Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 30-05.2019 Gestart door YpY (Beheerder) op YPY-PC (Acer Aspire 7750) (31-05-2019 21:13:17) Gestart vanaf C:\Users\YpY\Desktop Geladen Profielen: YpY (Beschikbare Profielen: YpY) Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: IE) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink -> CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Microsoft Corporation) [Bestand niet getekend] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated -> Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc. -> Dritek System Inc.) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-4038081757-550974096-142076149-1001\...\Run: [Google Update] => C:\Users\YpY\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC) HKU\S-1-5-21-4038081757-550974096-142076149-1001\...\MountPoints2: {09c39721-bbe8-11e2-bbd2-b870f49184e0} - E:\LaunchU3.exe -a HKU\S-1-5-21-4038081757-550974096-142076149-1001\...\MountPoints2: {45a99dab-4d0a-11e3-981d-b870f49184e0} - E:\DTVP_Launcher.exe HKU\S-1-5-21-4038081757-550974096-142076149-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\ir41_32.dll [756736 1997-07-06] (Intel Corporation) [Bestand niet getekend] HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{e8395380-6dfa-4902-a432-b4ea1deff769}.sdb] -> chrome_pp HKLM\Software\...\AppCompatFlags\InstalledSDB\{e8395380-6dfa-4902-a432-b4ea1deff769}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{e8395380-6dfa-4902-a432-b4ea1deff769}.sdb [2014-01-19] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\Users\YpY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2050 J510 series.lnk [2019-05-31] ShortcutAndArgument: Inktwaarschuwingen controleren - HP Deskjet 2050 J510 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN07R22H7W05D1;CONNECTION=USB;MONITOR=1; ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {1CE5FF42-E91D-480B-B75C-F6E6A6ABE676} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {228375E6-C9C2-42FB-9D85-2DEBAA1039CA} - System32\Tasks\{1647B677-059C-414A-B96F-918444B6CEF1} => C:\Windows\system32\pcalua.exe -a C:\Users\YpY\Favorites\Downloads\VideoBrowser_101100.exe -d C:\Users\YpY\Desktop Task: {252C2470-AE57-41CB-B2A7-B2E6B1E5588E} - \SpyHunter4Startup -> Geen bestand <==== AANDACHT Task: {3DAAEDFF-58D4-4C48-8F6A-567DE1A2FDE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {4781C0DE-EBB8-4EA5-B5AD-DF6AABC79F56} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {49C28251-8199-480A-9F45-A18FDD60285C} - System32\Tasks\{05C671CE-4359-427F-B88E-C4740F9C9EF7} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\ Task: {57809854-6DCD-4D8D-849C-52581DA3FCD6} - System32\Tasks\{3056E4D1-4391-4F10-BE79-77191EA9DC23} => C:\Program Files (x86)\EA Games\Command & Conquer The First Decade\Launcher\TFDLauncher.exe Task: {57ADB0B1-7CF0-4656-ACC7-D53701D62D2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-06-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {64C84AEB-A61F-417C-996C-F362DE8C4E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core => C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {7C692990-4C05-4EAD-BB1E-59D69F038DC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {855AF4CA-03DF-4867-AC38-4AB1A4F4A54D} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {8CFABA0D-69C0-40D4-A618-274BC8F4254B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {92946EF7-4812-4A47-BF51-F5C839D623F8} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [169352 2011-02-22] (CyberLink -> CyberLink) Task: {961FEB0B-3BE0-4CA9-8AB3-3D0EB455FC1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {A4AD0058-E33C-47B5-933B-0A65339194FC} - System32\Tasks\Google Updater and Installer => C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) Task: {AA1F5897-6B01-45B9-9D61-C924B0A1E73E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {AC838BDA-BCC7-4BE4-A3E8-949DE8D4DDC0} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [4119656 2012-10-02] (Hewlett Packard -> Hewlett-Packard Co.) Task: {BBE4F167-3616-4047-89F9-53ED405EA6BB} - System32\Tasks\{0AFA89FA-4B5A-4355-94B2-17B4B3E3F765} => C:\Program Files (x86)\EA Games\Command & Conquer The First Decade\Launcher\TFDLauncher.exe Task: {BE0F60EE-6136-4239-952F-327BFF343996} - System32\Tasks\{16AB30CD-28DF-4EC4-94A6-A61547077AF1} => C:\Program Files (x86)\EA Games\Command & Conquer The