Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 06-08-2017 Gestart door Wil (07-08-2017 13:37:31) Gestart vanaf C:\Users\Wil\Downloads Windows 10 Pro Versie 1703 (X64) (2017-06-19 07:10:05) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3683360743-3898300251-3566174587-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3683360743-3898300251-3566174587-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3683360743-3898300251-3566174587-1000 - Limited - Disabled) => C:\Users\defaultuser0 Gast (S-1-5-21-3683360743-3898300251-3566174587-501 - Limited - Disabled) Sonos (S-1-5-21-3683360743-3898300251-3566174587-1002 - Limited - Enabled) Wil (S-1-5-21-3683360743-3898300251-3566174587-1001 - Administrator - Enabled) => C:\Users\Wil ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee Virusscan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Virusscan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Ahnenblatt 2.95a (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.95.11.1 - Dirk Böttcher) AIMP (HKLM-x32\...\AIMP) (Version: v4.12.1878, 26.12.2016 - AIMP DevTeam) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Bullzip PDF Printer 10.25.0.2552 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.25.0.2552 - Bullzip) CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform) DATA BECKER web to date 8s (HKLM-x32\...\web to date 8s_is1) (Version: 8.0.0.2533 - DATA BECKER GmbH & Co. KG) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.) EMDB 2.73 (HKLM-x32\...\EMDB_is1) (Version: - Wicked & Wild Inc.) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) Freemake Audio Converter versie 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation) Freemake Video Converter versie 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation) FrostWire 6.4.2 (HKLM-x32\...\FrostWire 6) (Version: 6.4.2.212 - FrostWire LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden IncrediMail (HKLM-x32\...\{FDFE5E63-116A-4655-9B4D-29F4AFE441B3}) (Version: 6.3.9.5274 - IncrediMail) Hidden IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes versie 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.) McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft Office 2000 Premium (HKLM-x32\...\{00000413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Minipak Boekhouding 1.26 (HKLM-x32\...\Minipak Boekhouding_is1) (Version: - Minipak software) NVIDIA 3D Vision stuurprogramma 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation) NVIDIA Grafisch stuurprogramma 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.3 (HKLM-x32\...\{9A20BB10-551A-4D13-AB25-3A67EE3F600C}) (Version: 4.13.9783 - Apache Software Foundation) Preader2WPF (HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\52541999f250457a) (Version: 2.7.2.95 - PReader2) Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 36.4.41272 - Sonos, Inc.) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer) TomTom MyDrive Connect 4.1.5.3181 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.5.3181 - TomTom) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH) VirtualDJ 8 (HKLM-x32\...\{AC964E48-8E21-4622-9073-AD42BC6A57B1}) (Version: 8.2.3343.0 - Atomix Productions) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2017-03-18] (MicrosoftCorporation) ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} => C:\WINDOWS\System32\cscui.dll [2017-03-20] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee,Inc.) ContextMenuHandlers1: [ModernSharing] -> {e2bf9676-5f8f-435c-97eb-11607a5bedf7} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation) ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWoW64\WSCM64.dll [2015-02-27] () ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\System32\EhStorShell.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-20] (MicrosoftCorporation) ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (IntelCorporation) ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIACorporation) ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => C:\Windows\System32\WorkfoldersShell.dll [2017-03-18] (MicrosoftCorporation) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Geen bestand ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee,Inc.) