Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 06-05-2017 Gestart door van la Parra (06-05-2017 21:18:09) Gestart vanaf C:\Users\van la Parra\Downloads Windows 10 Pro Versie 1703 (X64) (2017-04-27 20:22:40) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-234901561-1536892485-3164044181-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-234901561-1536892485-3164044181-503 - Limited - Disabled) Gast (S-1-5-21-234901561-1536892485-3164044181-501 - Limited - Disabled) van la Parra (S-1-5-21-234901561-1536892485-3164044181-1001 - Administrator - Enabled) => C:\Users\van la Parra ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: G DATA TOTAL SECURITY (Enabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: G DATA TOTAL SECURITY (Enabled - Up to date) {12A48B7F-CAF7-5864-4246-A92366268238} FW: G DATA Personal Firewall (Enabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) . . . (Version: 2.1.28.3 - Intel) Hidden . . . (x32 Version: 2.6.2.4 - Intel) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BIOS Tools (HKLM-x32\...\BIOS Tools) (Version: - ) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform) Chrome Token Signing (Version: 1.0.4.464 - RIA) Hidden Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 50.0.0.2 - COMODO) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DigiDoc3 Client (x32 Version: 3.12.6.1481 - RIA) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden eID software (HKLM-x32\...\{63684af1-0d13-44de-b2a7-c63701556371}) (Version: 17.2.0.1693 - RIA) eID software (HKLM-x32\...\{85a05fef-8ada-4890-a40b-f094ef0e8ab3}) (Version: 17.1.1687 - RIA) eID software (HKLM-x32\...\{d545270b-862f-47b0-b963-f3f0ec1a6bc1}) (Version: 3.12.4.1667 - RIA) EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden EstEID Shell Extension (Version: 3.12.6.1481 - RIA) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Firefox PKCS11 Loader (Version: 3.12.0.1068 - RIA) Hidden Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden G DATA TOTAL SECURITY (HKLM-x32\...\G DATA TOTAL SECURITY) (Version: 25.3.0.3 - G DATA Software AG) Google Chrome (HKLM-x32\...\{742D8ED2-E248-3870-AFA1-F7A1166F217C}) (Version: 58.0.3029.96 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Photos Backup (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.27.17 - HP) HP Support Solutions Framework (HKLM-x32\...\{FE8457A5-748D-41ED-A1E6-78CFDC0629D7}) (Version: 12.5.26.37 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden ID-card utility (x32 Version: 3.12.4.1226 - RIA) Hidden IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 53.0.2 (x64 nl) (HKLM\...\Mozilla Firefox 53.0.2 (x64 nl)) (Version: 53.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla) NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Open-EID Metapackage (x32 Version: 17.2.0.1693 - RIA) Hidden Open-EID Uninstaller (x32 Version: 17.2.0.1693 - RIA) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Rapport (x32 Version: 3.5.1804.96 - Trusteer) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Stuurprogrammapakket voor Windows - RIA (Estonian National ID Card) (UMPass) SmartCard (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card)) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust) Trusteer Eindpuntbeveiliging (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.96 - Trusteer) Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) Yahoo Messenger (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-234901561-1536892485-3164044181-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-234901561-1536892485-3164044181-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {02B4DDDB-D223-43D7-B229-BB69E0BF8B79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {15855F49-3B03-4A88-8F64-ABE0FC0CA4F9} - System32\Tasks\van la Parra1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {19FF7BE0-5C9E-4603-8A38-E463C38455D4} - System32\Tasks\van la Parra => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {2DF45046-DA65-4489-A83D-6FB912A9B83A} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA) Task: {49CB7BDC-9F13-4EC2-854F-955412675FF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001Core => C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.) Task: {4C0BC131-02F6-4526-9A0D-8641279F079D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd) Task: {57005733-9921-4F06-BC06-1E1B0BB6CC17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001UA => C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.) Task: {5C1DB8B2-7B2C-40D5-9A30-A194BBAEB833} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {62022AB1-1BB0-4F39-AF9C-482A87C1C104} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {6E6B876B-3A87-45F2-9D12-84D56324B473} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {76908420-55C4-46E9-BEE3-FFC8512EDF7A} - System32\Tasks\van la Parra DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-06-28] (Seagate Technology LLC) Task: {8EEA51C8-9366-438E-8614-E8B5B0FE6351} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {910A0DD6-EF40-433C-A5FB-7F6622652E5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.) Task: {9A382954-540F-4741-B6AE-333EC0E06239} - System32\Tasks\{B3B83DD5-D1FE-4F1C-ACFE-158E1E3B9E9D} => pcalua.exe -a "C:\ProgramData\G Data\Setups\G DATA TOTAL SECURITY\setup.exe" -c /InstallMode=Uninstall /_DoNotShowChange=true Task: {A04405F0-A7A5-45CF-BA4D-FFB6235A981C} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe Task: {A4A12FC7-EADF-4E29-81D9-3026B4CDFDA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {B097B39E-321A-48EA-A30E-9C32B274E447} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {B2C2701A-6049-4F57-B63B-315114BD6CBC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {B2EBB0B2-82ED-454D-8896-848A16419B1D} - System32\Tasks\van la Parra Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {B6DF91A0-1489-4A18-A0BF-20B6E52363B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {D06193CB-AE2D-49EA-A2F4-764104AB95DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {D9275535-B228-43E5-92DB-F1E2814D2ED8} - System32\Tasks\van la Parra1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {DF8A6A53-0E77-4B72-8B7B-C1E4582CB08E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC) Task: {F9DE2468-07D6-479B-8918-87F0D3C39160} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Snelkoppelingen ============================= (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2016-12-20 15:39 - 2016-12-20 15:39 - 04295320 _____ () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe 2017-01-10 12:47 - 2017-01-10 12:47 - 00546280 _____ () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-05-01 17:02 - 2017-05-01 17:03 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-05-01 17:02 - 2017-05-01 17:03 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-05-01 17:02 - 2017-05-01 17:03 - 43012096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-05-01 17:02 - 2017-05-01 17:03 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\skypert.dll 2017-05-01 17:02 - 2017-05-01 17:03 - 00135680 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll 2017-04-11 00:57 - 2017-04-11 00:57 - 00073728 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: ========================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2015-10-30 09:24 - 2017-05-05 21:42 - 00002084 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 gdpwmgrlocalhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com Er zijn 5 meer regels. ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-234901561-1536892485-3164044181-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\van la Parra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 84.116.46.20 - 84.116.46.21 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == HKLM\...\StartupApproved\Run32: => "DBAgent" HKLM\...\StartupApproved\Run32: => "BCSSync" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{E5E6CC59-B89A-4EF4-AB53-49E44E3A72C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{BEAE5370-9371-4939-AC34-095416D96CB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3052A9C5-13EB-4F05-B301-0D8D702B7A24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F960FD98-BE64-48D3-B5A8-44B726F153F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{233E3765-B4F2-49DF-8199-F9B9BA9593A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{781786CE-16C2-4AA1-8725-5EB6CB5A8394}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C9990B36-77D4-44C4-A017-976CC5D861E3}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{B20FB7A4-52D0-4175-BBF5-74A59EC4EF58}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{DCFF6DB4-C1E6-4491-AE3E-6A0B4AFA8054}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{BF919EE2-0778-434F-A28E-036414F66EF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{BBD30693-B252-4157-9A5C-2656E118DCEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1C2C49AA-9C5F-406F-A1BC-91AFA63BA764}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EE650CBD-403F-46E6-A5F7-91C2DCC2DE10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{38AB7D3F-97D6-4B40-9519-396C360DE341}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{DB36FE30-C6A9-46BA-8B4A-31DF160B6185}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A3AA2F90-BB89-4050-BDE5-F54F42DF2FFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{90960E64-9775-436E-A9AB-805D3543DE42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{B52F22A4-2F36-49DF-9492-6BFB632713B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{EB2AF542-247B-41DB-9E27-D60B239E795A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{79E2A8DD-1B58-4D09-AAA1-26DFC8C46ED5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{C2C48EA3-33B5-40AE-818F-4E6C6D34F49D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{5E5CB23D-A257-4763-9269-D63079460D92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{4641CF3E-0D76-4D36-A3E9-1A3F0DA3684F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{017E3C3D-725D-4E81-ABC9-576E68506306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{A5E0BB29-9D89-4B6A-9EA1-D204EEBB2C8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{533D8B7A-8CF1-4DE2-A497-5E9BF6628EE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{C1E0A83A-F5CE-4ACD-97E0-1B38C2ECD8CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{D7903FDB-BC9E-4C8E-968D-988A05B01004}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{5B84C201-F365-4D82-88C3-CD879030A036}] => (Allow) LPort=8888 