Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 28-03-2022 Gestart door Betty (Beheerder) op DESKTOP-DVI3PBU (31-03-2022 05:08:02) Gestart vanaf C:\Users\Betty\Downloads Geladen Profielen: Betty Platform: Microsoft Windows 10 Home Versie 21H2 19044.1586 (X64) Taal: Nederlands (Nederland) Standaardbrowser: FF Boot Modus: Normal ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (DriverStore\FileRepository\u0375201.inf_amd64_fcb1d03a1587a338\B371320\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0375201.inf_amd64_fcb1d03a1587a338\B371320\atieclxx.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6> (services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0375201.inf_amd64_fcb1d03a1587a338\B371320\atiesrxx.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe (services.exe ->) (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Register (gefilterd) =================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3153353569-2753586557-890086162-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\Betty\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (Geen bestand) HKU\S-1-5-21-3153353569-2753586557-890086162-1001\...\Run: [MicrosoftEdgeAutoLaunch_DAF63706F5CBDC56F3678A0C997F9B69] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-3153353569-2753586557-890086162-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-02-18] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk [2020-01-20] ShortcutTarget: OneNote 2007 Schermopname en Snel starten.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restrictie - Chrome <==== AANDACHT Policies: C:\ProgramData\NTUSER.pol: Restrictie <==== AANDACHT HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrictie <==== AANDACHT HKLM\SOFTWARE\Policies\Google: Restrictie <==== AANDACHT ==================== Geplande Taken (gefilterd) ============ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {06BA20E8-B6F8-4BED-A053-78C972F78379} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {21B30FAA-A1DA-4EA1-8C53-998891E74F4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {24F4E60E-0126-45B2-9FD8-4A64103D8F84} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {52A4B184-9C0A-4511-91AE-B21DC692422A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {58778C5A-0FAD-4D56-987D-90FFDFA918B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F15C636E-16CF-40B0-9B8C-6FF5A68142E7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.2 195.130.130.2 Tcpip\..\Interfaces\{ced58839-ed32-45f8-8f4b-6c1cbebe4cab}: [DhcpNameServer] 195.130.131.2 195.130.130.2 Edge: ======= DownloadDir: C:\Users\Betty\Downloads Edge Notifications: HKU\S-1-5-21-3153353569-2753586557-890086162-1001 -> hxxps://www.promobutler.be; hxxps://www.facebook.com; hxxps://www.bestekrabbels.nl; hxxps://by-anna.ucoz.ru Edge Extension: (Geen Naam) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [niet gevonden] Edge Extension: (Geen Naam) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [niet gevonden] Edge Extension: (Geen Naam) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [niet gevonden] Edge Extension: (Geen Naam) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [niet gevonden] Edge DefaultProfile: Default Edge Profile: C:\Users\Betty\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-31] Edge DownloadDir: Default -> C:\Users\Betty\Downloads Edge Notifications: Default -> hxxps://newsmonkey.be; hxxps://postimg.cc; hxxps://sporza.be; hxxps://www.facebook.com; hxxps://www.vrt.be Edge HomePage: Default -> hxxps://www.google.be/ Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: elj14mz8.default FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\elj14mz8.default [2019-09-23] FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408 [2022-03-31] FF Homepage: Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408 -> google.be FF Notifications: Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408 -> hxxps://www.hln.be; hxxps://www.promobutler.be; hxxps://www.filmvandaag.nl; hxxps://www.pinterest.com; hxxps://www.pc-helpforum.be FF Extension: (Fox Themes) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{51751640-02d2-4b3a-893f-64f7ed5ac6ac}.xpi [2021-06-06] FF Extension: (Purpling bubbles) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{69ab6730-1a1a-4d27-8aa4-f27a0e5f2de8}.xpi [2021-06-19] FF Extension: (Pastel Clouds) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{99fb7aee-8042-4590-9940-c0de7d8aa8c9}.xpi [2021-06-03] FF Extension: (Midnight Panda) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{d175e186-f92b-4c36-8320-f298cb45616e}.xpi [2021-06-03] FF Extension: (Foxy Hot Air Balloons) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{e0bc4994-3e2e-4c91-826f-91b331407a16}.xpi [2021-06-06] FF Extension: (firefox art manga) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{f7b25b10-6c98-493a-bda4-038a3b6f480d}.xpi [2021-06-06] FF Extension: (Gradient x Love) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\x5tltkqq.default-release-1579084961408\Extensions\{fbca9f02-f999-4baf-9143-332ec192abfc}.xpi [2021-06-03] FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] Opera: ======= OPR Profile: C:\Users\Betty\AppData\Roaming\Opera Software\Opera Stable [2021-04-21] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-06] (philandro Software GmbH -> philandro Software GmbH) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-03-01] (Malwarebytes Inc -> Malwarebytes) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0375201.inf_amd64_fcb1d03a1587a338\B371320\amdkmdag.sys [80481136 2021-12-27] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Bestand niet getekend] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Bestand niet getekend] R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31136 2021-09-22] (Martin Malik - REALiX -> REALiX(tm)) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-10] (Malwarebytes Inc -> Malwarebytes) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Drie maanden (aangemaakt) (gefilterd) ========= (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2022-03-31 05:05 - 2022-03-31 05:05 - 002365440 _____ (Farbar) C:\Users\Betty\Downloads\FRST64.exe 2022-03-18 07:21 - 2022-03-18 07:22 - 000031358 _____ C:\Users\Betty\Downloads\Addition.txt 2022-03-17 13:52 - 2022-03-31 05:08 - 000013760 _____ C:\Users\Betty\Downloads\FRST.txt 2022-03-17 13:52 - 2022-03-31 05:08 - 000000000 ____D C:\FRST 2022-03-17 11:44 - 2022-03-17 11:44 - 012956160 _____ C:\Users\Betty\Downloads\De Lente is daar by Aafke Stolze.pps 2022-03-11 06:45 - 2022-03-11 06:45 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2022-03-11 06:45 - 2022-03-11 06:45 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-03-11 06:45 - 2022-03-11 06:45 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-03-11 06:44 - 2022-03-11 06:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-03-11 06:44 - 2022-03-11 06:44 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe 2022-03-11 06:38 - 2022-03-11 06:38 - 000000000 ___HD C:\$WinREAgent 2022-02-24 11:16 - 2022-02-24 11:37 - 000000000 ____D C:\Users\Betty\Downloads\PDF DOCUMENTEN 2022-02-11 16:35 - 2022-02-11 16:35 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-02-11 16:35 - 2022-02-11 16:35 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-02-11 07:57 - 2022-03-31 04:51 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-02-01 19:00 - 2022-03-13 05:50 - 000000000 ____D C:\Users\Betty\Documents\LENTE CARLAKE 2022 2022-02-01 19:00 - 2022-02-01 19:00 - 000000000 ____D C:\Users\Betty\Documents\Nieuwe map (2) 2022-01-14 09:25 - 2022-01-14 09:25 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-01-14 09:25 - 2022-01-14 09:25 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-01-10 13:08 - 2022-01-10 13:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2022-01-10 11:44 - 2022-03-01 20:53 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-01-10 11:44 - 2022-03-01 20:53 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-01-10 11:44 - 2022-01-10 11:42 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2022-01-10 11:43 - 2022-01-10 11:42 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2022-01-10 11:42 - 2022-03-01 20:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-01-10 11:41 - 2022-01-10 11:41 - 002910904 _____ (Malwarebytes) C:\Users\Betty\Downloads\MBSetup(1).exe ==================== Drie maanden (gewijzigd) ================== (Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.) 2022-03-31 05:06 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-03-31 05:06 - 2019-08-23 20:39 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Mozilla 2022-03-30 09:50 - 2019-10-14 06:31 - 000000000 ____D C:\Users\Betty\AppData\Roaming\PhoXo 2022-03-30 07:06 - 2020-06-17 08:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-03-30 06:40 - 2021-02-19 08:22 - 000006099 _____ C:\Users\Betty\Desktop\BUTTONS.txt 2022-03-29 09:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-03-29 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-03-29 08:46 - 2020-06-17 08:41 - 001680590 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-03-29 08:46 - 2019-12-07 17:12 - 000748176 _____ C:\WINDOWS\system32\perfh013.dat 2022-03-29 08:46 - 2019-12-07 17:12 - 000146146 _____ C:\WINDOWS\system32\perfc013.dat 2022-03-29 08:46 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2022-03-29 08:39 - 2020-06-17 08:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-03-29 08:39 - 2020-06-17 08:34 - 000008192 ___SH C:\DumpStack.log.tmp 2022-03-29 08:39 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-03-29 08:39 - 2019-10-12 13:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-03-29 08:38 - 2019-09-24 13:08 - 000000000 ____D