8-4F1E-91AE-9DEC36CA2E61} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133488 2021-03-08] (Microsoft Corporation -> Microsoft Corporation) Task: {CF692D38-466E-463E-9D54-FD14B76D6194} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2019-01-30] (Corel Corporation -> Corel Corporation) Task: {D9CBD045-F7B9-43A9-856E-332807AC0FD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DA43AE4B-D7EE-474F-B3EF-39EAC39E5120} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2019-01-30] (Corel Corporation -> Corel Corporation) Task: {DE5BAD48-5768-46E7-80EC-E205BEA4C207} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-28] (Dropbox, Inc -> Dropbox, Inc.) Task: {E6817ED3-BBD4-492A-B19D-04707A7893FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EB37C877-09AE-48D0-8C35-E1B2D4FC80AD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-03-08] (Microsoft Corporation -> Microsoft Corporation) Task: {ED116EFE-84BD-441B-A8EE-995FB1186417} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Hosts: Er is meer dan één item in Hosts. Zie Hosts deel van Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2c510732-5d5e-4ae0-a879-2c7b6b63a73d}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5778c86c-87e8-422d-b4df-46d43688eb8b}: [DhcpNameServer] 192.168.1.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <==== AANDACHT Edge: ======= Edge Profile: C:\Users\Thierry\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-25] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 4HiqKwxn.default FF ProfilePath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\io1lp0pn.default-release [2021-03-13] FF ProfilePath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\4HiqKwxn.default [2020-02-04] FF Extension: (Geen Naam) - C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\4HiqKwxn.default\Extensions\abs@avira.com [2020-02-04] [niet getekend] FF Extension: (Avira Password Manager) - C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\4HiqKwxn.default\Extensions\passwordmanager@avira.com [2020-01-31] FF Extension: (Geen Naam) - C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\4HiqKwxn.default\Extensions\safesearchplus2@avira.com [2020-02-04] [niet getekend] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.) [Bestand niet getekend] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1049643930-549260389-1984244956-1001: connective.be/BrowserPlugin -> C:\Users\Thierry\AppData\Local\Connective\SigningFirefoxPlugin\npapi-plugin.dll [2018-07-17] (Connective n.v.) [Bestand niet getekend] FF Plugin HKU\S-1-5-21-1049643930-549260389-1984244956-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Thierry\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1049643930-549260389-1984244956-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Thierry\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1049643930-549260389-1984244956-1001: temasys.com.sg/TemWebRTCPlugin -> C:\Users\Thierry\AppData\Roaming\Tem\TemWebRTCPlugin\0.8.876\npTemWebRTCPlugin.dll [2016-08-03] (Temasys Communications Pte Ltd -> Temasys) Chrome: ======= CHR Profile: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default [2021-03-16] CHR Notifications: Default -> hxxps://84055810590742.webpush.freshchat.com; hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://vtm.be; hxxps://www.eefkooktzo.nl; hxxps://www.hln.be; hxxps://www.netflix.com; hxxps://www.nieuwsblad.be; hxxps://www.pinterest.com CHR HomePage: Default -> hxxp://www.google.be/ CHR StartupUrls: Default -> "hxxp://www.google.be/" CHR Extension: (Presentaties) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-24] CHR Extension: (Documenten) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-24] CHR Extension: (Google Drive) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21] CHR Extension: (eID Chrome Extension) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdaodnaecdijpajecpncpdomgcoakc [2019-01-19] CHR Extension: (YouTube) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-24] CHR Extension: (Adobe Acrobat) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-13] CHR Extension: (Spreadsheets) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-24] CHR Extension: (TrooperBot) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffihebdjbmojhogbafnobhbkaccambpn [2020-05-08] CHR Extension: (Avira Browser Safety) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-03-16] CHR Extension: (Offline Documenten) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16] CHR Extension: (Mailto-optie) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hebcihefijmklkimfhenalibpdmalnci [2021-02-16] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-01] CHR Extension: (Connective signing extension) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclpjmhngbacampgcdojmiedamjbgjjm [2019-11-14] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-09] CHR Extension: (OneDrive) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2018-05-24] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09] CHR Extension: (Gmail) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKU\S-1-5-21-1049643930-549260389-1984244956-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] ==================== Services (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-05-06] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-28] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-28] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-03-03] (Dropbox, Inc -> Dropbox, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [776832 2018-05-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [Bestand niet getekend] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) U2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Bestand niet getekend] S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-01] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-01] (Disc Soft Ltd -> Disc Soft Ltd) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-25] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-21] (Malwarebytes Inc -> Malwarebytes) S3 pccsmcfd; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-08] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een maand (aangemaakt) (gefilterd) ========= (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2021-03-16 18:25 - 2021-03-16 