Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 29-10-2019 Gestart door johns (30-10-2019 00:14:27) Gestart vanaf C:\Users\johns\OneDrive\Bureaublad Windows 10 Pro Versie 1903 18362.418 (X64) (2019-09-11 17:19:45) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1077014145-1634336000-3792410962-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1077014145-1634336000-3792410962-503 - Limited - Disabled) Gast (S-1-5-21-1077014145-1634336000-3792410962-501 - Limited - Disabled) johns (S-1-5-21-1077014145-1634336000-3792410962-1001 - Administrator - Enabled) => C:\Users\johns WDAGUtilityAccount (S-1-5-21-1077014145-1634336000-3792410962-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: KPN Veilig by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727} AS: BullGuard Antispyware (Enabled - Up to date) {B73BE81F-4345-B6C3-E5AB-80F647E9AA59} FW: BullGuard Firewall (Disabled) {346188DE-2F10-B815-F444-12B1C2BDA79F} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated) Alcatech BPM Studio Professional v4.9.1 (HKLM-x32\...\Alcatech BPM Studio Professional v4.9.1) (Version: - ) BullGuard Internet Security (HKLM\...\BullGuard) (Version: 20.0 - BullGuard Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.229.0 - Conexant) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6722 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.6016 - CyberLink Corp.) Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 1.3.6 - Flvto.biz) FxSound Enhancer (HKLM-x32\...\DFX) (Version: 13.006.0.0 - FxSound) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden HP 3D DriveGuard (HKLM-x32\...\{DFE27B48-BBF8-49CD-A943-2AEEA4A05A1B}) (Version: 6.0.37.1 - HP) HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 9.0.0.2116 - HP Inc.) HP Device Access Manager (HKLM\...\{766ED263-4CA0-4D2F-9FA8-717827F718D6}) (Version: 8.3.16.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{3efaef38-ee9e-4421-bea3-e0a4d835d3f4}) (Version: 5.1.20088 - HP Inc.) HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP) HP JumpStart Bridge (HKLM-x32\...\{6B4A5299-4837-485A-B71D-7F1CE6F8F018}) (Version: 1.0.0.143 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.) HP SoftPaq Download Manager (HKLM-x32\...\{92db00b4-c4ee-4893-bc4e-8be6548b2742}) (Version: 4.3.4.0 - HP) HP Software Setup (HKLM-x32\...\{C968E860-054F-490F-95C6-C9A29601459E}) (Version: 9.2.2 - HP) HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.27.17 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.26 - HP Inc.) HP System Default Settings (HKLM-x32\...\{E570B9C2-9A83-4938-BBD5-0A8C068083C1}) (Version: 1.2.3.1 - HP INC) HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP) Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4494 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.2.1044 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Microsoft OneDrive (HKU\S-1-5-21-1077014145-1634336000-3792410962-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 nl) (HKLM\...\Mozilla Firefox 68.0.1 (x64 nl)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.131 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 53.2.70100 - Sonos, Inc.) Spotnet (HKU\S-1-5-21-1077014145-1634336000-3792410962-1001\...\Spotnet) (Version: 2.0.0.276 - Spotnet) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.8.32 - Synaptics Incorporated) Synaptics WBF Fingerprint Reader (HKLM\...\{FE645EDA-C5B2-4CF3-B9E7-AFABD5710EEF}) (Version: 4.5.335.0 - Synaptics) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.23.7.0_x86__kgqvnymyfvs32 [2019-10-22] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1621.1.0_x86__kgqvnymyfvs32 [2019-10-23] (king.com) Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra [2019-10-09] (Nordcurrent) HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2019-04-07] (HP Inc.) HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_7.0.15.0_x64__v10z8vjag6ke6 [2019-09-26] (HP Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-04-07] (Instagram) Mail en Agenda -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-07] (Microsoft Corporation) [MS Ad] Microsoft Nieuws -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-07] (Microsoft Studios) [MS Ad] MSN weer -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] NU.nl -> C:\Program Files\WindowsApps\SanomaMediaNetherlandsB.V.NU.nl_3.3.5.0_x64__g20pnp589533g [2019-04-07] (Sanoma Media Netherlands B.V.) ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2019-08-26] (BullGuard Ltd. -> BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2019-08-26] (BullGuard Ltd. -> BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2019-08-26] (BullGuard Ltd. -> BullGuard Ltd.