Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 01.01.2019 Gestart door jiv1 (04-01-2019 16:04:50) Gestart vanaf C:\Users\jiv1\Desktop Windows 10 Home Versie 1803 17134.472 (X64) (2018-07-17 12:44:27) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3845518409-3654752349-4073796428-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3845518409-3654752349-4073796428-503 - Limited - Disabled) Gast (S-1-5-21-3845518409-3654752349-4073796428-501 - Limited - Enabled) jiv1 (S-1-5-21-3845518409-3654752349-4073796428-1001 - Administrator - Enabled) => C:\Users\jiv1 WDAGUtilityAccount (S-1-5-21-3845518409-3654752349-4073796428-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: BullGuard Antivirus (Enabled - Up to date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4} AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: BullGuard Antispyware (Enabled - Up to date) {B73BE81F-4345-B6C3-E5AB-80F647E9AA59} FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Africasim Accra 2009 (HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\Africasim Accra 2009) (Version: - ) AFX Professional License (HKLM-x32\...\afxpro) (Version: - ) Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software) BullGuard Internet Security (HKLM\...\BullGuard) (Version: 19.0 - BullGuard Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) Classic FTP File Transfer Software (HKLM-x32\...\ClassicFTP) (Version: 2.38 - NCH Software) CYUL v1.1.1 for FS9 (HKLM\...\{4C9C5A71-3C7B-422D-B98D-4722CD1FE8B1}) (Version: 1.1.1 - BluePrint Simulations) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.35 - NVIDIA Corporation) Hidden Douglas DC-6 for FS2004 (HKLM-x32\...\{9CA48456-E0FE-411A-BE20-248B9792A6EC}) (Version: 2.01.0000 - Jens B. Kristensen) Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 3.06 - NCH Software) Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter) FeelThere ERJ v.2 (HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\FeelThere ERJ v.2) (Version: - ) Flight Simulator 2004 MakeMDL SDK (HKLM-x32\...\{C930AEE5-A589-4641-B7A6-9542DD9BADFC}) (Version: 1.00.0000 - Microsoft Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.) FSNavigator (HKLM-x32\...\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}) (Version: 4.7 - FSNavigator team) FSrealWX lite version 1.07.1522 (HKLM-x32\...\FSrealWX lite_is1) (Version: 1.06.1475 - Hanse-Coders.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 8.0.1.303 - ) HP Officejet Pro 8610 Basissoftware van het apparaat (HKLM\...\{A74BCA3C-D100-4117-9259-27DD3A3C18C0}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{82C11340-B10E-4265-9CF3-C500071A9BE5}) (Version: 32.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch) LAGO Florence Scenery FS2004 Version 1.00 (HKLM-x32\...\{310468FB-1104-4917-9314-0920802BC688}) (Version: 1.00.00 - ) LFRS - Nantes Atlantique (HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\LFRS - Nantes Atlantique) (Version: - ) Malwarebytes versie 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.11029.20108 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Nairobi Orientalsim fs9 (HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\Nairobi Orientalsim fs9) (Version: - ) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden NVIDIA 3D Vision controllerstuurprogramma 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision stuurprogramma 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.35 - NVIDIA Corporation) NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation) NVIDIA Grafisch stuurprogramma 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.35 - NVIDIA Corporation) NVIDIA HD Audio-stuurprogramma 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation) NVIDIA PhysX Systeem Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0413-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden Porto Airport FS9 2014.3 (HKLM-x32\...\lppr14fs9) (Version: 2014.3 - TropicalSim) PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - ) Productverbeteringsonderzoek voor HP Officejet Pro 8610 (HKLM\...\{9219F09B-3A97-4380-91DA-E3BC5CD3AE0E}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden Real Environment Xtreme FS2004 (HKLM-x32\...\{46559469-7C15-49F4-BB76-21480BE1BEF4}) (Version: 1.0.8 - Real Environment Simulations) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7936 - Realtek Semiconductor Corp.) Remove UK2000 Belfast Xtreme files (HKLM-x32\...\UK2000 Belfast Xtreme) (Version: - ) Remove UK2000 Part 1 files (HKLM-x32\...\UK2000 Part 1) (Version: - ) Remove UK2000 Part 2 files (HKLM-x32\...