Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 21-08-2016 01 Gestart door Mundus-Warnants (25-08-2016 20:41:08) Gestart vanaf C:\Users\Mundus-Warnants\Downloads Windows 10 Home Versie 1511 (X64) (2016-08-07 15:57:55) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4072826414-3349863421-1491101827-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4072826414-3349863421-1491101827-503 - Limited - Disabled) Gast (S-1-5-21-4072826414-3349863421-1491101827-501 - Limited - Disabled) Mundus-Warnants (S-1-5-21-4072826414-3349863421-1491101827-1003 - Administrator - Enabled) => C:\Users\Mundus-Warnants ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: BullGuard Antivirus (Disabled - Out of date) {EDBB5818-2352-E06B-028A-4E6873B92CC5} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Antivirus en antispyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: BullGuard Antispyware (Disabled - Out of date) {56DAB9FC-0568-EFE5-383A-751A083E6678} AS: McAfee Antivirus en antispyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) Adobe Creative Suite 3 Design Premium toevoegen of verwijderen (HKLM-x32\...\Adobe_4f447996d55a2562c006714721fae31) (Version: 1.0 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.) Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.) AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6139 - CDBurnerXP) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PhotoDirector 5 (Version: 5.0.5.6602 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (Version: 12.0.4118.0 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.4510 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.4510 - CyberLink Corp.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.159 - McAfee, Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.876.867.092115 - REALTEK Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0277 - REALTEK Semiconductor Corp.) Unity Web Player (HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft) Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft) UpdateAssistant (x32 Version: 1.1.0.0 - Microsoft Corporation) Hidden ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-4072826414-3349863421-1491101827-1003_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mundus-Warnants\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {0C49D5C7-4676-4A36-982B-AD12FD32F4E9} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {25D46AEE-8A40-44AD-868C-AAABEC584DC1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-06-29] (McAfee, Inc.) Task: {496D2AB2-7B68-47AD-BE1F-F60A3B92E366} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-04-30] (McAfee, Inc.) Task: {5905946F-860A-4F8F-BC1A-0A3B6EED29D5} - System32\Tasks\{864A6C83-5130-4754-AFB1-D7E97C63FA50} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zaamtex\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zaamtex\uninstall.dat" -a uninstallme 154B3DE1-C703-42F0-8233-91C3141DC6B8 DeviceId=9aade42e-75d2-55d1-a1a6-891779cb5ae6 BarcodeId=51107004 ChannelId=4 DistributerName=APSFClickMeIn Task: {65CEE6C8-BA83-49D6-92C7-E24AF99657C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.) Task: {6B14671A-C327-45AD-BFCC-AED10B1FBBD8} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2016-08-24] (BullGuard Ltd.) Task: {991EBFF8-7632-4DAE-89A5-3BE101441CE2} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT Task: {A102A18F-8BCC-4CEF-95AC-3958A307A8E5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2016-06-21] (Microsoft Corporation) Task: {B1A15A7B-2480-4250-A4B1-8993BD1CEF01} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-08-27] (CyberLink Corp.) Task: {BA7883B9-3EDD-4453-87DC-F72674F2FDCC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Mundus-Warnants\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-24] (Microsoft Corporation) Task: {E50E083F-06B1-46CB-A7F8-F131FC3D485D} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {F283BE5D-D45B-40BF-8495-978B9F2DB038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT ==================== Snelkoppelingen ============================= (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) WMI_ActiveScriptEventConsumer_ASEC: <===== AANDACHT ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Mundus-Warnants\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc ==================== Geladen Modules (gefilterd) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll 2016-08-24 19:32 - 2016-08-24 19:32 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll 2015-11-18 08:04 - 2015-07-20 20:19 - 00121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2015-05-19 10:11 - 2015-05-19 10:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2015-11-18 07:49 - 2014-12-12 18:24 - 00044760 _____ () C:\Windows\runSW.exe 2015-11-17 11:51 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-08-07 16:47 - 2016-08-07 16:47 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-24 18:47 - 2016-08-24 18:47 - 01864384 _____ () C:\Users\Mundus-Warnants\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-08-07 17:34 - 2016-08-07 17:34 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-15 16:31 - 2016-07-15 16:31 - 00402520 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-04-27 07:08 - 2016-04-27 07:08 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-08-07 16:47 - 2016-08-07 16:47 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-08-24 18:55 - 2016-08-03 00:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-24 18:55 - 2016-08-03 00:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2015-11-18 08:04 - 2014-07-03 10:22 - 00277720 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe 2016-08-24 19:32 - 2016-08-24 19:32 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll 2015-07-22 01:18 - 2015-07-22 01:18 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-08-07 17:34 - 2016-08-07 17:34 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-08-07 17:34 - 2016-08-07 17:35 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-08-24 18:47 - 2016-08-24 18:47 - 01383616 _____ () C:\Users\Mundus-Warnants\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-24 18:47 - 2016-08-24 18:47 - 00118976 _____ () C:\Users\Mundus-Warnants\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2015-11-17 11:50 - 2014-12-08 08:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2014-12-08 16:28 - 2014-12-08 16:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: ========================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2015-07-10 12:04 - 2016-07-15 16:21 - 00001188 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Mundus-Warnants\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_2115.jpg DNS Servers: 195.130.131.3 - 195.130.130.