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-20] (MicrosoftCorporation) ContextMenuHandlers6: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-06-19] (MicrosoftCorporation) ContextMenuHandlers1_S-1-5-21-3683360743-3898300251-3566174587-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ContextMenuHandlers4_S-1-5-21-3683360743-3898300251-3566174587-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ContextMenuHandlers5_S-1-5-21-3683360743-3898300251-3566174587-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll [2017-08-02] (MicrosoftCorporation) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {05C35C43-30B0-478C-A045-7452BCE45E4E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\WINDOWS\system32\defrag.exe [2017-03-18] (MicrosoftCorp.) Task: {071F8DD4-D469-48EA-B943-2BB2804342D3} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {0AF001AB-22C4-4AD6-9F13-84FD73357032} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-20] (MicrosoftCorporation) Task: {0BF3E088-DB6C-4920-9386-450B64E77933} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\WINDOWS\system32\MDMAgent.exe [2017-03-18] (MicrosoftCorporation) Task: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => C:\WINDOWS\system32\defrag.exe [2017-03-18] (MicrosoftCorp.) Task: {108D2775-DE4B-428B-8574-54EAB807D6CC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee,Inc.) Task: {1922CAFC-A05A-4AD8-BE6E-9BBC7DE8F0BB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3683360743-3898300251-3566174587-1001 => C:\Users\Wil\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2017-08-02] (MicrosoftCorporation) Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [2017-03-18] (MicrosoftCorporation) Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [2017-03-18] (MicrosoftCorporation) Task: {28471662-C707-4A0A-A944-18CE7D15BC32} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {2B7165AE-FCEA-4922-BF95-77B99141475D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation) Task: {36D3C867-35E3-4328-8300-8098D12BA4A3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation) Task: {36D4DB9D-E8E1-4EF4-BC58-9C7494E90296} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-06-27] (McAfee,Inc.) Task: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe [2017-03-18] (MicrosoftCorporation) Task: {3EA82649-A360-4898-A6FB-C273024D1364} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\WINDOWS\System32\wpcmon.exe [2017-03-18] (MicrosoftCorporation) Task: {4051EB0B-2917-432F-B9F9-431C7E3C9181} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\WINDOWS\system32\RAServer.exe [2017-03-18] (MicrosoftCorporation) Task: {41DD7915-73BB-47C6-8378-6C865D5581AA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation) Task: {4664036D-395D-41D0-99B9-689DE01071AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-22] (GoogleInc.) Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation) Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation) Task: {52C4776E-11B1-402C-A230-0A0306A146C4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\WINDOWS\System32\wsqmcons.exe [2017-03-18] (MicrosoftCorporation) Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [2017-03-18] (MicrosoftCorporation) Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\WINDOWS\system32\devicecensus.exe [2017-06-20] (MicrosoftCorporation) Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation) Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\WINDOWS\system32\speech_onecore\common\SpeechModelDownload.exe [2017-03-18] (MicrosoftCorporation) Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\WINDOWS\system32\dmclient.exe [2017-03-18] (MicrosoftCorporation) Task: {74886BD5-CF27-4099-A6AE-4BC7162C1685} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\WINDOWS\system32\sdclt.exe [2017-03-18] (MicrosoftCorporation) Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation) Task: {7E6F0CFC-FBBF-491E-92B3-9C869232047B} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\WINDOWS\system32\DFDWiz.exe [2017-03-20] (MicrosoftCorporation) Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe [2017-03-18] (MicrosoftCorporation) Task: {87488988-70F6-44C5-A1BD-E328BE17C205} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\WINDOWS\system32\appidpolicyconverter.exe [2017-03-18] (MicrosoftCorporation) Task: {88209412-5377-4AA1-B01E-F5D5A6F39E21} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\WINDOWS\system32\SpaceAgent.exe [2017-03-18] (MicrosoftCorporation) Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-18] (MicrosoftCorporation) Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe [2017-03-18] (MicrosoftCorporation) Task: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2017-03-18] (MicrosoftCorporation) Task: {936FF605-A684-4476-8E62-E051A903B3D3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2017-03-18] (MicrosoftCorporation) Task: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\WINDOWS\system32\appidcertstorecheck.exe [2017-03-18] (MicrosoftCorporation) Task: {9BDD8C02-343F-4D5C-89A0-D290332ADDA8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {9CF304F4-4D08-4DBB-A568-102240A2160B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe [2017-03-18] (MicrosoftCorporation) Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\WINDOWS\System32\dusmtask.exe [2017-03-18] (MicrosoftCorporation) Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\WINDOWS\system32\spaceman.exe [2017-03-18] (MicrosoftCorporation) Task: {BCC432F2-7A57-4195-881F-9013CF46F613} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\WINDOWS\system32\lpremove.exe [2017-03-18] (MicrosoftCorporation) Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-18] (MicrosoftCorporation) Task: {BDD6BB99-EDCB-481C-999A-1A983CC3A674} - System32\Tasks\S-1-5-21-3683360743-3898300251-3566174587-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (MicrosoftCorporation) Task: {BEE7BAE8-4F94-4CDD-B14D-1EE33AE68EFF} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\WINDOWS\System32\UNP\UNPCampaignManager.exe [2017-04-02] (MicrosoftCorporation) Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\WINDOWS\system32\ProvTool.exe [2017-03-18] (MicrosoftCorporation) Task: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\WINDOWS\System32\drvinst.exe [2017-03-18] (MicrosoftCorporation) Task: {C2F9C837-A8A9-46F0-B283-C416371FDCDB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {C88646DC-C3FA-4292-95EA-72555737C8A4} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-06-27] (McAfee,Inc.) Task: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\WINDOWS\system32\wermgr.exe [2017-03-18] (MicrosoftCorporation) Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\WINDOWS\system32\ProvTool.exe [2017-03-18] (MicrosoftCorporation) Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-18] (MicrosoftCorporation) Task: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\system32\BthUdTask.exe [2017-03-18] (MicrosoftCorporation) Task: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\WINDOWS\system32\compattelrunner.exe [2017-06-20] (MicrosoftCorporation) Task: {DA0AE3A8-85B1-4BB9-9EF3-42DE55522AAC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {DB8EA774-EFB4-41F5-9C71-74AA91CF24CB} - System32\Tasks\{0641811F-633F-4E45-A43D-2B98623CE780} => C:\Windows\system32\pcalua.exe -a C:\Users\Wil\Downloads\mp3gain-win-1_3_4.exe -d C:\Users\Wil\Downloads Task: {DC729B28-21E0-4A00-B85B-E33D5124E121} - System32\Tasks\SafeZone scheduled Autoupdate 1471870226 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation) Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [2017-03-18] (MicrosoftCorporation) Task: {E41327E0-1FD8-4CD3-982A-1C5B3DE89390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-22] (GoogleInc.) Task: {E5C81140-F063-4638-94C0-75A4F0EA28A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd) Task: {EACD132A-EF84-425B-A61E-472D77A6FA4F} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-18] (MicrosoftCorporation) Task: {EC11A6F7-343D-49E9-A974-A3716157F2C1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\WINDOWS\system32\compattelrunner.exe [2017-06-20] (MicrosoftCorporation) Task: {EF01BA26-007D-4016-8ECB-DCE60883FDAD} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-20] (MicrosoftCorporation) Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [2017-03-18] (MicrosoftCorporation) Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation) Task: {FF1754A2-09BF-47DD-B12F-0BECBEF18184} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2017-03-18] (MicrosoftCorporation) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) Shortcut: C:\Users\Wil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki Shortcut: C:\Users\Wil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com Shortcut: C:\Users\Wil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.4.2-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat () ==================== Geladen Modules (gefilterd) ============== 2017-06-19 08:45 - 2016-08-01 14:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-28 14:30 - 2012-08-21 17:07 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2016-11-28 14:30 - 2012-08-21 17:07 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2017-08-06 12:18 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-06-27 13:16 - 2017-06-11 13:00 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll 2017-06-27 13:16 - 2017-06-11 12:59 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll 2017-06-27 13:16 - 2017-06-11 13:00 - 000571240 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2016-11-13 20:25 - 2015-02-27 15:38 - 000721263 _____ () C:\Windows\SysWoW64\WSCM64.dll 2017-03-18 22:59 - 2017-03-20 05:56 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-06 18:22 - 2016-11-06 18:23 - 000072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-11-06 18:22 - 2016-11-06 18:23 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-11-06 18:22 - 2016-11-06 18:23 - 041608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-03-09 02:16 - 2017-03-09 02:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll 2016-08-24 16:00 - 2016-08-24 16:00 - 000080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: =============================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2016-07-16 13:47 - 2017-08-05 12:16 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wil\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\irfanview_wallpaper.bmp DNS Servers: 192.168.2.254 - 213.75.63.