Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 18-10-2017 01 Gestart door toshiba (19-10-2017 21:25:34) Gestart vanaf C:\Users\toshiba\Downloads Windows 7 Professional Service Pack 1 (X64) (2010-04-05 12:52:26) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-551523787-2535008523-3008428354-500 - Administrator - Disabled) Gast (S-1-5-21-551523787-2535008523-3008428354-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-551523787-2535008523-3008428354-1002 - Limited - Enabled) toshiba (S-1-5-21-551523787-2535008523-3008428354-1000 - Administrator - Enabled) => C:\Users\toshiba ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Total AV (Disabled - Up to date) {AB73D7DB-EEDE-3CBB-CC36-E31145532EB0} AS: Total AV (Disabled - Up to date) {1012363F-C8E4-3335-F686-D8633ED4640D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated) Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated) Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - ) Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.108 - ALPS ELECTRIC CO., LTD.) amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.1 - amuleC) <==== AANDACHT Assist-Viewer (HKLM-x32\...\{A75B4DC8-F762-45D8-A697-7EE17BF2D974}) (Version: 1.00.000 - ) Bitcoin Core (64-bit) (HKU\S-1-5-21-551523787-2535008523-3008428354-1000\...\Bitcoin Core (64-bit)) (Version: 0.14.1 - Bitcoin Core project) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.12 - NCH Software) deskapp (HKLM-x32\...\{6AD06984-E21B-436F-9341-11053320B994}) (Version: 1.1.4 - deskapp) <==== AANDACHT Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit) Eid Reader plugin 1.1.0 (HKLM-x32\...\2008-1418-6737-7883) (Version: 1.1.0 - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.09 - NCH Software) Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation) LibreOffice 5.3.3.2 (HKLM-x32\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation) Malwarebytes versie 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 56.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 nl)) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.) Roblox Player for toshiba (HKU\S-1-5-21-551523787-2535008523-3008428354-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.2.13 - Synaptics Incorporated) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer) The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - ) Timez Attack Launcher (HKLM-x32\...\Timez Attack Launcher L) (Version: L - Big Brainz) Tixati (HKLM-x32\...\tixati) (Version: - ) TotalAV 1.34.8 (HKLM-x32\...\TotalAV) (Version: 1.34.8 - TotalAV) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WINSNARE (HKLM-x32\...\{56D19032-B59F-4020-994B-15912A49CD96}) (Version: 4.4.6 - WINSNARE) <==== AANDACHT ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) HKU\S-1-5-21-551523787-2535008523-3008428354-1000\...\ChromeHTML: -> <==== AANDACHT CustomCLSID: HKU\S-1-5-21-551523787-2535008523-3008428354-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-19] (Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] () ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {055BA283-609C-4567-97A3-C3C0D9A783D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {07AE9389-6F25-4E15-B13B-5C96BB099E4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10] (Google Inc.) Task: {24FF93BD-EA4C-481A-858F-BDFE8AC33572} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-17] (Adobe Systems Incorporated) Task: {26229B14-F9FE-45C8-84E1-29B0C16981AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-17] (Adobe Systems Incorporated) Task: {29ADC34E-3B77-4371-A8BB-64A250C5CD5B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {485EF230-03A4-4933-BA20-A7037523B5DC} - System32\Tasks\{91BF891E-BBC3-4B9C-A8B5-3E940FCF90A8} => C:\Windows\system32\pcalua.exe -a C:\Tivola\Lillifee\setup.exe -d D: Task: {4A02B101-1539-4A56-9674-FDF6D9728DD1} - System32\Tasks\{1AFE78A4-FB4F-4E0B-876B-F98954EA78DC} => C:\Windows\system32\pcalua.exe -a C:\Tivola\Lillifee\setup.exe -d D: Task: {4A0E32ED-72BD-4715-809C-634C437FB96D} - System32\Tasks\{F56ADDAC-1523-4B24-B4B0-ED8C8D10D0B3} => C:\Windows\system32\pcalua.exe -a "C:\Users\toshiba\Desktop\downloads\The Simpsons Hit And Run - Action Adventure 2003 [PC-GAME RETAIL]\The Simpsons Hit & Run