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-18] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-18] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki130871.inf_amd64_382f7c369d4bf777\igfxDTCM.dll [2019-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2019-09-24] (BullGuard Ltd. -> BullGuard Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (gefilterd) ==================== ==================== Snelkoppelingen & WMI ======================== ==================== Geladen Modules (gefilterd) ============= 2016-11-21 11:33 - 2014-02-19 04:21 - 000541683 _____ () [Bestand niet getekend] C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\sqlite3.dll 2019-09-12 16:36 - 2019-04-22 14:50 - 001370112 _____ (Conexant Systems LLC.) [Bestand niet getekend] C:\Program Files\Conexant\SA3\HP-NB-AIO\CxHDAudioAPI.dll 2016-07-19 12:00 - 2016-07-19 12:00 - 000384512 _____ (Crossmatch, Inc.) [Bestand niet getekend] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPCPFelica.dll 2016-07-19 11:57 - 2016-07-19 11:57 - 000339968 _____ (Crossmatch, Inc.) [Bestand niet getekend] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice2.dll 2016-07-19 12:01 - 2016-07-19 12:01 - 000454144 _____ (Crossmatch, Inc.) [Bestand niet getekend] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice5.dll 2016-11-21 11:33 - 2014-02-19 04:21 - 000499712 _____ (Microsoft Corporation) [Bestand niet getekend] C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\MSVCP71.dll 2016-11-21 11:33 - 2014-02-19 04:21 - 000348160 _____ (Microsoft Corporation) [Bestand niet getekend] C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\MSVCR71.dll 2016-07-19 11:13 - 2016-07-19 11:13 - 000220160 _____ (RFIDeas) [Bestand niet getekend] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\pcProxAPI.dll 2019-09-12 16:36 - 2017-09-06 11:30 - 001431552 _____ (Robert Simpson, et al.) [Bestand niet getekend] C:\Program Files\CONEXANT\Flow\x64\SQLite.Interop.dll ==================== Alternate Data Streams (gefilterd) ======== ==================== Veilige Modus (gefilterd) ================== ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer vertrouwde/beperkte toegang ========== ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ HKU\S-1-5-21-1077014145-1634336000-3792410962-1001\Control Panel\Desktop\\Wallpaper -> D:\Auto\37488434_1881024691954426_5428613288030109696_n.jpg DNS Servers: 192.168.2.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{C96EA1CB-5674-45D0-9923-1FF36B3FA612}] => (Allow) LPort=3445 FirewallRules: [{71C27A0C-1CF4-4B42-9BBC-DF5D1023C73B}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.) FirewallRules: [{BEE176C8-C311-41E4-98A9-B97F2D749DAB}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.) FirewallRules: [{A0AB061E-F635-453A-B6B0-8054785882ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{FABF8EE4-3DB3-4C91-BDE5-1CA03332BD57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{FEEE8BC8-3475-40B0-BC6B-4CE48BB7F5B2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{70B14F76-EE75-4D94-AC53-379E758A1F7F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{927818F3-E05D-4E7D-B792-673AC2640CBD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{BBAC29ED-DA85-46F5-927C-2243D478B13D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{5A4EED94-6568-40B5-924E-530B066B3D77}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{4F2582A1-45F3-40FD-9F7B-7574D5E13C3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Herstelpunten ========================= AANDACHT: Systeemherstel is uitgeschakeld (Total:115.8 GB) (Free:32.28 GB) (28%) ==================== Defecte Apparaatbeheer Apparaten ============ ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (10/30/2019 12:14:51 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7964,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/30/2019 12:07:06 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12312,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 11:58:39 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3548,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 11:51:45 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY) Description: De SCEP-certificaatinschrijving voor WORKGROUP\DESKTOP-IUJL11C$ via https://IFX-KeyId-9c7df5a91c3d49bbe7378d4aba12ff8e78a2d75c.microsoftaik.azure.net/templates/Aik/scep is mislukt: SubmitDone Submit(Request): Bad Request {"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."