Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018 Gestart door iemand (12-10-2019 22:17:52) Gestart vanaf C:\Users\iemand\Desktop Windows 10 Home Versie 1903 18362.418 (X64) (2019-07-03 23:50:14) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-638272939-3707876983-2389510384-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-638272939-3707876983-2389510384-503 - Limited - Disabled) Gast (S-1-5-21-638272939-3707876983-2389510384-501 - Limited - Disabled) iemand (S-1-5-21-638272939-3707876983-2389510384-1001 - Administrator - Enabled) => C:\Users\iemand WDAGUtilityAccount (S-1-5-21-638272939-3707876983-2389510384-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) 7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe) CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7041 - CDBurnerXP) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated) Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff) Gaaiho Reader (HKLM-x32\...\{15E4A071-0262-4D87-A6ED-023A1C542000}) (Version: 4.2 - ZEON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.1.0.309 - ) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Malwarebytes versie 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Communicator 2007 (HKLM-x32\...\{DB69E0FB-FF6C-4C47-A048-C66710E79EE6}) (Version: 2.0.6362.0 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 69.0.3 (x64 nl) (HKLM\...\Mozilla Firefox 69.0.3 (x64 nl)) (Version: 69.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla) OpenOffice 4.1.5 (HKLM-x32\...\{6649DD88-354B-40C3-94D1-11178CF5CCB2}) (Version: 4.15.9789 - Apache Software Foundation) Product Registration (HKLM\...\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) Spotify (HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\Spotify) (Version: 1.1.14.475.g566c8beb - Spotify AB) System Ninja version 3.1.8 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.8 - SingularLabs) Tweaking.com - Advanced System Tweaker (HKLM-x32\...\Tweaking.com - Advanced System Tweaker) (Version: 2.0.0 - Tweaking.com) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISER_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISER_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft) Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISER_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft) VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WhatsApp (HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\WhatsApp) (Version: 0.3.4941 - WhatsApp) YouTube Downloader 4.6.1018 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-638272939-3707876983-2389510384-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> Geen bestand ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> Geen bestand ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> Geen bestand ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> Geen bestand ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxDTCM.dll [2018-03-22] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {083F3813-82BC-4622-A1B0-070C619B7D11} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner => C:\WINDOWS\system32\mitigationscanner.exe [2019-03-19] (Microsoft Corporation) Task: {0865B3DF-73E6-4889-8DE4-C2FCC0C8A89D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [2019-10-02] (Microsoft Corporation) Task: {0EEF8EA5-6665-46A5-B8DC-B13905FFBF4A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\iemand\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {17E8A9D5-A2E3-4D45-8983-56E258AD1C35} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe Task: {2AA0046A-8411-40F8-9991-6DF4AA962A33} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2017-09-26] (CyberLink) Task: {2F5A572A-0054-48A6-96DF-06523352AD02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2019-07-24] (Adobe Systems) Task: {35087DD8-EB96-44C7-84D1-FFE97E97AC04} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [2019-10-10] (Adobe) Task: {386071C1-6B76-49F4-B557-7343ED9C031D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-07] (Realtek Semiconductor) Task: {3AE956EF-A629-439E-8C96-99758430FE0F} - System32\Tasks\Microsoft\Windows\DirectX\DirectXDatabaseUpdater => C:\WINDOWS\system32\directxdatabaseupdater.exe [2019-10-04] (Microsoft Corporation) Task: {416FBFEF-09C2-4D51-9358-72205B2F5ED3} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives Task: {613A083C-17CD-47F4-AC35-96FC308E59CF} - System32\Tasks\Microsoft\Windows\Workplace Join\Device-Sync Task: {663738B2-59CE-4900-A2B9-5856523AE2C0} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures Task: {7B794FA1-1620-4CBA-B741-F02F1CC5B13D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [2019-10-02] (Microsoft Corporation) Task: {8CE419DE-4815-423C-8287-51CEF62C7937} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync Task: {9033C361-0E0B-4C6C-886B-55F516A6CA46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-10-10] (Adobe) Task: {90C28B5C-2A50-48E1-9579-EEE75F1B1F2E} - System32\Tasks\Microsoft\Windows\StateRepository\MaintenanceTasks => %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks Task: {A2DDFCC3-E40E-4E1E-8701-51769F375329} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-10-01] (Piriform Software Ltd) Task: {A3578CEB-0528-45F0-BA47-845A5E190A01} - System32\Tasks\S-1-5-21-638272939-3707876983-2389510384-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2019-03-19] (Microsoft