Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 02-07-2017 Gestart door Gerda (03-07-2017 13:47:23) Gestart vanaf F:\downloads Windows 10 Pro Versie 1607 (X64) (2017-04-01 14:07:10) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-689821697-2636345003-3369014256-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-689821697-2636345003-3369014256-503 - Limited - Disabled) Gast (S-1-5-21-689821697-2636345003-3369014256-501 - Limited - Disabled) Gerda (S-1-5-21-689821697-2636345003-3369014256-1000 - Administrator - Enabled) => C:\Users\Gerda HomeGroupUser$ (S-1-5-21-689821697-2636345003-3369014256-1002 - Limited - Enabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.) Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DllKit Pro 2017 (HKLM\...\DllKit Pro 2017) (Version: - ) FileZilla Client 3.25.2 (HKLM-x32\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.138 - IObit) IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Macromedia Dreamweaver 4 (HKLM-x32\...\{ABDA9912-5D00-11D4-BAE7-9367CA097955}) (Version: 4.0 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.2 - Macromedia) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-689821697-2636345003-3369014256-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 54.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 nl)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 nl)) (Version: 45.8.0 - Mozilla) Offline Rekening Overzicht (HKLM-x32\...\{80D2DAFC-A65D-4317-8A75-15286181EC23}) (Version: 1.0.2.0 - J.J.F. Verhaag) Quick View Plus (HKLM-x32\...\QVP) (Version: - ) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer) TomTom MyDrive Connect 4.1.5.3181 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.5.3181 - TomTom) VBA (3821h) (HKLM-x32\...\{5D312C74-93CA-4B79-BEBB-95D3982379E1}) (Version: 6.02.00.8919 - Microsoft Corporation) Hidden Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com) WordPerfect Office 2002 (HKLM-x32\...\{A0B295C3-FD3C-11D4-A811-0090279106C3}) (Version: 10 - Corel) Hidden ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Geen bestand CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-689821697-2636345003-3369014256-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Geen bestand ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit) ContextMenuHandlers01: [QuickViewPlusMenu] -> {F0F08737-0C36-101B-B086-0020AF07D0F4} => -> Geen bestand ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Geen bestand ContextMenuHandlers02: [QuickFinderMenu] -> {C0E10002-0028-0003-C0E1-C0E1C0E1C0E1} => -> Geen bestand ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Geen bestand ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit) ContextMenuHandlers04: [QuickFinderMenu] -> {C0E10002-0028-0003-C0E1-C0E1C0E1C0E1} => -> Geen bestand ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-12-23] (IObit) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {0169CE18-2D79-4124-858A-37903611A6F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {057B2FB1-9EA1-4005-8272-1470D33302A0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0617E996-5A7B-4C22-9E97-D200FC9B9619} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {131172F5-EE9D-4A1C-8653-4C6A7C7022FB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {186FD517-313A-4A35-93D2-D75BD38D2147} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1C7EBF60-D1A6-4785-BB0F-FA2AB1A52EC7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {26751375-8B5C-40ED-B4B0-C00CE04F26FF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {2707C706-789F-4E19-A6B6-3B8222153EC1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {362A16F5-A2B1-403B-9B46-47E9BA4B05E3} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== AANDACHT Task: {4197B3A2-2560-40D9-AE65-0EA9C8D958B9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {440A9493-6074-403E-8831-66CC05F7AAC3} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {49BA874D-415E-4D0D-9FC4-32E0236483A8} - System32\Tasks\ASC9_SkipUac_Gerda => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe Task: {515F8658-AC88-4118-B722-D4D03EA81F0A} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== AANDACHT Task: {5477A3CB-DD03-4B18-9A6E-44311BC79176} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe Task: {609D00D8-DA9E-493F-A612-DFBC58AD5166} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6CCD6BBB-2F7B-4DC8-8EA6-24D3207EBE48} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7506A428-4FAB-457C-B601-314AF6D2B684} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7DBDE95F-B44B-4F0A-BF96-14B5E6A445E3} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe Task: {81B53269-1F28-498A-9110-DDCF9F9FB4A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-03] (Google Inc.) Task: {837D1669-5291-4B78-BA7B-C76379E6F1DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {83C0901C-AD25-438B-896D-969AE80154D5} - \Microsoft\Windows\Setup\EOSNotify -> Geen bestand <==== AANDACHT Task: {894A1E63-3268-4CBB-97CB-8C994ACE8614} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8A778B6C-25A2-43E7-984A-FCB5C39E075B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {973F4594-8154-418F-A0AD-35A7C7E01878} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Gerda logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2014-05-30] (Auslogics) Task: {AAA9617D-3707-437C-AB01-AA393778AF44} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B3F4B2D2-B3C9-4437-AB76-C9F3E8241A83} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BB62B0FF-91E8-4EA3-85CA-FE40FD27BDBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-03] (Google Inc.) Task: {CFDDAE26-0D5B-4D91-86DD-26ED42EB33CC} - System32\Tasks\Uninstaller_SkipUac_Gerda => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit) Task: {D4B4BF1B-4B08-4921-92C6-43560267F441} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {DF5DBBCE-24C0-4AAF-8596-682A5743F492} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F9601795-4DA4-4FF9-AF57-871CE3D42E20} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FDC2AE3B-503F-424B-AC48-D801123C0271} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Gerda.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gerda.job => ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-06-14 18:59 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-04-02 18:13 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-04-02 18:27 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-04-02 18:12 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-04-02 18:12 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-04-02 18:28 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-06-14 18:59 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-06-14 18:59 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-04-02 20:31 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2017-04-02 20:31 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-04-02 20:31 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-04-02 20:31 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: ========================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2009-07-14 04:34 - 2017-06-22 21:55 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Er zijn 4 meer regels. ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-689821697-2636345003-3369014256-1000\Control Panel\Desktop\\Wallpaper -> E:\a-Gerda\puertedelaselva.JPG DNS Servers: 192.168.2.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{5347B0E5-F505-4E01-9386-698661177469}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BFD82C53-CD99-4181-97FA-AFBBF5ECC859}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B4B42CF4-254A-499D-9932-DBFFD7B17717}] => (Allow) D:\Office14\ONENOTE.EXE FirewallRules: [{B2A55DE4-3986-4057-BB86-B0F315B4427D}] => (Allow) D:\Office14\ONENOTE.EXE FirewallRules: [{48EBA1F6-7BC8-4DEC-B34D-54E0010B9607}] => (Allow) D:\Office14\outlook.exe FirewallRules: [TCP Query User{D26796DB-CB24-428B-A7ED-676F985BC4EB}D:\wordperfect10\register\navbrowser.exe] => (Allow) D:\wordperfect10\register\navbrowser.exe FirewallRules: [UDP Query User{9F96323B-95A3-4025-856D-806DEDE050CD}D:\wordperfect10\register\navbrowser.exe] => (Allow) D:\wordperfect10\register\navbrowser.exe FirewallRules: [{FD1A8E49-C412-42A4-A1BE-A1C9A296EA65}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{E3EF847B-967D-4C30-890B-2E0BF35C5D2A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{366260B6-1E4F-4DF2-BBA6-FCFB3BE2252D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{A07953DC-EC7C-4B5F-BC04-EA91E6669D02}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{0E6EE8FE-5299-4BA0-BEA2-04A0B2A94E25}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C0EFDAEA-DF3F-4B74-99C2-5CD583C2EEBD}] => (Allow) C:\Users\Gerda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{1AEE7985-37F1-4A21-A831-D91221C8A78C}] => (Allow) LPort=2869 FirewallRules: [{64CAF29A-805F-4207-9BB5-E7413B30D6E4}] => (Allow) LPort=1900 ==================== Herstelpunten ========================= 14-06-2017 23:05:52 Windows Update 22-06-2017 18:39:30 Geïnstalleerd: Progress+ 3 30-06-2017 09:32:06 Gepland controlepunt 30-06-2017 15:23:57 handmatig 30-06-2017 15:25:08 Herstelbewerking 01-07-2017 13:11:41 WLSetup 01-07-2017 13:29:41 WLSetup 01-07-2017 14:45:15 WLSetup 02-07-2017 11:33:51 Herstelbewerking 02-07-2017 12:00:18 handmatig ==================== Defecte Apparaatbeheer Apparaten ============= Name: Base System-apparaat Description: Base System-apparaat Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System-apparaat Description: Base System-apparaat Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (07/02/2017 07:32:20 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: De back-up is niet voltooid vanwege een fout