C:\Users\Betty\AppData\Local\CrashDumps 2022-03-29 05:42 - 2020-06-09 05:47 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-03-27 07:26 - 2019-08-23 18:40 - 000000000 ____D C:\Users\Betty\AppData\Local\D3DSCache 2022-03-27 06:53 - 2019-08-23 17:16 - 000000000 ___RD C:\Users\Betty\OneDrive 2022-03-26 12:58 - 2021-07-17 08:39 - 000011104 _____ C:\Users\Betty\Desktop\VASTE BUTTONS.txt 2022-03-26 11:25 - 2021-12-15 10:59 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3153353569-2753586557-890086162-1001 2022-03-26 11:25 - 2020-06-17 08:37 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3153353569-2753586557-890086162-1001 2022-03-26 11:25 - 2020-06-17 08:23 - 000002381 _____ C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-26 10:01 - 2021-05-17 06:35 - 000000000 ___RD C:\Users\Betty\Documents\BLOG CITATEN 2022-03-25 14:29 - 2020-06-17 08:23 - 000000000 ____D C:\Users\Betty 2022-03-25 11:31 - 2021-10-09 09:17 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-03-25 08:45 - 2021-02-23 08:12 - 000000754 _____ C:\Users\Betty\Desktop\Documenten - Snelkoppeling.lnk 2022-03-25 08:36 - 2021-10-10 08:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-03-25 08:36 - 2019-10-12 14:35 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-03-22 11:28 - 2019-09-24 13:16 - 000022730 _____ C:\Users\Betty\Desktop\UITLEG VOOR BLOG.txt 2022-03-18 12:17 - 2019-09-23 15:11 - 000000000 ____D C:\Users\Betty\AppData\Roaming\TeamViewer 2022-03-17 09:41 - 2019-09-23 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2022-03-15 06:32 - 2019-08-23 22:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-03-14 08:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2022-03-12 10:07 - 2021-04-29 07:59 - 000000000 ____D C:\Users\Betty\Documents\MUZIEK 2022-03-11 09:06 - 2021-04-13 06:41 - 000000000 ____D C:\Users\Betty\Documents\KNIPSELS 2022-03-11 06:50 - 2020-06-17 08:34 - 000442760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-03-11 06:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-03-11 06:50 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing 2022-03-11 06:47 - 2020-11-24 23:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-03-11 06:47 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-03-11 06:44 - 2020-06-17 08:34 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-03-11 06:38 - 2019-09-23 14:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-03-11 06:37 - 2019-09-23 14:35 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-03-09 06:03 - 2020-06-17 08:37 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-03-09 06:03 - 2020-06-17 08:37 - 000003550 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-03-02 03:04 - 2021-05-17 06:35 - 000000000 ____D C:\Users\Betty\Documents\NIAKE 2022-03-01 20:52 - 2019-09-23 17:03 - 000000000 ____D C:\Program Files\Malwarebytes ==================== Bestanden in de root van sommige mappen ======== 2020-06-30 12:03 - 2020-06-30 12:03 - 000007605 _____ () C:\Users\Betty\AppData\Local\Resmon.ResmonCfg ==================== SigCheckExt ========================= 2020-01-11 07:54 - 2020-01-11 07:54 - 000002560 _____ C:\WINDOWS\_MSRSTRT.EXE 2006-10-26 13:45 - 2006-10-26 13:45 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WISPTIS.EXE 2022-03-31 05:05 - 2022-03-31 05:05 - 002365440 _____ (Farbar) C:\Users\Betty\Downloads\FRST64.exe ==================== SigCheck ============================ (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale nl-NL inherit {globalsettings} default {current} resumeobject {60825d80-c5f0-11e9-a716-dbe68970d95b} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.exe description Windows 10 locale nl-NL inherit {bootloadersettings} recoverysequence {60825d83-c5f0-11e9-a716-dbe68970d95b} displaymessageoverride Recovery recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {60825d80-c5f0-11e9-a716-dbe68970d95b} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {60825d83-c5f0-11e9-a716-dbe68970d95b} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{60825d84-c5f0-11e9-a716-dbe68970d95b} path \windows\system32\winload.exe description Windows Recovery Environment locale nl-NL inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{60825d84-c5f0-11e9-a716-dbe68970d95b} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {60825d80-c5f0-11e9-a716-dbe68970d95b} device partition=C: path \WINDOWS\system32\winresume.exe description Windows Resume Application locale nl-NL inherit {resumeloadersettings} recoverysequence {60825d83-c5f0-11e9-a716-dbe68970d95b} recoveryenabled Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Geheugencontrole locale nl-NL inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Local RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {60825d84-c5f0-11e9-a716-dbe68970d95b} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Einde van FRST.txt ========================