Disc Images\Hit & Run 1\setup.exe" -d "C:\Users\toshiba\Desktop\downloads\The Simpsons Hit And Run - Action Adventure 2003 [PC-GAME RETAIL]\The Simpsons Hit & Run Disc Imag (de data item heeft 15 mee tekens). Task: {4B9394AE-34AD-4C8F-8AC2-65A93E263D7F} - System32\Tasks\90g3q60j91 => C:\Windows\system32\rundll32.exe "C:\ProgramData\90g3q60j91\90g3q60j91.dll",gqjiez <==== AANDACHT Task: {6AD20029-8E7E-4896-874A-36DA21F23AF3} - System32\Tasks\Opera scheduled Autoupdate 1499195597 => C:\Users\toshiba\AppData\Local\Programs\Opera\launcher.exe Task: {8C0C40C3-EE48-4B86-9A23-3887124E939C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {917983C2-198A-4612-AFCD-20D999B6B802} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {A118FF88-D992-44E8-84FF-E5CCB254A4AF} - System32\Tasks\{837BB218-396D-46CC-8CB9-AC05C42F543B} => D:\SOFTWARE\32BIT\RS32E301.EXE Task: {A6A92A8D-A0BB-49B8-971A-E5B4B8073357} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {AFDCBF26-78CE-4EB6-8C06-E9886B16A160} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {BA18BF53-0129-4A6F-9146-82751D4452ED} - System32\Tasks\{7D122AF0-A00A-46A1-BB76-CA4DAF7423D3} => D:\SOFTWARE\32BIT\RS32E301.EXE Task: {C06383B9-A757-48CC-BFB4-FF71D1731C20} - System32\Tasks\AdobeAAMUpdater-1.0-toshiba-PC-toshiba => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {D3B82A93-6AE7-4777-9C9E-5E52F40DA6C5} - System32\Tasks\{364D5D9D-ED80-4ED0-AE91-E67B665C58D4} => C:\Windows\system32\pcalua.exe -a D:\SOFTWARE\32BIT\RS32E301.EXE -d D:\SOFTWARE\32BIT Task: {E4DF20B1-C232-46C9-8948-263BEE53ABDE} - System32\Tasks\{18A40779-5EAD-49F5-8EDC-1464A0EF5D95} => C:\Windows\system32\pcalua.exe -a C:\Tivola\Lillifee\setup.exe -d D: Task: {FFAB47C2-9424-4AF3-991F-D0BC89DE20F4} - System32\Tasks\downloadx => C:\Windows\system32\config\systemprofile\AppData\Local\Bigwarm [Argument = /t 7129 7524] <==== AANDACHT (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) Shortcut: C:\Users\toshiba\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ShortcutWithArgument: C:\Users\toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Geladen Modules (gefilterd) ============== 2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll 2010-04-05 15:29 - 2013-02-19 11:43 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-06-17 05:09 - 2017-08-11 12:45 - 000441696 _____ () C:\Program Files (x86)\TotalAV\SecurityService.exe 2017-04-05 21:31 - 2017-04-14 10:32 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-06-17 05:09 - 2017-08-11 12:45 - 002675040 _____ () C:\Program Files (x86)\TotalAV\TotalAV.exe 2017-08-14 03:48 - 2017-08-14 03:48 - 034865232 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe 2017-06-17 05:09 - 2017-08-11 12:43 - 000075264 _____ () C:\Program Files (x86)\TotalAV\SCAPI.dll 2017-06-17 05:09 - 2017-08-11 12:43 - 000010240 _____ () C:\Program Files (x86)\TotalAV\lib_SCAPI.dll 2017-08-08 12:02 - 2017-08-08 12:02 - 001157632 _____ () C:\Users\toshiba\AppData\Local\Facebook\Games\CefSharp.Core.dll 2017-08-08 12:02 - 2017-08-08 12:02 - 068178432 _____ () C:\Users\toshiba\AppData\Local\Facebook\Games\libcef.dll 2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2017-08-08 12:02 - 2017-08-08 12:02 - 000748032 _____ () C:\Users\toshiba\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll 2017-08-08 12:02 - 2017-08-08 12:02 - 002246144 _____ () C:\Users\toshiba\AppData\Local\Facebook\Games\libglesv2.dll 2017-08-08 12:02 - 2017-08-08 12:02 - 000079360 _____ () C:\Users\toshiba\AppData\Local\Facebook\Games\libegl.dll 2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2017-09-20 03:04 - 2017-09-20 03:04 - 000110688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll 2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2017-09-22 13:07 - 2017-09-21 06:57 - 003011928 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-22 13:07 - 2017-09-21 06:57 - 000086872 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: =============================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-551523787-2535008523-3008428354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\toshiba\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 212.224.255.252 - 212.224.255.