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\...\StartupApproved\Run32: => "EYAN" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\...\StartupApproved\Run: => "QGuan10in1" HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\...\StartupApproved\Run: => "QGuan10in12" HKU\S-1-5-21-4072826414-3349863421-1491101827-1003\...\StartupApproved\Run: => "svchost0" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FE9EAD6F-4CA8-497A-A9AA-673BA0389B6C}] => (Allow) LPort=1688 FirewallRules: [{80472134-9F00-4E01-9845-C5CF0A2B92A4}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{2F4C8978-22B5-43AD-9C62-1AC7BFC6E1A2}] => (Allow) C:\Users\Mundus-Warnants\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{900D3860-78FD-4EB7-989A-541896970A76}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{D05CC054-6A35-4374-95A3-0D2A6500058E}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{184113B6-287D-4D1C-8B56-A17016C76865}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{8410554B-4089-4A79-A4B9-5C1C3B99FF87}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{35F151E7-2F09-430E-A45C-9ED27C541641}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{523214BD-8508-419A-B424-0C5A16575157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{B5112BBA-F6F5-4EE1-98D8-D3EE5482A636}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{F95966C8-811B-4924-B1DC-34C0D64BBABF}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{41716130-9944-4265-8ACD-343906906F48}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{A2ED3715-8B5F-4B2D-88FE-CCC1F881917D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7D59C18E-2B0E-4849-B6ED-1377EA04BEB5}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe ==================== Herstelpunten ========================= AANDACHT: Systeemherstel is uitgeschakeld ==================== Defecte Apparaatbeheer Apparaten ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (08/24/2016 10:38:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 10:38:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 08:49:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 08:49:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 07:31:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: McSvHost.exe, versie: 6.0.147.0, tijdstempel: 0x57739326 Naam van module met fout: HOMENE~2.DLL, versie: 9.0.148.0, tijdstempel: 0x57612019 Uitzonderingscode: 0xc0000005 Foutmarge: 0x000000000016ef7e Id van proces met fout: 0x1220 Starttijd van toepassing met fout: 0xMcSvHost.exe0 Pad naar toepassing met fout: McSvHost.exe1 Pad naar module met fout: McSvHost.exe2 Rapport-id: McSvHost.exe3 Volledige pakketnaam met fout: McSvHost.exe4 Relatieve toepassings-id van pakket met fout: McSvHost.exe5 Error: (08/24/2016 07:31:19 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 07:31:19 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 07:30:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 07:30:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Error: (08/24/2016 07:25:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Kan activeringscontext voor 'PDR.X,type="win32",version="1.0.0.0"1' niet maken. Kan afhankelijke assembly PDR.X,type="win32",version="1.0.0.0" niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose. Systeemfouten: ============= Error: (08/25/2016 08:31:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De ziphost-service is gestopt met de volgende foutcode: %%126 = Kan opgegeven module niet vinden.. Error: (08/25/2016 08:31:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De KuaizipUpdateChecker-service is gestopt met de volgende foutcode: %%126 = Kan opgegeven module niet vinden.. Error: (08/24/2016 11:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De User Data Access_ba0b1-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (08/24/2016 11:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De User Data Storage_ba0b1-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (08/24/2016 11:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De Contact Data_ba0b1-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (08/24/2016 11:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De Host synchroniseren_ba0b1-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (08/24/2016 10:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De ziphost-service is gestopt met de volgende foutcode: %%126 = Kan opgegeven module niet vinden.. Error: (08/24/2016 10:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De KuaizipUpdateChecker-service is gestopt met de volgende foutcode: %%126 = Kan opgegeven module niet vinden.. Error: (08/24/2016 10:39:42 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Taken bij opstarten van service kunnen niet door Task Scheduler worden geladen. Bijkomende gegevens: foutwaarde: 2147942402. Error: (08/24/2016 10:39:42 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Taken bij opstarten van service kunnen niet door Task Scheduler worden geladen. Bijkomende gegevens: foutwaarde: 2147942402. CodeIntegrity: =================================== Date: 2016-08-24 22:39:56.897 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 21:27:14.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 19:34:42.922 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-24 19:30:33.822 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:33.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:31.501 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:31.487 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:30.711 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:30.699 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-24 19:30:29.120 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Percentage geheugen in gebruik: 40% Totaal fysiek RAM-geheugen: 8107.52 MB Beschikbaar fysiek RAM-geheugen: 4864.39 MB Totaal Virtueel geheugen: 10027.52 MB Beschikbaar Virtual geheugen: 6806.53 MB ==================== Schijven ================================ Drive c: (Boot) (Fixed) (Total:117.64 GB) (Free:48.72 GB) NTFS Drive d: (Data) (Fixed) (Total:1803 GB) (Free:1802.77 GB) NTFS Drive e: (Recover) (Fixed) (Total:60.02 GB) (Free:38.79 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: 8F00F597) Partition: GPT. ==================== Eind van Addition.txt ============================