Corporation) Task: {ABB36CE7-8F80-46DA-851E-614BD0447D46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [2019-10-02] (Microsoft Corporation) Task: {B8F0DEC7-8392-4F57-9990-74FCB934033F} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2019-03-19] () Task: {BB76B14D-6C39-4D33-BF5A-A4AF34BCC134} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-10-01] (Piriform Ltd) Task: {BD002562-F07A-4112-88E7-8EFBB00D151E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2018-09-26] (Synaptics Incorporated) Task: {BE6DAFEE-E483-4166-9D53-59C782B6551C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [2019-10-02] (Microsoft Corporation) Task: {CEC92CE3-37E8-40AF-8AB6-58FB284B59A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) Task: {CF747874-6154-4652-A46E-A71EA03BFCBA} - System32\Tasks\AdwCleaner_onReboot => C:\Users\iemand\Desktop\adwcleaner_7.4.1.exe [2019-09-16] (Malwarebytes) Task: {ECD63EF1-6557-495F-AEE1-837CCFF213B3} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache Task: {F7690249-7E89-4FBB-8F05-A064269F9D13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2019-03-19 06:43 - 2019-03-19 06:43 - 000054960 _____ () C:\WINDOWS\System32\UMPDC.dll 2019-08-19 03:49 - 2019-08-19 03:49 - 000190784 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2019-07-04 00:26 - 2019-07-04 00:26 - 000037888 _____ () C:\Windows\System32\usocoreps.dll 2019-03-19 06:59 - 2019-03-19 14:35 - 000094720 _____ () C:\Windows\System32\VirtualMonitorManager.dll 2019-03-19 06:43 - 2019-03-19 06:43 - 000494592 _____ () C:\Windows\ShellExperiences\TileControl.dll 2019-07-04 00:26 - 2019-07-04 00:26 - 002880000 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-07-04 00:26 - 2019-07-04 00:26 - 001841152 _____ () C:\WINDOWS\system32\TextInputMethodFormatter.dll 2019-09-12 09:04 - 2019-09-12 09:04 - 000944144 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 2019-10-10 17:46 - 2019-10-10 17:46 - 001796608 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 011675648 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.exe 2019-10-03 11:38 - 2019-10-03 11:38 - 002568192 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 000396288 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\AppConfig.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 000997888 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 001505280 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.WinRT.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 003162624 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.DataStore.dll 2019-10-03 11:38 - 2019-10-03 11:38 - 004828160 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll 2018-06-17 09:40 - 2015-07-06 12:01 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2015-07-06 18:01 - 2015-07-06 18:01 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-10-16 15:14 - 2015-10-16 15:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic => ""="Driver" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.) IE trusted site: HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\localhost -> localhost ==================== Hosts inhoud: =============================== (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2018-07-02 12:24 - 2018-07-02 12:24 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-638272939-3707876983-2389510384-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\iemand\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.150.250 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\StartupApproved\Run: => "DellSystemDetect" HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\StartupApproved\Run: => "FreeYouTubeDownloader" HKU\S-1-5-21-638272939-3707876983-2389510384-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe FirewallRules: [Microsoft-Windows-DeviceManagement-deviceenroller-TCP-Out] => (Allow) %SystemRoot%\system32\deviceenroller.exe FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe FirewallRules: [{8FEF669F-257C-4FBF-82AB-585C3225E878}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{A3A5E6C9-F97A-4DB3-95E8-3770429B9710}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{555C99D5-373A-4EE1-8925-BE456E82E1CE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{91CB639E-1672-4A04-8D8F-73679960DE43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B9C4B0A9-6D1C-4B93-8668-303DC97884CB}] => (Block) C:\users\iemand\appdata\roaming\spotify\spotify.exe FirewallRules: [{72610184-C870-4536-A652-ABC3AB459FC9}] => (Block) C:\users\iemand\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{40F37920-5819-404B-BCF2-4D0363917CC3}C:\users\iemand\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\iemand\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{75E538AB-474B-483A-8E9B-CD6711123969}C:\users\iemand\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\iemand\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{68FFC6C7-11B3-40AA-B19C-9C1602CFE388}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{79E53A8E-F040-4E2E-B9A3-57AD91CC0C6D}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{AAF40924-7ABD-45DD-B8F4-9A1AB540F7BF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A8C491EA-89B3-430D-9352-62DB3ADA21E3}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{F24A4E48-B52C-48CA-A95D-B92637360056}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{B9C795C9-66BB-426A-9D4F-34B8601C777C}] => (Allow) %systemroot%\system32\alg.exe ==================== Herstelpunten ========================= 19-09-2019 10:17:24 Gepland controlepunt 30-09-2019 10:52:13 Gepland controlepunt 04-10-2019 08:10:37 Windows Update 10-10-2019 16:28:05 Windows Update ==================== Defecte Apparaatbeheer Apparaten ============= Name: TOSHIBA EXT Description: External USB 3.0 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: TOSHIBA Service: WUDFWpdFs Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (10/12/2019 09:59:32 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9532,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/12/2019 09:36:16 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3108,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/12/2019 09:16:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3964,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/12/2019 09:11:23 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1328,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/11/2019 11:12:30 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7620,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/11/2019 10:45:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5416,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/11/2019 10:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: mbam.exe, versie: 3.1.0.1838, tijdstempel: 0x5d13b1a3 Naam van module met fout: mbam.exe, versie: 3.1.0.1838, tijdstempel: 0x5d13b1a3 Uitzonderingscode: 0xc0000005 Foutmarge: 0x000ea594 Id van proces met fout: 0xefc Starttijd van toepassing met fout: 0x01d5800f2e3434ab Pad naar toepassing met fout: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Pad naar module met fout: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Rapport-id: cbac885c-769f-48a1-a293-84af7e1d9ef5 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (10/11/2019 02:48:35 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6716,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systeemfouten: ============= Error: (10/11/2019 11:33:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN-uitbreidingsmodule is onverwacht gestopt. Pad naar module: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/11/2019 11:33:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN-uitbreidingsmodule is onverwacht gestopt. Pad naar module: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/11/2019 11:32:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN-uitbreidingsmodule is onverwacht gestopt. Pad naar module: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/11/2019 11:32:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Intel(R) Security Assist-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (10/11/2019 11:32:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Intel(R) PROSet/Wireless Event Log-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (10/11/2019 11:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (10/11/2019 11:32:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Intel(R) Content Protection HDCP Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (10/11/2019 11:32:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De HuaweiHiSuiteService64.exe-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Windows Defender: =================================== Date: 2019-10-04 10:43:19.729 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {1C2C8103-48A1-4C78-93CF-DE2F73E422DC} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-10-04 10:33:40.740 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {B41FAE65-5B14-4BF3-A340-159D71299291} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-10-04 10:17:59.430 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {92BE674C-FAB9-4FAC-B743-C24992E38A1C} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-10-04 09:55:49.963 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {2AD05CA7-0736-45B7-935A-4A6D70D8C5F9} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-10-04 09:48:35.256 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {226F1312-CF4B-4D40-8570-7EFD354D14F1} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM CodeIntegrity: =================================== Date: 2019-07-08 10:32:19.004 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Percentage geheugen in gebruik: 78% Totaal fysiek RAM-geheugen: 3987.98 MB Beschikbaar fysiek RAM-geheugen: 838.59 MB Totaal Virtueel geheugen: 6771.12 MB Beschikbaar Virtueel geheugen: 1457.06 MB ==================== Schijven ================================ Drive c: (OS) (Fixed) (Total:451.41 GB) (Free:404.58 GB) NTFS Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:219.48 GB) NTFS \\?\Volume{34a398cc-0013-436d-9c0f-40ac0565bf4d}\ () (Fixed) (Total:0.78 GB) (Free:0.27 GB) NTFS \\?\Volume{73406526-def3-49d6-b446-e3642b246642}\ (Image) (Fixed) (Total:12.96 GB) (Free:0.63 GB) NTFS \\?\Volume{6871f128-2e8a-41d8-85d9-91d14edb1a58}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32 ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1EEBEB42) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DE34AA8E) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Eind van Addition.txt ============================