FirewallRules: [{8432EA2B-E71E-47E3-AEC1-9394FA3A6312}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Herstelpunten ========================= 05-05-2017 11:29:02 Gepland controlepunt ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (05/06/2017 03:20:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 03:05:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 02:50:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 02:33:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 02:20:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 02:05:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/06/2017 01:47:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/05/2017 09:15:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: DllHost.exe, versie: 10.0.15063.0, tijdstempel: 0x4f42de92 Naam van module met fout: webplatstorageserver.dll, versie: 10.0.15063.250, tijdstempel: 0x66d8743a Uitzonderingscode: 0xc0000005 Foutmarge: 0x000000000000f00e Id van proces met fout: 0x1d84 Starttijd van toepassing met fout: 0x01d2c5d34bddcfc4 Pad naar toepassing met fout: C:\WINDOWS\system32\DllHost.exe Pad naar module met fout: C:\WINDOWS\system32\webplatstorageserver.dll Rapport-id: 2b290347-d517-450d-824c-5a5274309a88 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (05/05/2017 09:15:14 PM) (Source: ESENT) (EventID: 902) (User: ) Description: DllHost (7556) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: De database-engine heeft meerdere threads gevonden die dezelfde databasesessie op een ongeldige manier gebruiken om databasebewerkingen uit te voeren. Id van sessie: 0x000001BDECD7BE20 Context van sessie: 0x000001BDE904DF30 Thread-id van sessiecontext: 0x0000000000001D98 Huidige thread-id: 0x0000000000001DA8 Sessiespoor: Error: (05/05/2017 09:15:14 PM) (Source: ESENT) (EventID: 902) (User: ) Description: DllHost (7556) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: De database-engine heeft meerdere threads gevonden die dezelfde databasesessie op een ongeldige manier gebruiken om databasebewerkingen uit te voeren. Id van sessie: 0x000001BDECD7BE20 Context van sessie: 0x000001BDE904DF30 Thread-id van sessiecontext: 0x0000000000001D98 Huidige thread-id: 0x0000000000001D98 Sessiespoor: Systeemfouten: ============= Error: (05/06/2017 04:29:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De RapportIaso-service kan vanwege de volgende fout niet worden gestart: {Toepassingsfout} Kan de toepassing niet juist starten (0x%lx). Klik op OK om de toepassing te sluiten. Error: (05/06/2017 03:20:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 03:05:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 02:50:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 02:33:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 02:20:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 02:05:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/06/2017 01:47:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/05/2017 09:50:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De RapportIaso-service kan vanwege de volgende fout niet worden gestart: {Toepassingsfout} Kan de toepassing niet juist starten (0x%lx). Klik op OK om de toepassing te sluiten. Error: (05/05/2017 09:49:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De RapportIaso-service kan vanwege de volgende fout niet worden gestart: {Toepassingsfout} Kan de toepassing niet juist starten (0x%lx). Klik op OK om de toepassing te sluiten. CodeIntegrity: =================================== Date: 2017-04-29 03:44:08.223 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Geheugen info =========================== Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz Percentage geheugen in gebruik: 57% Totaal fysiek RAM-geheugen: 3318.49 MB Beschikbaar fysiek RAM-geheugen: 1417.77 MB Totaal Virtueel geheugen: 6006.49 MB Beschikbaar Virtual geheugen: 3531.96 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:259.7 GB) (Free:202.19 GB) NTFS Drive d: (Data) (Fixed) (Total:205.13 GB) (Free:148.36 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8850571F) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=259.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449 MB) - (Type=27) Partition 4: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS) ==================== Eind van Addition.txt ============================