Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 24-05-2017 Gestart door van la Parra (24-05-2017 17:06:55) Gestart vanaf C:\Users\van la Parra\Downloads Windows 10 Pro Versie 1703 (X64) (2017-04-27 20:22:40) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-234901561-1536892485-3164044181-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-234901561-1536892485-3164044181-503 - Limited - Disabled) fonsv (S-1-5-21-234901561-1536892485-3164044181-1002 - Administrator - Enabled) => C:\Users\fonsv Gast (S-1-5-21-234901561-1536892485-3164044181-501 - Limited - Disabled) van la Parra (S-1-5-21-234901561-1536892485-3164044181-1001 - Administrator - Enabled) => C:\Users\van la Parra ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: G DATA TOTAL SECURITY (Enabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: G DATA TOTAL SECURITY (Enabled - Up to date) {12A48B7F-CAF7-5864-4246-A92366268238} FW: G DATA Personal Firewall (Enabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) . . . (Version: 2.1.28.3 - Intel) Hidden . . . (x32 Version: 2.6.2.4 - Intel) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden BIOS Tools (HKLM-x32\...\BIOS Tools) (Version: - ) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform) Chrome Token Signing (Version: 1.0.4.464 - RIA) Hidden Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 50.0.0.2 - COMODO) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DigiDoc3 Client (x32 Version: 3.12.6.1481 - RIA) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden eID software (HKLM-x32\...\{63684af1-0d13-44de-b2a7-c63701556371}) (Version: 17.2.0.1693 - RIA) eID software (HKLM-x32\...\{85a05fef-8ada-4890-a40b-f094ef0e8ab3}) (Version: 17.1.1687 - RIA) eID software (HKLM-x32\...\{d545270b-862f-47b0-b963-f3f0ec1a6bc1}) (Version: 3.12.4.1667 - RIA) EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden EstEID Shell Extension (Version: 3.12.6.1481 - RIA) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Firefox PKCS11 Loader (Version: 3.12.0.1068 - RIA) Hidden Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden G DATA TOTAL SECURITY (HKLM-x32\...\G DATA TOTAL SECURITY) (Version: 25.3.0.3 - G DATA Software AG) Google Chrome (HKLM-x32\...\{742D8ED2-E248-3870-AFA1-F7A1166F217C}) (Version: 58.0.3029.110 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Photos Backup (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.27.17 - HP) HP Support Solutions Framework (HKLM-x32\...\{FE8457A5-748D-41ED-A1E6-78CFDC0629D7}) (Version: 12.5.26.37 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden ID-card utility (x32 Version: 3.12.4.1226 - RIA) Hidden IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 53.0.2 (x64 nl) (HKLM\...\Mozilla Firefox 53.0.2 (x64 nl)) (Version: 53.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla) NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Open-EID Metapackage (x32 Version: 17.2.0.1693 - RIA) Hidden Open-EID Uninstaller (x32 Version: 17.2.0.1693 - RIA) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Rapport (x32 Version: 3.5.1804.96 - Trusteer) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Stuurprogrammapakket voor Windows - RIA (Estonian National ID Card) (UMPass) SmartCard (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card)) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust) Trusteer Eindpuntbeveiliging (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.96 - Trusteer) Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) Yahoo Messenger (HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-234901561-1536892485-3164044181-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-234901561-1536892485-3164044181-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\van la Parra\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {02B4DDDB-D223-43D7-B229-BB69E0BF8B79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {15855F49-3B03-4A88-8F64-ABE0FC0CA4F9} - System32\Tasks\van la Parra1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {19FF7BE0-5C9E-4603-8A38-E463C38455D4} - System32\Tasks\van la Parra => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {1E23E8C7-04D0-481A-A7EC-A364596B9581} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd) Task: {2DF45046-DA65-4489-A83D-6FB912A9B83A} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA) Task: {49CB7BDC-9F13-4EC2-854F-955412675FF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001Core => C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.) Task: {57005733-9921-4F06-BC06-1E1B0BB6CC17} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001UA => C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-22] (Google Inc.) Task: {5C1DB8B2-7B2C-40D5-9A30-A194BBAEB833} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {62022AB1-1BB0-4F39-AF9C-482A87C1C104} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {6E6B876B-3A87-45F2-9D12-84D56324B473} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {76908420-55C4-46E9-BEE3-FFC8512EDF7A} - System32\Tasks\van la Parra DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-06-28] (Seagate Technology LLC) Task: {8EEA51C8-9366-438E-8614-E8B5B0FE6351} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {910A0DD6-EF40-433C-A5FB-7F6622652E5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.) Task: {9A382954-540F-4741-B6AE-333EC0E06239} - System32\Tasks\{B3B83DD5-D1FE-4F1C-ACFE-158E1E3B9E9D} => pcalua.exe -a "C:\ProgramData\G Data\Setups\G DATA TOTAL SECURITY\setup.exe" -c /InstallMode=Uninstall /_DoNotShowChange=true Task: {A04405F0-A7A5-45CF-BA4D-FFB6235A981C} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe Task: {A4A12FC7-EADF-4E29-81D9-3026B4CDFDA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {B097B39E-321A-48EA-A30E-9C32B274E447} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {B2C2701A-6049-4F57-B63B-315114BD6CBC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {B2EBB0B2-82ED-454D-8896-848A16419B1D} - System32\Tasks\van la Parra Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {B6DF91A0-1489-4A18-A0BF-20B6E52363B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {D06193CB-AE2D-49EA-A2F4-764104AB95DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {D9275535-B228-43E5-92DB-F1E2814D2ED8} - System32\Tasks\van la Parra1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC) Task: {DF8A6A53-0E77-4B72-8B7B-C1E4582CB08E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC) Task: {F9DE2468-07D6-479B-8918-87F0D3C39160} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Snelkoppelingen ============================= (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2016-12-20 15:39 - 2016-12-20 15:39 - 04295320 _____ () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe 2017-01-10 12:47 - 2017-01-10 12:47 - 00546280 _____ () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-05-09 13:44 - 2017-05-09 13:44 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-05-09 13:44 - 2017-05-09 13:44 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-04-07 17:12 - 2017-04-07 17:12 - 02567168 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.831.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll 2017-04-07 17:12 - 2017-04-07 17:12 - 00138752 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.831.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2017-05-03 14:14 - 2017-05-03 14:14 - 01993176 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: ========================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2015-10-30 09:24 - 2017-05-24 16:29 - 00002084 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 gdpwmgrlocalhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com Er zijn 5 meer regels. ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-234901561-1536892485-3164044181-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\van la Parra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 84.116.46.20 - 84.116.46.21 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == HKLM\...\StartupApproved\Run32: => "DBAgent" HKLM\...\StartupApproved\Run32: => "BCSSync" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-234901561-1536892485-3164044181-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{E5E6CC59-B89A-4EF4-AB53-49E44E3A72C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{BEAE5370-9371-4939-AC34-095416D96CB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3052A9C5-13EB-4F05-B301-0D8D702B7A24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F960FD98-BE64-48D3-B5A8-44B726F153F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{233E3765-B4F2-49DF-8199-F9B9BA9593A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{781786CE-16C2-4AA1-8725-5EB6CB5A8394}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C9990B36-77D4-44C4-A017-976CC5D861E3}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{B20FB7A4-52D0-4175-BBF5-74A59EC4EF58}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{DCFF6DB4-C1E6-4491-AE3E-6A0B4AFA8054}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{BF919EE2-0778-434F-A28E-036414F66EF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{BBD30693-B252-4157-9A5C-2656E118DCEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1C2C49AA-9C5F-406F-A1BC-91AFA63BA764}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EE650CBD-403F-46E6-A5F7-91C2DCC2DE10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{38AB7D3F-97D6-4B40-9519-396C360DE341}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{DB36FE30-C6A9-46BA-8B4A-31DF160B6185}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{A3AA2F90-BB89-4050-BDE5-F54F42DF2FFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{90960E64-9775-436E-A9AB-805D3543DE42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{B52F22A4-2F36-49DF-9492-6BFB632713B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{EB2AF542-247B-41DB-9E27-D60B239E795A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{79E2A8DD-1B58-4D09-AAA1-26DFC8C46ED5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{C2C48EA3-33B5-40AE-818F-4E6C6D34F49D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{5E5CB23D-A257-4763-9269-D63079460D92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{4641CF3E-0D76-4D36-A3E9-1A3F0DA3684F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{017E3C3D-725D-4E81-ABC9-576E68506306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{A5E0BB29-9D89-4B6A-9EA1-D204EEBB2C8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{533D8B7A-8CF1-4DE2-A497-5E9BF6628EE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{C1E0A83A-F5CE-4ACD-97E0-1B38C2ECD8CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{D7903FDB-BC9E-4C8E-968D-988A05B01004}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{5B84C201-F365-4D82-88C3-CD879030A036}] => (Allow) LPort=8888 FirewallRules: [{3B32447D-4B4B-4A65-9543-1575BE107D9C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8342C7BC-98F3-4C10-8158-F876B25BBA5D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Herstelpunten ========================= 20-05-2017 04:27:35 Gepland controlepunt 23-05-2017 20:22:20 Windows Update ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (05/24/2017 04:33:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 10:51:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge is mislukt door de fout -2144927141. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 10:42:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 10:41:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: MicrosoftEdgeCP.exe, versie: 11.0.15063.0, tijdstempel: 0x58ccbae4 Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc0000409 Foutmarge: 0x00000000000001d2 Id van proces met fout: 0xbac Starttijd van toepassing met fout: 0x01d2d404d9032007 Pad naar toepassing met fout: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Pad naar module met fout: unknown Rapport-id: 54e4cbea-88cd-44ca-8bbc-bcdafa66b9f2 Volledige pakketnaam met fout: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Relatieve toepassings-id van pakket met fout: BCHost Error: (05/23/2017 10:28:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 10:15:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 09:40:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 09:33:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 09:10:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2147023170. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (05/23/2017 08:53:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-MBM4LER) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2147023170. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Systeemfouten: ============= Error: (05/24/2017 04:48:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80073d02: Mail and Calendar. Error: (05/24/2017 04:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De RapportIaso-service kan vanwege de volgende fout niet worden gestart: {Toepassingsfout} Kan de toepassing niet juist starten (0x%lx). Klik op OK om de toepassing te sluiten. Error: (05/24/2017 04:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De RapportIaso-service kan vanwege de volgende fout niet worden gestart: {Toepassingsfout} Kan de toepassing niet juist starten (0x%lx). Klik op OK om de toepassing te sluiten. Error: (05/24/2017 04:36:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De Software Protection-service is bij het starten vastgelopen. Error: (05/24/2017 04:33:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server Microsoft.ZuneVideo_10.17032.10341.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (05/24/2017 04:29:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De Windows Media Player Network Sharing Service-service is gestopt met de volgende foutcode: Er is geprobeerd te verwijzen naar een token dat niet bestaat. . Error: (05/24/2017 04:29:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: De aanvraag wordt niet ondersteund. Error: (05/24/2017 04:29:23 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Deze computer is geconfigureerd als lid van een werkgroep, niet als lid van een domein. De NetLogon-service hoeft niet te worden gestart in deze configuratie. Error: (05/24/2017 04:29:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: De vorige afsluiting van het systeem om 22:55:25 op ‎23-‎5-‎2017 is onverwacht gebeurd. Error: (05/23/2017 11:03:46 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MBM4LER) Description: De server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. CodeIntegrity: =================================== Date: 2017-05-23 11:36:53.774 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-22 07:25:51.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-20 23:25:11.269 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-16 15:45:24.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-15 16:36:22.983 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-13 18:49:28.814 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-13 13:27:04.752 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-11 10:41:37.214 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-10 15:50:37.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-09 16:22:34.116 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Geheugen info =========================== Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz Percentage geheugen in gebruik: 71% Totaal fysiek RAM-geheugen: 3318.49 MB Beschikbaar fysiek RAM-geheugen: 959.75 MB Totaal Virtueel geheugen: 6390.49 MB Beschikbaar Virtual geheugen: 2580.61 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:259.7 GB) (Free:210.68 GB) NTFS Drive d: (Data) (Fixed) (Total:205.13 GB) (Free:148.36 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8850571F) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=259.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449 MB) - (Type=27) Partition 4: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS) ==================== Eind van Addition.txt ============================