Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 04-07-2017 Gestart door Johan (04-07-2017 23:01:23) Gestart vanaf C:\Users\Johan\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2015-02-06 15:10:24) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3157429923-292206502-2485843891-500 - Administrator - Disabled) Gast (S-1-5-21-3157429923-292206502-2485843891-501 - Limited - Disabled) Gebruiker (S-1-5-21-3157429923-292206502-2485843891-1000 - Administrator - Enabled) => C:\Users\Gebruiker HomeGroupUser$ (S-1-5-21-3157429923-292206502-2485843891-1003 - Limited - Enabled) Johan (S-1-5-21-3157429923-292206502-2485843891-1001 - Administrator - Enabled) => C:\Users\Johan ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Bluetooth Stack for Windows by Sitecom Europe (HKLM-x32\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v3.03.26(C) - ) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.7.0.1 - Byte Technologies LLC) <==== AANDACHT CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.) EasyVideoMaker (HKLM-x32\...\{03EC818F-96E5-497F-AF28-EC6BC4CF32D3}) (Version: 6.35 - Easy Video Maker) EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\{F63650CA-7DDA-348C-8787-B0E5494463A8}) (Version: 59.0.3071.115 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.3 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HP Softpaq SP46137 (HKLM-x32\...\SP46137) (Version: - ) HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.4.14.41 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{4CBA8ECF-0519-4583-91ED-F098522245EB}) (Version: 12.6.14.19 - HP Inc.) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) LibreOffice 4.4.0.3 (HKLM-x32\...\{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}) (Version: 4.4.0.3 - The Document Foundation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4911.1002 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 53.0.3 (x86 nl) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 nl)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MPEG4 Direct Maker (HKLM-x32\...\MPEG4 Direct Maker) (Version: - ) Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4911.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4911.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4911.1002 - Microsoft Corporation) Hidden Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.19.0-r120634-release - Plays.tv, LLC) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc) Remote Play PC Free 0.3.2.8 (HKLM-x32\...\bd67a359-9038-4d20-8ebf-c41b2802f6e9_is1) (Version: 0.3.2.8 - TMACDEV) Secure Driver Updater (HKLM-x32\...\Secure Driver Updater_is1) (Version: 2.7.1086.17247 - Secure Driver Updater) Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TP-LINK 300Mbps Wireless USB Adapter Stuurprogramma (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK) TrackView version 3.1.0.0 (HKLM-x32\...\{11E6957D-B2E1-4F70-BED8-1B288F1B1574}_is1) (Version: 3.1.0.0 - Cybrook, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-3157429923-292206502-2485843891-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Johan\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\RobloxProxy64.dll (ROBLOX Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Gebruiker\Desktop\vc\f\rarext64.dll [2016-08-16] (Alexander Roshal) ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation) ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation) ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\Gebruiker\Desktop\vc\f\rarext64.dll [2016-08-16] (Alexander Roshal) ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Geen bestand ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {1AE155B5-13D2-496E-8A4D-B7C552A75B4C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation) Task: {1C3066CB-0185-41C4-9944-80A280D72B42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd) Task: {249DDCBE-BB83-4582-8EF0-1758F000E0B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {4E4F4779-CA1D-4923-9BDD-44C64AE49033} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] (Byte Technologies LLC) <==== AANDACHT Task: {511C1C75-8912-4D03-BB48-6E54D671375B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.) Task: {53B513BD-28E0-4596-8462-DED2A7EF4305} - System32\Tasks\RunAtStartup => C:\Users\Johan\AppData\Roaming\Event Monitor\em.exe [2017-05-29] () <==== AANDACHT Task: {58911FBB-2912-4F13-92E1-BE7F6CEE55B1} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-03-22] (Byte Technologies LLC) <==== AANDACHT Task: {771EC40F-3FD3-4FE8-9182-B60C594456D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {83257ED1-B921-4709-8AD6-8BBB98643CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.) Task: {95D4C3AF-B35D-4687-AB9D-B9318BAE3D3E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation) Task: {96A23E72-AA6B-49D6-A7E8-BC16CA630979} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {9D99D81A-06E6-43DC-829C-55281429D674} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-03] (Adobe Systems Incorporated) Task: {A1A899C0-9D2C-4ECA-9855-742F1A008F1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {A1E36F9C-C4AC-42EA-BD72-00648DE37D51} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {A55CB5DE-1B15-4E37-A8A4-0743A6337599} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {A752A9E9-7D5A-43DF-8EEC-EFAD4ADE7EDE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {B2ED69D4-7970-4C3B-8A9C-176580AF291F} - System32\Tasks\HPCeeScheduleForGebruiker => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {B4C528E1-FE7C-4827-86F4-4D881E28AE56} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {BC45BBCE-6CC6-4A88-B041-5901A268DF9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {C4A0A3C2-C07A-49D6-A6BD-B98E05BE3C5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {C4F852F8-DD92-41CF-802B-4C89492AC12E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {E3EC2678-0BFC-422C-8E3C-BAAC17E592D2} - System32\Tasks\SecureDriverUpdaterRunAtStartup => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [2017-07-03] (Secure Driver Updater.) Task: {EBE464CA-65B3-4A49-AFF5-738381A63772} - System32\Tasks\SecureDriverUpdater_UPDATES => C:\Program Files (x86)\Secure Driver Updater\SDU.exe [2017-07-03] (Secure Driver Updater.) Task: {F2D7D86B-2C70-4903-AD2B-CFB451D6F182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\Windows\Tasks\HPCeeScheduleForGebruiker.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\SecureDriverUpdater_UPDATES.job => C:\Program Files (x86)\Secure Driver Updater\SDU.exe ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2016-07-27 14:05 - 2017-01-31 14:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2017-07-03 16:17 - 2017-05-29 18:50 - 03325888 _____ () C:\Users\Johan\AppData\Roaming\Event Monitor\em.exe 2016-05-25 14:38 - 2016-05-25 14:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll 2015-10-08 16:43 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2017-03-28 15:10 - 2017-03-28 15:10 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2017-03-28 15:10 - 2017-03-28 15:10 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2017-02-16 04:19 - 2017-02-16 04:19 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll 2017-02-16 04:19 - 2017-02-16 04:19 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll 2017-02-16 04:19 - 2017-02-16 04:19 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2017-02-16 04:19 - 2017-02-16 04:19 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2016-07-27 14:05 - 2017-01-31 12:14 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2017-04-05 14:44 - 2017-03-29 04:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-04-05 14:44 - 2017-03-29 04:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) AlternateDataStreams: C:\Users\Johan\Downloads\launch (10).ica:icasource [114] ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: ========================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2009-07-14 04:34 - 2017-07-04 22:52 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Er zijn 4 meer regels. ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-3157429923-292206502-2485843891-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.192.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Draadloos configuratie hulpprogramma.lnk => C:\Windows\pss\TP-LINK Draadloos configuratie hulpprogramma.lnk.CommonStartup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Users\Gebruiker\Downloads\Nieuwe map\Nieuwe map\steam.exe" -silent ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{3E787CAB-7D0D-41C1-9F74-BAD1CC0B7A4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0998E771-DAE2-4D4E-AB2A-7469A7FF8E1A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{F2AB928A-11D4-45F3-B6CE-ED9FA21F2675}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{46007638-34CD-4CD1-909C-DF9951EE7CA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{377978D7-D73A-4010-B3F8-4415B36FB8CF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{6450D6C1-59B4-442D-818D-FD4CBB961AF2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [TCP Query User{E2CBA191-0C58-4151-A881-EBA94503445F}C:\trackview\trackview_en.exe] => (Block) C:\trackview\trackview_en.exe FirewallRules: [UDP Query User{CFD07EBE-F7B1-4338-9534-5D7CC1DF052D}C:\trackview\trackview_en.exe] => (Block) C:\trackview\trackview_en.exe FirewallRules: [{7B49B1F1-6DC2-4253-BAFA-792056743C64}] => (Allow) C:\Users\Gebruiker\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{2A13E50A-39CB-4AD0-BF4D-1C746357D330}] => (Allow) C:\Users\Gebruiker\Downloads\Nieuwe map\Nieuwe map\Steam.exe FirewallRules: [{AAC4B425-3B1B-45AD-AFD2-BE8B9DDFC83F}] => (Allow) C:\Users\Gebruiker\Downloads\Nieuwe map\Nieuwe map\Steam.exe FirewallRules: [{0318EB25-E431-4D24-AEC5-241389916806}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{44E10939-DB94-4901-B961-05CF0960F212}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{4C896862-AB4A-4747-9D86-EC427DFEA053}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0E354C0A-231E-4433-9F0C-6798755DC0BE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{AB9C9174-DDE3-46D7-BAD8-9FAE1775196F}C:\program