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk" HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\StartupApproved\Run: => "IncrediMail" HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3683360743-3898300251-3566174587-1001\...\StartupApproved\Run: => "OneDrive" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{771E67E3-EEFE-404C-B767-85E0CAEC02C8}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe FirewallRules: [{1817B0DE-D491-4C9C-A26C-24EAAE725C5C}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe FirewallRules: [{122CEA72-10D1-4CB9-8330-B25F67CEC1F7}] => (Allow) LPort=161 FirewallRules: [{11551EDB-260B-4464-A36F-34BA40299E58}] => (Allow) LPort=427 FirewallRules: [{4B7DFFD4-03F5-4C35-BF7E-BA2097F1DD3C}] => (Allow) LPort=9100 FirewallRules: [{DA407A7D-B4D5-4D0B-AE4C-B5D1891598AD}] => (Allow) C:\Users\Wil\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{8A735262-00BD-4F86-9F50-6FD9BCBEB407}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe FirewallRules: [{011747BD-C808-45C3-AAC0-70076B8ABD15}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe FirewallRules: [{ED1C4031-CAB7-4DBF-BE0E-A3EB721E39CC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{59135A9D-E50C-42BB-9034-3700FD865AEA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{5D5D7BF8-398D-45A3-B2F5-444A623631B8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{D11F89A1-7CA0-4710-A1CB-90D0E906E279}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{2C443F6B-2C9A-42D6-B878-255A56C96FE0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{47035830-D3B9-4F55-909F-7D12AD143EB1}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{F7468152-EFBB-4C44-A66A-991DB461F593}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{B4846C30-2F6A-423E-96EB-F23B66C9675A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{0AFA4C79-BE16-4F6D-A9F8-4DA5570C5912}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{126C6868-05E6-4107-82CE-9F57948D101B}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{DFAFF725-42B8-4C10-8105-58FA57211AC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{6F394174-4B77-4DEB-9FA5-5B5E256E11CA}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe FirewallRules: [{29706283-772C-4BDC-A039-1A6951C64DE6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{FFE27883-9F6B-4E61-9B80-05B8DC7CF373}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{BF884931-DB21-41A3-A3DC-41050D5B09A6}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe FirewallRules: [{5178FE88-6DB0-4A0E-9409-A029546D0CA3}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe FirewallRules: [{7360C1D0-21F6-4924-9CEF-2801437F836B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{27539EE9-E24C-467F-B0FD-921FAE430FAE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F10B5E95-B716-4B80-9F0A-F76493AD99E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{79BF9CD6-C797-48DC-8783-C67B5F666571}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Herstelpunten ========================= 24-07-2017 09:45:58 Windows Back-up 31-07-2017 14:36:18 Windows Back-up 31-07-2017 19:42:40 Windows Back-up 07-08-2017 09:14:02 Windows Back-up ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (08/07/2017 01:34:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: DATA BECKER Update Service.exe, versie: 0.0.4.1, tijdstempel: 0x4d89246b Naam van module met fout: ntdll.dll, versie: 10.0.15063.447, tijdstempel: 0xd51d5c5e Uitzonderingscode: 0xc0000374 Foutmarge: 0x000d9aaa Id van proces met fout: 0x2c3c Starttijd van toepassing met fout: 0x01d30f712ce16767 Pad naar toepassing met fout: C:\Program Files (x86)\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll Rapport-id: a2d62d7e-7015-4c76-b794-8e4583c41a42 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (08/07/2017 10:22:23 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: De openprocedure voor de BITS-service in DLL-bestand C:\Windows\System32\bitsperf.