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{08130FC8-2689-427E-9AE9-783229F0C040}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{199C55D3-A2BE-46CC-A333-4C9A98DB3BEC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{DCF50DFA-BD53-4EF5-8990-1FE02119EA79}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{9E109E21-5C9F-464D-A84B-C977826C557C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CC94C429-0D4B-40D6-AE80-279B62A8AA92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{751232ED-03A3-4D8A-B689-9992E0C5D3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{0383606F-B357-450C-B436-27F895DC0E96}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [UDP Query User{01AF8442-BF6A-4761-B562-2681B017EB0A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [{05C6E709-F5B6-4034-B372-DD4E2D510A63}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{51DB4395-AB95-4F66-9C27-870A514B3AD5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe FirewallRules: [{B348DAFF-DA16-42BD-88EF-E3C09F0F0495}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe FirewallRules: [{C1392266-C42E-4DBF-9452-EB60BCA7BEC3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe FirewallRules: [{22A06B35-7E6B-48FC-B39D-A44BE6114784}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe FirewallRules: [{5EADF1C1-49E1-4030-8730-85E63D3AFDF5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe FirewallRules: [{3496453A-FB73-4768-BCA8-4179EC24606E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe FirewallRules: [{07A42FF5-BAD9-4F8B-B2B1-BE6EFB9D2DF6}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{93E43BA4-E4D0-4DAA-A20D-CC91AC588A08}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [TCP Query User{3184BC3A-2DC2-4028-9095-C37348D741AF}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe FirewallRules: [UDP Query User{ED28A085-DC80-4AA5-9F62-C1B8AD0A7B3F}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe FirewallRules: [{77C5A922-E7D6-426A-8D7E-46540EA7F2BB}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{2B687494-67A9-4612-8EAA-A8BA6E9ADF75}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{8BE86C9E-32CC-44BE-82F4-3EC76CB775E9}] => (Allow) C:\Program Files (x86)\Hotcine\Application\chrome.exe FirewallRules: [{30BF1409-7087-4F58-ABBA-4F2F72DBECDB}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{8E946EF1-0825-4EE2-B9E5-B6BCD9CCAFC9}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{EF39CBC4-987F-4B05-95F5-B79A760FB2A1}] => (Allow) C:\Program Files (x86)\MIO\loader\hitachixhts545025b9a300_100129pb42061seduellx.dat FirewallRules: [{9B999D64-44EC-49B6-931F-1769C80B8086}] => (Allow) C:\Program Files (x86)\MIO\loader\hitachixhts545025b9a300_100129pb42061seduellx.dat FirewallRules: [{80826CA9-B68F-48C4-BCC0-851E958710FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{642C9FFB-D10D-42D6-8BC5-0001432229D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{84D636E5-6093-47BE-8945-07F77312B177}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AE82502B-DEAB-4A0C-9D16-5BC728A78816}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{4A9DB13F-3CB6-486C-88ED-DCA64BCCBB6C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{D4E4AD67-957A-4036-977D-676C190EC91B}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [{1989FAA0-73C7-4C1E-8E4A-4C5FFD1A7811}] => (Allow) C:\Users\toshiba\AppData\Local\Programs\Opera\46.0.2597.26229\opera.exe FirewallRules: [TCP Query User{94983219-3948-4D26-B3DF-4D40BFAF9383}C:\program files (x86)\age of empires iii - complete collection\age3.exe] => (Block) C:\program files (x86)\age of empires iii - complete collection\age3.exe FirewallRules: [UDP Query User{5B458A01-1CF9-48F4-9E03-C6A423ED80D1}C:\program files (x86)\age of empires iii - complete collection\age3.exe] => (Block) C:\program files (x86)\age of empires iii - complete collection\age3.exe FirewallRules: [{9AB41824-E56E-4676-9C3B-DFFF7FEF8686}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4FBE9D70-92E4-4903-9F18-470AFB4A7DF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{92221083-C93F-4A12-8B0B-0616A008095A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{770B16DE-E438-4421-8ACA-9B3991E35729}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F0F1BB8C-D1AB-4FC3-ACD0-A3E9A72ABCD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Herstelpunten ========================= ==================== Defecte Apparaatbeheer Apparaten ============= Name: Lexmark X422 Description: Lexmark X422 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Lexmark X422 Description: Lexmark X422 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Lexmark X422 Description: Lexmark X422 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: CDC Serial Description: CDC Serial Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (10/19/2017 07:12:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (10/19/2017 05:06:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (10/19/2017 04:11:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Volume (C:) is niet gedefragmenteerd omdat er een fout is opgetreden: De schijf die wordt gedefragmenteerd, is vol. (0x8900001F) Error: (10/19/2017 10:18:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/18/2017 08:14:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (10/18/2017 07:59:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: FacebookGameroom.exe, versie: 1.8.6429.23271, tijdstempel: 0x598a173e Naam van module met fout: libcef.dll, versie: 3.2987.1601.0, tijdstempel: 0x5984c1cd Uitzonderingscode: 0xc0000005 Foutoffset: 0x01afeb06 Id van proces met fout: 0x978 Starttijd van toepassing met fout: 0x01d34839e149d769 Pad naar toepassing met fout: C:\Users\toshiba\AppData\Local\Facebook\Games\FacebookGameroom.exe Pad naar module met fout: C:\Users\toshiba\AppData\Local\Facebook\Games\libcef.dll Rapport-id: 07688184-b42e-11e7-ae7d-002318829882 Error: (10/18/2017 07:59:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: FacebookGameroom.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 5DAFEB06 Stack: Error: (10/18/2017 07:53:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (10/18/2017 07:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen. Error: (10/18/2017 10:03:58 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Systeemfouten: ============= Error: (10/19/2017 07:17:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De Windows Update-service is bij het starten vastgelopen. Error: (10/19/2017 07:15:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De VC IDE Base Service-service is gestopt met de volgende foutcode: Kan opgegeven module niet vinden. . Error: (10/19/2017 07:10:57 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: De vorige afsluiting van het systeem om 19:09:49 op ‎19/‎10/‎2017 is onverwacht gebeurd. Error: (10/19/2017 05:08:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De VC IDE Base Service-service is gestopt met de volgende foutcode: Kan opgegeven module niet vinden. . Error: (10/19/2017 05:02:29 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: De server {995C996E-D918-4A8C-A302-45719A6F4EA7} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd. Error: (10/19/2017 05:02:05 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: De server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd. Error: (10/19/2017 01:42:34 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet. Error: (10/19/2017 07:31:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: SecurityService. Error: (10/18/2017 08:19:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De Windows Update-service is bij het starten vastgelopen. Error: (10/18/2017 08:16:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: De VC IDE Base Service-service is gestopt met de volgende foutcode: Kan opgegeven module niet vinden. . CodeIntegrity: =================================== Date: 2017-01-14 23:04:33.640 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. Date: 2017-01-14 23:04:33.640 Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage geheugen in gebruik: 63% Totaal fysiek RAM-geheugen: 2864.43 MB Beschikbaar fysiek RAM-geheugen: 1049.05 MB Totaal Virtueel geheugen: 4588.8 MB Beschikbaar Virtual geheugen: 1692.3 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:0.69 GB) NTFS Drive f: () (Removable) (Total:3.69 GB) (Free:2.77 GB) FAT32 ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BADED43D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== Eind van Addition.txt ============================