bij schrijven naar de back-uplocatie N:\. De fout is: De back-uplocatie is niet gevonden of is niet geldig. Controleer de back-upinstellingen en de back-uplocatie. (0x81000006). Error: (07/02/2017 12:09:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: microsoftedgecp.exe, versie: 11.0.14393.953, tijdstempel: 0x58ba5911 Naam van module met fout: edgehtml.dll, versie: 11.0.14393.1358, tijdstempel: 0x59327ee0 Uitzonderingscode: 0xc0000602 Foutmarge: 0x00000000002dd5eb Id van proces met fout: 0x155c Starttijd van toepassing met fout: 0x01d2f31b27e9572d Pad naar toepassing met fout: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Pad naar module met fout: C:\WINDOWS\SYSTEM32\edgehtml.dll Rapport-id: 324218f8-810f-4f71-b819-b8543bdfab3c Volledige pakketnaam met fout: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe Relatieve toepassings-id van pakket met fout: MicrosoftEdge Error: (07/02/2017 12:00:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Toegang geweigerd. . Error: (07/02/2017 11:56:41 AM) (Source: System Restore) (EventID: 8210) (User: ) Description: Er is tijdens Systeemherstel een onbekende fout opgetreden: (handmatig). Aanvullende gegevens: 0x80070091. Error: (07/02/2017 11:34:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Toegang geweigerd. . Error: (07/01/2017 05:08:10 PM) (Source: SignInAssistant) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/01/2017 05:04:55 PM) (Source: SignInAssistant) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/01/2017 04:59:18 PM) (Source: SignInAssistant) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/01/2017 04:12:15 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/01/2017 04:12:15 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Inventarisatie van gebruikerssessies om filtergroepen te maken is mislukt. Details: (HRESULT : 0x80040210) (0x80040210) Systeemfouten: ============= Error: (07/03/2017 01:45:57 PM) (Source: DCOM) (EventID: 10010) (User: Gerda-PC_Tosh) Description: De server {21F282D1-A881-49E1-9A3A-26E44E39B86C} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (07/03/2017 11:14:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (07/02/2017 07:23:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (07/02/2017 01:30:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (07/02/2017 11:56:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (07/02/2017 11:56:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De rtop-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (07/02/2017 11:56:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De SecDrv-service kan vanwege de volgende fout niet worden gestart: Het laden van het stuurprogramma wordt geblokkeerd Error: (07/02/2017 11:56:12 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS Error: (07/02/2017 11:56:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De ByteFenceService-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (07/02/2017 11:56:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De NcaSvc-service is afhankelijk van de iphlpsvc-service, die vanwege de volgende fout niet kan worden gestart: Kan de service niet starten omdat deze is uitgeschakeld of omdat het geen ingeschakelde apparaten met zich heeft verbonden. CodeIntegrity: =================================== Date: 2017-07-02 19:41:00.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-01 16:27:59.158 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-30 16:50:10.586 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-29 16:04:39.837 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-25 14:40:12.434 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-22 19:14:00.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-20 20:09:52.419 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-11 21:04:08.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-29 10:59:29.507 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-27 16:50:21.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Geheugen info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage geheugen in gebruik: 36% Totaal fysiek RAM-geheugen: 4059.17 MB Beschikbaar fysiek RAM-geheugen: 2563.82 MB Totaal Virtueel geheugen: 8155.17 MB Beschikbaar Virtual geheugen: 6655.61 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:88.42 GB) (Free:40.96 GB) NTFS Drive d: (PROGRAMMA'S) (Fixed) (Total:117.18 GB) (Free:114.28 GB) NTFS Drive e: (FOTO'S) (Fixed) (Total:117.19 GB) (Free:61.09 GB) NTFS Drive f: (BESTANDEN) (Fixed) (Total:142.58 GB) (Free:114.95 GB) NTFS Drive i: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)] ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2856326A) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=88.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=259.8 GB) - (Type=OF Extended) ==================== Eind van Addition.txt ============================