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode. Error: (08/07/2017 10:21:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: DATA BECKER Update Service.exe, versie: 0.0.4.1, tijdstempel: 0x4d89246b Naam van module met fout: ntdll.dll, versie: 10.0.15063.447, tijdstempel: 0xd51d5c5e Uitzonderingscode: 0xc0000374 Foutmarge: 0x000d9aaa Id van proces met fout: 0x2f0c Starttijd van toepassing met fout: 0x01d30f562add488c Pad naar toepassing met fout: C:\Program Files (x86)\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll Rapport-id: 96bc5d99-7407-43f7-8902-fceb661991a8 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (08/07/2017 10:15:12 AM) (Source: VSS) (EventID: 12291) (User: ) Description: Fout in de Volume Shadow Copy-service: fout bij het maken of gebruiken van de uitgeverinterface voor COM+-schrijvers: BackupShutdown [0x80042302, Een onderdeel van de Volume Shadow Copy-service heeft een onverwachte fout aangetroffen. Controleer het gebeurtenislogboek van de toepassing voor meer informatie. ]. Error: (08/07/2017 10:15:12 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine IMultiInterfaceEventControl::GetSubscriptions. hr = 0x80010108, De verbindingen van het aangeroepen object met de clients zijn verbroken. . Error: (08/07/2017 09:10:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Het programma IncMail.exe, versie 6.3.9.5274 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm. Proces-id: 2e70 Starttijd: 01d30f4be6fcb0dd Eindtijd: 17 Toepassingspad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe Rapport-id: 00f8639e-b725-4899-9af7-56b152a1e586 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (08/06/2017 02:01:59 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: De openprocedure voor de RemoteAccess-service in DLL-bestand C:\Windows\System32\rasctrs.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode. Error: (08/06/2017 09:40:10 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: De openprocedure voor de BITS-service in DLL-bestand C:\Windows\System32\bitsperf.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode. Error: (08/06/2017 09:38:07 AM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY) Description: McShield encountered error while stopping. Error Code:a7f40610 Error: (08/05/2017 01:29:40 PM) (Source: COM) (EventID: 10031) (User: ) Description: Er is een unmarshaling-beleidscontrole uitgevoerd bij de unmarshaling van een aangepast marshal-object en de klasse {F6C29334-47DC-4397-9150-F549CF1D4861} is geweigerd Systeemfouten: ============= Error: (08/07/2017 01:30:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} en APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (08/07/2017 01:30:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} en APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (08/07/2017 01:30:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De WMPNetworkSvc-service is gestopt met de volgende foutcode: Er is geprobeerd te verwijzen naar een token dat niet bestaat. . Error: (08/07/2017 01:29:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De HvHost-service is gestopt met de volgende foutcode: Een apparaat dat op het systeem is aangesloten, werkt niet. . Error: (08/07/2017 01:29:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: De aanvraag wordt niet ondersteund. Error: (08/07/2017 01:28:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: De service Storage Service is niet juist afgesloten na de ontvangst van een besturingselement voor afsluiten. Error: (08/07/2017 01:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Interactive Services Detection-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (08/07/2017 01:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Andrea RT Filters Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (08/07/2017 01:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De DATA BECKER Update Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (08/07/2017 01:28:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De HP SI Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 1000 milliseconden worden uitgevoerd: Service opnieuw starten. CodeIntegrity: =================================== Date: 2017-08-07 13:29:28.192 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-07 10:16:04.238 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 14:11:08.361 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 14:10:42.281 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 14:07:41.531 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 14:07:19.503 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 12:46:59.115 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 12:46:20.368 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-05 10:49:54.643 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-31 19:37:56.824 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage geheugen in gebruik: 38% Totaal fysiek RAM-geheugen: 6058.17 MB Beschikbaar fysiek RAM-geheugen: 3754.51 MB Totaal Virtueel geheugen: 7018.17 MB Beschikbaar Virtual geheugen: 4813.4 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:332.4 GB) (Free:88.58 GB) NTFS Drive d: (Dataschijf) (Fixed) (Total:244.14 GB) (Free:143.12 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=332.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=244.1 GB) - (Type=OF Extended) ==================== Eind van Addition.txt ============================