First Decade\Launcher\TFDLauncher.exe Task: {BEA28C63-F3D4-45F5-B34C-188AB634C9D4} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [120104 2011-02-22] (CyberLink -> CyberLink Corp.) Task: {C99D1ECD-C51B-4D25-BB43-C334E579BF8A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [264760 2011-02-22] (CyberLink -> Acer Incorporated) Task: {CCA0565B-0E86-4BB9-AD03-5379EF504F63} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {DA048296-6259-4B37-8E8A-44AD1EDF3036} - System32\Tasks\{890AB8E3-9F37-4C84-B22E-4D2F0996CF1F} => C:\Windows\system32\pcalua.exe -a C:\Users\YpY\Favorites\Downloads\TransferUtility_100012.exe -d C:\Users\YpY\Desktop Task: {DC6440A8-6761-4DBE-BA54-282A9A224301} - \0615pizUpdateInfo -> Geen bestand <==== AANDACHT Task: {DE51BE56-4EED-4EFE-A762-22540AAE1BC8} - System32\Tasks\{FD4C08F5-65D6-475F-8BE9-87BEF0B4DA55} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Age of Empires\UNINSTX.EXE" -c /runtemp Task: {E61CF375-DC04-44A6-A3B0-B28EC456F989} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {FED21E8A-662D-48EA-8E19-C349C8283E95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA => C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76 Tcpip\..\Interfaces\{92A5A776-FD10-4EE9-BD05-E10D01FD7CA9}: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76 Tcpip\..\Interfaces\{C6CE96AA-2C4D-447F-8270-9F8C8EC04AAB}: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKLM -> DefaultScope waarde ontbreekt SearchScopes: HKLM-x32 -> DefaultScope waarde ontbreekt SearchScopes: HKU\S-1-5-21-4038081757-550974096-142076149-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-22] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [Bestand niet getekend] BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-08] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Toolbar: HKU\S-1-5-21-4038081757-550974096-142076149-1001 -> Geen Naam - {472734EA-242A-422B-ADF8-83D1E48CC825} - Geen bestand DPF: HKLM-x32 {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 8hs2t1p9.default-1481530159461 FF ProfilePath: C:\Users\YpY\AppData\Roaming\TomTom\HOME\Profiles\mzehcktx.default [2016-03-12] FF Extension: (Emulator) - C:\Users\YpY\AppData\Roaming\TomTom\HOME\Profiles\mzehcktx.default\Extensions\Navcore.9.510.1234792@tomtom.com [2016-03-12] [Verouderd] [niet getekend] FF Extension: (Geen Naam) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [niet gevonden] FF ProfilePath: C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\8hs2t1p9.default-1481530159461 [2019-05-30] FF Extension: (uBlock Origin) - C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\8hs2t1p9.default-1481530159461\Extensions\uBlock0@raymondhill.net.xpi [2019-02-07] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-04] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-02-02] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-04] (Adobe Systems Incorporated -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2008-11-24] (Adobe Systems, Inc.) [Bestand niet getekend] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [Geen bestand] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-08] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-30] (Google Inc -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-02] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-4038081757-550974096-142076149-1001: @tools.google.com/Google Update;version=3 -> C:\Users\YpY\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-4038081757-550974096-142076149-1001: @tools.google.com/Google Update;version=9 -> C:\Users\YpY\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\YpY\AppData\Local\Google\Chrome\User Data\Default [2018-06-02] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\YpY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02] ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Bestand niet getekend] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X] ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2377216 2010-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies -> AVG Technologies) S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [4720704 2011-03-01] (Broadcom Corporation -> Broadcom Corporation) R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd -> Emsisoft Ltd) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-03] (Enigma Software Group USA, LLC -> ) R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12228128 2011-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-31] (Malwarebytes Corporation -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een maand (aangemaakt) ======== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2019-05-31 21:13 - 2019-05-31 21:17 - 000027988 _____ C:\Users\YpY\Desktop\FRST.txt 2019-05-31 21:11 - 2019-05-31 21:11 - 000001650 _____ C:\Users\YpY\Desktop\Scan log.txt 2019-05-31 19:30 - 2019-05-31 19:30 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-05-31 19:30 - 2019-05-31 19:30 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-05-31 19:30 - 2019-05-31 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-05-31 19:30 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-05-31 19:25 - 2019-05-31 19:25 - 000000000 ____D C:\ProgramData\MB3Install 2019-05-30 19:20 - 2019-05-30 19:30 - 002435584 _____ (Farbar) C:\Users\YpY\Desktop\FRST64.exe 2019-05-30 19:20 - 2019-05-30 19:30 - 000000000 ____D C:\Users\YpY\Desktop\FRST-OlderVersion 2019-05-30 19:17 - 2019-05-31 21:13 - 000000000 ____D C:\FRST 2019-05-30 17:26 - 2019-05-30 17:26 - 000002154 _____ C:\Users\YpY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-05-30 11:57 - 2019-05-30 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Een maand (gewijzigd) ======== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2019-05-31 20:57 - 2013-01-21 11:37 - 000000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2019-05-31 19:35 - 2009-07-14 06:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-05-31 19:35 - 2009-07-14 06:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-05-31 19:31 - 2011-08-20 19:16 - 000000000 ____D C:\ProgramData\clear.fi 2019-05-31 19:29 - 2013-03-03 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-05-31 19:29 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-05-31 19:04 - 2011-08-19 22:36 - 000003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2019-05-30 19:25 - 2012-05-30 12:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-05-30 19:16 - 2012-07-14 16:28 - 000002429 _____ C:\Users\YpY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-05-30 19:13 - 2016-11-25 14:13 - 000000000 ____D C:\Users\YpY\AppData\LocalLow\Mozilla 2019-05-30 19:10 - 2015-07-20 12:40 - 000000000 ____D C:\Users\YpY\AppData\Roaming\IObit 2019-05-30 17:27 - 2019-04-30 19:44 - 000003166 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4038081757-550974096-142076149-1001 2019-05-30 17:27 - 2015-08-06 20:26 - 000000000 ___RD C:\Users\YpY\OneDrive 2019-05-30 16:24 - 2016-10-19 19:27 - 000010209 _____ C:\Windows\wininit.ini 2019-05-30 12:00 - 2012-05-20 10:15 - 000003490 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-30 12:00 - 2012-05-20 10:15 - 000003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-15 13:08 - 2013-07-31 20:35 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-15 12:28 - 2013-07-31 20:13 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-05-15 11:49 - 2016-08-03 10:37 - 000003388 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core 2019-05-15 11:49 - 2012-07-14 16:27 - 000003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA ==================== Bestanden in de root van sommige mappen ======= 2014-05-21 12:15 - 2014-05-21 12:28 - 000000581 _____ () C:\Users\YpY\AppData\Local\cookies.ini 2012-05-05 16:46 - 2016-02-20 16:41 - 000008192 _____ () C:\Users\YpY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-29 20:51 - 2014-01-29 20:51 - 000002712 _____ () C:\Users\YpY\AppData\Local\recently-used.xbel 2016-02-10 20:43 - 2016-05-11 09:34 - 000007601 _____ () C:\Users\YpY\AppData\Local\Resmon.ResmonCfg 2019-04-27 12:19 - 2019-04-27 12:19 - 000000000 _____ () C:\Users\YpY\AppData\Local\{97FDA3A6-84FD-493D-BA9D-5CE3CA8CAF70} 2017-01-04 11:05 - 2017-01-04 11:07 - 000000000 _____ () C:\Users\YpY\AppData\Local\{A4BAB8C5-3FC5-480B-B15E-7EA975A66001} 2016-11-30 20:03 - 2016-11-30 20:03 - 000000000 _____ () C:\Users\YpY\AppData\Local\{FC7413C4-0425-4CFC-81B4-FD67A7302590} 2017-10-13 08:12 - 2017-10-13 08:12 - 000000000 _____ () C:\Users\YpY\AppData\Local\{FCA3FA8C-B76B-4D49-809D-0770EC3245CC} ==================== SigCheck =============================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) LastRegBack: 2019-04-27 14:04 ==================== Einde van FRST.txt ============================