\UK2000 Part 2) (Version: - ) Remove UK2000 Part 3 files (HKLM-x32\...\UK2000 Part 3) (Version: - ) Remove UK2000 Part 4 files (HKLM-x32\...\UK2000 Part 4) (Version: - ) Remove UK2000 Part 5 files (HKLM-x32\...\UK2000 Part 5) (Version: - ) Remove UK2000 Part 6 files (HKLM-x32\...\UK2000 Part 6) (Version: - ) Remove UK2000 Part 8 files (HKLM-x32\...\UK2000 Part 8) (Version: - ) Remove UK2000 Part7 files (HKLM-x32\...\UK2000 Part7) (Version: - ) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) TopOCR Release 3 (HKLM-x32\...\TopOCR) (Version: Release 3 - TopSoft, Ltd.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. ) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Geen bestand ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Geen bestand ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Geen bestand ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-29] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-29] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-29] (BullGuard Ltd.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Geen bestand ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Geen bestand ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Geen bestand ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Geen bestand ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-05] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-05] (Alexander Roshal) ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-10] (WinZip Computing, S.L.) ContextMenuHandlers1-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2012-10-16] (Ipswitch, Inc. 83 Hartwell Avenue Lexington, MA 02421) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Geen bestand ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Geen bestand ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Geen bestand ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-10] (WinZip Computing, S.L.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-12-11] (NVIDIA Corporation) ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-11-05] (BullGuard Ltd.) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-05] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-05] (Alexander Roshal) ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-10] (WinZip Computing, S.L.) ContextMenuHandlers6-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2012-10-16] (Ipswitch, Inc. 83 Hartwell Avenue Lexington, MA 02421) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {097066A7-8722-4C02-8FF0-3958636CF5B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.) Task: {1AF60653-D8EE-42D9-AA62-8F634CA7F8E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd) Task: {2356A0E7-CF43-46D7-AF51-AB019018EB6E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-06] (NVIDIA Corporation) Task: {29AA10C0-9A31-4DDE-97B3-49E6A3B7957C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.) Task: {2AD9DC00-9AD7-4FA4-B0FF-84B8A7A39CDE} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation) Task: {2EB27071-045C-403A-8771-CF3207719951} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation) Task: {45B20B03-839F-4564-B8C7-8CED1CFD3F6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation) Task: {50F08F98-C0B5-44CC-9983-2FDAA052EA47} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation) Task: {59D34029-D760-4493-A5BE-A44F9CCC0F42} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-11-05] (BullGuard Ltd.) Task: {5AEE112D-F5B0-4F8A-93BB-2B01A898F2C9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation) Task: {5C054C23-FBD8-4394-AE8C-AE0B4A4257D5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation) Task: {5CD997DD-6423-48E7-BA54-C9752794CC3C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-14] (Microsoft Corporation) Task: {628DFAF9-FF2B-4F15-9A97-2FE43C817F55} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jiv1@telenet.be => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {6993FAB2-47B9-4F5D-929A-C05E2FDC4CD1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-06] (NVIDIA Corporation) Task: {7555E199-7392-4EA9-AEB3-126F69B0AEA1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation) Task: {7762CCF3-0C2C-4175-83A2-FB846111F35E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {9D56376D-C7E6-4D0D-A443-76FD7978CAED} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd) Task: {A5AB79C5-078C-4D09-A224-9A00E1C3BB92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-12] (Google Inc.) Task: {A793210C-ED65-4D2D-BB6F-915B7F48874B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation) Task: {B155AA19-E2A3-4656-B19E-4C17C39F42BF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation) Task: {B3544BB3-B30D-4C11-828B-91795F02CDB4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation) Task: {BEA37823-8550-40FC-867B-2085DE0A4C6A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.) Task: {C570857D-B3B9-44A4-A6BA-516E1EFD160E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation) Task: {CE7767B0-0452-45B6-99CF-A25E4502AC89} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation) Task: {D1A906C3-5C17-46DE-8803-1BD013B41D61} - System32\Tasks\S-1-5-21-3845518409-3654752349-4073796428-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation) Task: {DF8D8023-C1E6-4FAF-BA5E-EAB85B7AE08C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-06] (NVIDIA Corporation) Task: {E2014A8D-6686-4AEB-8123-4D19B763B881} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation) Task: {E7836366-2861-4FA5-A677-98FFAFE5AE7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-12] (Google Inc.) Task: {F1EBFCFC-5836-45C4-BD2A-E6AC23AA3919} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-15] (AVAST Software) Task: {FFE14DED-A094-4822-9135-92DAA9FA5280} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) Shortcut: C:\Users\jiv1\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\jiv1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TropicalSim\Porto Airport FS9\Add LPPR2014 to FS9 Library.lnk -> D:\Install\lppr2014cfg.bat (Geen bestand) ==================== Geladen Modules (gefilterd) ============== 2018-10-29 15:23 - 2018-10-29 15:23 - 000088936 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll 2018-10-29 15:23 - 2018-10-29 15:23 - 000724840 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll 2018-10-29 15:23 - 2018-10-29 15:23 - 000527208 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 10:00 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-11-27 13:45 - 2012-10-16 10:06 - 006551632 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll 2018-10-29 15:23 - 2018-10-29 15:23 - 000073064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll 2018-08-23 13:42 - 2018-08-23 13:42 - 000190784 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2018-12-27 15:54 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-12-30 14:10 - 2018-12-06 11:13 - 001314672 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-10-04 06:26 - 2018-10-04 06:26 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-12-13 07:28 - 2018-12-13 07:28 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2018-12-20 07:25 - 2018-12-14 07:50 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-08-06 16:37 - 2018-12-14 15:28 - 001437984 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll 2018-08-06 16:38 - 2018-12-02 07:25 - 000235600 _____ () C:\Program Files\Microsoft Office\root\Office16\JitV.dll 2018-12-30 14:10 - 2018-12-06 11:13 - 001032560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-11-27 13:45 - 2012-10-16 10:06 - 006553168 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\res0409.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.) AlternateDataStreams: C:\ProgramData\TEMP:A1D5C6AA [124] ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Er zijn 7943 Meer websites. IE trusted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\...\123simsen.com -> www.123simsen.com Er zijn 7943 Meer websites. ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-3845518409-3654752349-4073796428-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == Als een item is opgenomen in de fixlist, zal het worden verwijderd. ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [TCP Query User{A1671E19-654A-474B-87FB-AA1F0F185787}D:\fs9\fs9.exe] => (Allow) D:\fs9\fs9.exe (Microsoft Corporation) FirewallRules: [UDP Query User{3CC74247-696D-4BAB-95AA-379279627439}D:\fs9\fs9.exe] => (Allow) D:\fs9\fs9.exe (Microsoft Corporation) FirewallRules: [TCP Query User{950D40D0-50AC-40EE-BC5A-FC2CC417B00A}D:\fs9\fs9.exe] => (Allow) D:\fs9\fs9.exe (Microsoft Corporation) FirewallRules: [UDP Query User{AD0EC53C-53D1-49B8-97BA-7A543F9E9E73}D:\fs9\fs9.exe] => (Allow) D:\fs9\fs9.exe (Microsoft Corporation) FirewallRules: [{6EB367D7-A396-4C6C-874B-CD288FA265CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett-Packard Development Company, LP) FirewallRules: [{70A39BB7-EDEB-4014-843D-DDE8A97B8227}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett-Packard Development Company, LP) FirewallRules: [{E30FCBCF-AEF3-4B90-8B92-610988DAAD47}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett-Packard Development Company, LP) FirewallRules: [{95422FAA-5779-4CDC-A5DD-679B85673723}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett-Packard