files (x86)\remote play pc free\remoteplay.exe] => (Block) C:\program files (x86)\remote play pc free\remoteplay.exe FirewallRules: [UDP Query User{B3570490-FCC3-4969-9E92-A912B43CA383}C:\program files (x86)\remote play pc free\remoteplay.exe] => (Block) C:\program files (x86)\remote play pc free\remoteplay.exe FirewallRules: [{490880A4-36CF-4B31-B5B1-9351E1140BFD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{3C85B7CB-7989-464F-904C-181375FFBF87}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{13230A18-A642-4F76-BAA3-4E0B2452751F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D08038F3-B53A-466B-AFFE-EBBFCCD0E414}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1DEBBFCE-4049-44DB-9A06-432CB952E5DF}] => (Allow) C:\Program Files (x86)\Secure Driver Updater\SDU.exe FirewallRules: [{8E4AA6A6-6BBC-425D-999B-4737E8E146A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Herstelpunten ========================= 09-06-2017 09:40:29 Herstelbewerking 03-07-2017 16:19:52 Windows Update 03-07-2017 21:38:42 Windows Update 04-07-2017 22:05:57 Windows Update 04-07-2017 22:27:41 Removed Java 8 Update 121 04-07-2017 22:29:09 Removed Java 8 Update 121 (64-bit) ==================== Defecte Apparaatbeheer Apparaten ============= Name: Standaard-PS/2-toetsenbord Description: Standaard-PS/2-toetsenbord Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (standaardtoetsenbord) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI-seriële poort Description: PCI-seriële poort Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PS/2-compatibele muis Description: PS/2-compatibele muis Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (07/04/2017 10:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (07/04/2017 10:30:50 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it Error: (07/04/2017 10:29:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:29:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:29:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:29:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRvrt. System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:29:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt. System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:27:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:27:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: Het systeem kan het opgegeven bestand niet vinden. . Error: (07/04/2017 10:27:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: Het systeem kan het opgegeven bestand niet vinden. . Systeemfouten: ============= Error: (07/04/2017 09:58:16 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Kan CBS-client niet initialiseren. Laatste fout: 0x8007045b Error: (07/04/2017 09:53:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: De Background Intelligent Transfer Service-service is gestopt met de specifieke servicefout %%-2147023781 = Systeem wordt afgesloten.. Error: (07/04/2017 09:53:09 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY) Description: Kan de BITS-service niet starten. Fout 2147943515. Error: (07/04/2017 09:53:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De Print Spooler-service kan vanwege de volgende fout niet worden gestart: De service is niet gestart vanwege een aanmeldingsfout. Error: (07/04/2017 09:53:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: De Spooler-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout: De aanvraag wordt niet ondersteund. Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd. Error: (07/04/2017 09:53:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De SSDP Discovery-service kan vanwege de volgende fout niet worden gestart: De service is niet gestart vanwege een aanmeldingsfout. Error: (07/04/2017 09:53:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: De SSDPSRV-service kan niet als NT AUTHORITY\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout: De aanvraag wordt niet ondersteund. Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd. Error: (07/04/2017 09:53:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Kan CBS-client niet initialiseren. Laatste fout: 0x8007045b Error: (07/04/2017 09:52:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De Print Spooler-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (07/03/2017 09:38:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: De server {F9717507-6651-4EDB-BFF7-AE615179BCCF} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage geheugen in gebruik: 44% Totaal fysiek RAM-geheugen: 4015.27 MB Beschikbaar fysiek RAM-geheugen: 2213.57 MB Totaal Virtueel geheugen: 8028.73 MB Beschikbaar Virtual geheugen: 5886.73 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:79.6 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E5CF712F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== Eind van Addition.txt ============================