18:45 - 000025721 _____ C:\Users\Thierry\Desktop\FRST.txt 2021-03-16 18:13 - 2021-03-16 18:13 - 002300928 _____ (Farbar) C:\Users\Thierry\Desktop\FRST64.exe 2021-03-13 16:59 - 2021-03-13 16:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-13 16:12 - 2021-03-13 16:13 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-08 07:53 - 2021-03-08 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-03-03 04:12 - 2021-03-03 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-03-03 04:12 - 2021-03-03 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-03-03 04:12 - 2021-03-03 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-03-03 04:12 - 2021-03-03 04:12 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-02-25 11:29 - 2021-02-25 11:29 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-02-22 09:40 - 2021-02-23 10:28 - 000000442 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2021-02-21 14:01 - 2021-02-21 14:01 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-02-21 14:01 - 2020-11-23 09:45 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-02-16 16:50 - 2021-02-16 16:50 - 002449961 _____ C:\Users\Thierry\Downloads\gebruikershandleiding-com.pdf 2021-02-16 15:13 - 2021-02-16 15:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-02-15 15:27 - 2021-02-15 15:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-02-15 15:27 - 2021-02-15 15:27 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-02-15 15:27 - 2021-02-15 15:27 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-02-15 15:24 - 2021-02-15 15:24 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll ==================== Een maand (gewijzigd) ================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2021-03-16 18:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-16 18:41 - 2018-05-25 15:34 - 000000000 ____D C:\FRST 2021-03-16 18:39 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-16 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-16 18:37 - 2020-10-06 12:52 - 000000000 ___HD C:\$WinREAgent 2021-03-16 18:37 - 2020-06-15 11:25 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-16 18:09 - 2018-04-10 20:15 - 000000000 ____D C:\Program Files\CCleaner 2021-03-16 18:08 - 2020-10-12 15:43 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-16 18:07 - 2014-03-18 20:18 - 000000000 ___RD C:\Users\Thierry\OneDrive 2021-03-16 18:04 - 2017-06-07 18:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-03-16 18:04 - 2015-08-30 22:03 - 000000000 __SHD C:\Users\Thierry\IntelGraphicsProfiles 2021-03-13 17:30 - 2020-10-01 06:29 - 000000000 ____D C:\Users\Thierry\AppData\Local\PlaceholderTileLogoFolder 2021-03-13 17:00 - 2020-08-31 18:38 - 000000000 ____D C:\Users\Thierry\AppData\LocalLow\Mozilla 2021-03-13 17:00 - 2020-08-31 18:37 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-13 16:58 - 2020-08-31 18:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-13 16:11 - 2020-08-31 18:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-13 15:27 - 2020-10-12 14:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-13 15:00 - 2018-05-24 20:48 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-13 14:59 - 2016-05-11 21:03 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-13 14:49 - 2020-05-22 08:11 - 000000000 ____D C:\Users\Thierry\AppData\Local\CrashDumps 2021-03-13 14:48 - 2020-10-12 15:43 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1049643930-549260389-1984244956-1001 2021-03-13 14:48 - 2020-10-12 15:03 - 000002378 _____ C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-08 10:51 - 2016-06-14 19:22 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\vlc 2021-03-08 09:05 - 2016-05-11 21:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-03-08 08:00 - 2018-12-28 12:20 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-03-08 08:00 - 2018-05-22 19:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-08 07:51 - 2020-10-13 12:25 - 000003580 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a0a2af5d1bbd 2021-03-08 07:51 - 2020-10-12 15:43 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-02-26 07:43 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-02-25 10:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-02-25 10:12 - 2020-10-06 16:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-23 10:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-02-22 09:42 - 2020-10-12 15:21 - 001771328 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-02-22 09:42 - 2019-12-07 16:12 - 000787040 _____ C:\WINDOWS\system32\perfh013.dat 2021-02-22 09:42 - 2019-12-07 16:12 - 000154132 _____ C:\WINDOWS\system32\perfc013.dat 2021-02-21 14:02 - 2020-04-28 17:59 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-02-21 14:01 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-02-16 16:59 - 2020-10-12 15:43 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-02-16 16:37 - 2020-10-12 14:54 - 005463136 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-02-16 16:35 - 2020-10-12 15:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-02-16 16:35 - 2020-10-12 14:53 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-16 16:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-02-16 16:34 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-02-16 16:31 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-16 16:31 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2021-02-15 14:16 - 2016-05-11 21:53 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-02-15 14:05 - 2016-05-11 21:53 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Bestanden in de root van sommige mappen ======== 2017-01-15 15:45 - 2017-01-15 15:45 - 000000063 _____ () C:\Program Files (x86)\mkisowin.ini 2019-06-21 13:03 - 2019-06-21 13:03 - 000224338 _____ () C:\Users\Thierry\AppData\Roaming\5fx_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2017-01-22 12:53 - 2018-08-26 20:11 - 000000132 _____ () C:\Users\Thierry\AppData\Roaming\Adobe PNG Format CS6 Prefs 2019-02-08 19:26 - 2019-02-08 19:26 - 000221566 _____ () C:\Users\Thierry\AppData\Roaming\khy_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt 2016-05-29 15:04 - 2016-05-29 15:04 - 000002142 _____ () C:\Users\Thierry\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) ==================== Einde van FRST.txt ========================