Development Company, LP) FirewallRules: [{3F9CB7C7-7CEE-40BA-A6C9-70E2534F9A89}] => (Allow) LPort=5357 FirewallRules: [{346F1D51-12DD-4981-B244-9DCC54B9EC0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Development Company, LP) FirewallRules: [{AC6E2D6C-FA1C-4B68-B932-83ABFCBE9CDE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{22688D0A-358C-4CE5-AB5E-53380779625A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{5E305772-5016-4BD1-A82D-6A6958036DB5}] => (Allow) LPort=445 FirewallRules: [{FAE91D0E-1B54-4D23-B03E-6828B5766627}] => (Allow) LPort=19284 FirewallRules: [{831761EB-D26D-4B19-94EB-916DB50E36BC}] => (Allow) LPort=19285 FirewallRules: [TCP Query User{5CEDD895-DC61-4D75-AD64-AF31AACBF3C8}D:\fsx\fsx.exe] => (Allow) D:\fsx\fsx.exe Geen bestand FirewallRules: [UDP Query User{8A18D839-83F8-4793-B7A8-CFCB56667A36}D:\fsx\fsx.exe] => (Allow) D:\fsx\fsx.exe Geen bestand FirewallRules: [{56E2DD28-4A51-4847-B03C-DD5C08D56A5C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation) FirewallRules: [{FCE8FC18-9C94-4ECC-98ED-1DEB671151E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{37217F24-F55F-4D99-9B12-BF45A4EA66F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) FirewallRules: [{F9F6C895-ACC6-40BA-9F60-659EA0467951}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) FirewallRules: [{2CCE19E7-AF2D-4250-85E1-2E80D7A8CA8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) FirewallRules: [{BF86B4F8-5972-4DB8-9B16-D681E37D339B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) FirewallRules: [{D9508AE6-6D3C-43D9-A9EC-D664E038016E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) FirewallRules: [{8ABDC869-C045-4983-8D73-D9C278340753}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Herstelpunten ========================= 20-12-2018 07:25:02 Windows Update 28-12-2018 15:05:46 Removed FSNavigator 01-01-2019 11:14:53 Removed FSNavigator 03-01-2019 11:33:52 Removed Flight Simulator 2004 MakeMDL SDK ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (01/04/2019 03:21:37 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-NEWPC) Description: brave hendrikbrave hendrik-2147467263 Error: (01/04/2019 03:10:12 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-NEWPC) Description: brave hendrikbrave hendrik-2147467263 Error: (01/04/2019 01:43:06 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-NEWPC) Description: brave hendrikbrave hendrik-2147467263 Error: (01/04/2019 01:42:49 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-NEWPC) Description: brave hendrikbrave hendrik-2147467263 Error: (01/04/2019 11:37:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc0000005 Foutmarge: 0xf2f60000 Id van proces met fout: 0x3060 Starttijd van toepassing met fout: 0x01d4a41973011930 Pad naar toepassing met fout: D:\MSFSFS9\AFX\AFX.exe Pad naar module met fout: unknown Rapport-id: 1db71905-bd95-46e7-97c1-8cadd5bfb1a0 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (01/04/2019 11:37:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc0000005 Foutmarge: 0xf2f60000 Id van proces met fout: 0x3060 Starttijd van toepassing met fout: 0x01d4a41973011930 Pad naar toepassing met fout: D:\MSFSFS9\AFX\AFX.exe Pad naar module met fout: unknown Rapport-id: 78b39cdc-c5a9-41b1-a2da-4ebe505b1cb6 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (01/04/2019 11:37:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Naam van module met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Uitzonderingscode: 0xc0000005 Foutmarge: 0x00170000 Id van proces met fout: 0x3060 Starttijd van toepassing met fout: 0x01d4a41973011930 Pad naar toepassing met fout: D:\MSFSFS9\AFX\AFX.exe Pad naar module met fout: D:\MSFSFS9\AFX\AFX.exe Rapport-id: 08871f1c-6a19-4ac5-89a3-668770160912 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (01/04/2019 11:37:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Naam van module met fout: AFX.exe, versie: 1.0.8.0, tijdstempel: 0x4abfaada Uitzonderingscode: 0xc0000005 Foutmarge: 0x00170000 Id van proces met fout: 0x3060 Starttijd van toepassing met fout: 0x01d4a41973011930 Pad naar toepassing met fout: D:\MSFSFS9\AFX\AFX.exe Pad naar module met fout: D:\MSFSFS9\AFX\AFX.exe Rapport-id: 75e49f3d-dea8-454c-90c8-bfed848953b6 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Systeemfouten: ============= Error: (01/04/2019 03:16:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NEWPC) Description: In de machtigingsinstellingen standaard voor deze computer wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} en APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} aan de gebruiker DESKTOP-NEWPC\jiv1 SID (S-1-5-21-3845518409-3654752349-4073796428-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (01/04/2019 01:53:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NEWPC) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} en APPID {9E175B9C-F52A-11D8-B9A5-505054503030} aan de gebruiker DESKTOP-NEWPC\jiv1 SID (S-1-5-21-3845518409-3654752349-4073796428-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (01/04/2019 01:40:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NEWPC) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} en APPID {9E175B9C-F52A-11D8-B9A5-505054503030} aan de gebruiker DESKTOP-NEWPC\jiv1 SID (S-1-5-21-3845518409-3654752349-4073796428-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (01/04/2019 11:31:36 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NEWPC) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} en APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} aan de gebruiker DESKTOP-NEWPC\jiv1 SID (S-1-5-21-3845518409-3654752349-4073796428-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (01/04/2019 11:31:35 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NEWPC) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} en APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} aan de gebruiker DESKTOP-NEWPC\jiv1 SID (S-1-5-21-3845518409-3654752349-4073796428-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (01/04/2019 11:31:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De SecDrv-service kan vanwege de volgende fout niet worden gestart: Het laden van het stuurprogramma wordt geblokkeerd Error: (01/04/2019 11:31:35 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS Error: (01/04/2019 11:31:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} en APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Windows Defender: =================================== Date: 2018-10-28 17:56:51.144 Description: Windows Defender Antivirus heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.277.271.0 Bron update: Microsoft-updateserver Type handtekening: AntiVirus Type update: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.15300.6 Foutcode: 0x80240017 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. CodeIntegrity: =================================== Date: 2019-01-04 15:16:00.448 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-04 13:40:48.151 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll that did not meet the Store signing level requirements. Date: 2019-01-04 13:40:48.148 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll that did not meet the Store signing level requirements. Date: 2019-01-03 09:18:09.992 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-03 09:10:54.532 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-01-02 11:24:38.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll that did not meet the Store signing level requirements. Date: 2019-01-02 11:24:38.422 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll that did not meet the Store signing level requirements. Date: 2019-01-02 09:46:15.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll that did not meet the Store signing level requirements. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz Percentage geheugen in gebruik: 24% Totaal fysiek RAM-geheugen: 16348.69 MB Beschikbaar fysiek RAM-geheugen: 12332.19 MB Totaal Virtueel geheugen: 22492.69 MB Beschikbaar Virtueel geheugen: 16774.08 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:231.48 GB) (Free:166.88 GB) NTFS Drive d: (FS9) (Fixed) (Total:465.76 GB) (Free:244.27 GB) NTFS Drive g: (BIJHOUDEN) (Fixed) (Total:32 GB) (Free:12.25 GB) NTFS Drive h: (SOFTWARE) (Fixed) (Total:200.88 GB) (Free:139.84 GB) NTFS Drive i: (ARCHIEF) (Fixed) (Total:1397.25 GB) (Free:371.91 GB) NTFS \\?\Volume{cc85d9df-bf39-4745-8d8b-f607be007f7e}\ (Herstel) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS \\?\Volume{66c73411-742d-48dd-b0d5-e105997e7272}\ () (Fixed) (Total:0.85 GB) (Free:0.34 GB) NTFS \\?\Volume{c78e7eef-631c-47e5-8002-9b4919059e8e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: C0355082) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 394495E0) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 372C9C0C) Partition 1: (Active) - (Size=32 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=200.9 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 1397.3 GB) (Disk ID: 88E975CC) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=0F Extended) ==================== Eind van Addition.txt ============================