} HTTP/1.1 400 Bad Request Cache-Control: no-cache Date: Tue, 29 Oct 2019 22:51:45 GMT Pragma: no-cache Content-Length: 101 Content-Type: application/json; charset=utf-8 Expires: -1 x-ms-request-id: 61354f1d-4747-4ed2-b7fd-fda5ad646d06 Strict-Transport-Security: max-age=31536000;includeSubDomains X-Content-Type-Options: nosniff Methode: POST(3391ms) Fase: SubmitDone Ongeldige aanvraag (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST) Error: (10/29/2019 11:51:32 PM) (Source: SonosLibraryService) (EventID: 0) (User: ) Description: Service kan niet worden gestart. De ingang is ongeldig Error: (10/29/2019 11:46:59 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY) Description: De SCEP-certificaatinschrijving voor WORKGROUP\DESKTOP-IUJL11C$ via https://IFX-KeyId-9c7df5a91c3d49bbe7378d4aba12ff8e78a2d75c.microsoftaik.azure.net/templates/Aik/scep is mislukt: SubmitDone Submit(Request): Bad Request {"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."} HTTP/1.1 400 Bad Request Cache-Control: no-cache Date: Tue, 29 Oct 2019 22:46:59 GMT Pragma: no-cache Content-Length: 101 Content-Type: application/json; charset=utf-8 Expires: -1 x-ms-request-id: 51d83537-8602-4892-b340-e65f3fedf6b1 Strict-Transport-Security: max-age=31536000;includeSubDomains X-Content-Type-Options: nosniff Methode: POST(4906ms) Fase: SubmitDone Ongeldige aanvraag (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST) Error: (10/29/2019 11:46:32 PM) (Source: SonosLibraryService) (EventID: 0) (User: ) Description: Service kan niet worden gestart. De ingang is ongeldig Error: (10/29/2019 11:40:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8740,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systeemfouten: ============= Error: (10/29/2019 01:02:39 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY) Description: Kan de BITS-service niet starten. Fout 2147500053. Error: (10/28/2019 12:17:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Service KMSELDI-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (10/28/2019 12:17:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY) Description: Kan geen DCOM-server starten: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. Foutmelding "2147942625" is opgetreden bij het uitvoeren van de opdracht C:\WINDOWS\system32\SppExtComObj.exe -Embedding Error: (10/28/2019 12:06:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM heeft de foutmelding 1115 gekregen bij het starten van de wuauserv-service met de argumenten Niet beschikbaar om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Error: (10/28/2019 12:06:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM heeft de foutmelding 1115 gekregen bij het starten van de wuauserv-service met de argumenten Niet beschikbaar om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Error: (10/28/2019 12:06:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM heeft de foutmelding 1115 gekregen bij het starten van de wuauserv-service met de argumenten Niet beschikbaar om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Error: (10/28/2019 12:06:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM heeft de foutmelding 1115 gekregen bij het starten van de wuauserv-service met de argumenten Niet beschikbaar om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Error: (10/28/2019 12:06:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM heeft de foutmelding 1115 gekregen bij het starten van de wuauserv-service met de argumenten Niet beschikbaar om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Windows Defender: =================================== Date: 2019-10-28 03:20:55.251 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Naam: HackTool:Win32/AutoKMS ID: 2147685180 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Users\johns\Downloads\KMSpico 10.2.0+Portable (Office en Windows Activeren)\KMSpico 10.2.0+Portable (Office and Windows Activator)\KMSpico 10.2.0+Portable (Office and Windows Activator)\KMSpico Install\KMSpico_setup.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe Versie van beveiligingsinformatie: AV: 1.305.775.0, AS: 1.305.775.0, NIS: 1.305.775.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-28 00:17:29.553 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0 Naam: HackTool:MSIL/AutoKMS ID: 2147711767 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Program Files\KMSpico\Service_KMS.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe Versie van beveiligingsinformatie: AV: 1.305.748.0, AS: 1.305.748.0, NIS: 1.305.748.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-28 00:17:29.551 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0 Naam: HackTool:Win64/AutoKMS ID: 2147723334 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Windows\SECOH-QAD.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\NETWORK SERVICE Procesnaam: C:\Windows\System32\svchost.exe Versie van beveiligingsinformatie: AV: 1.305.748.0, AS: 1.305.748.0, NIS: 1.305.748.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-28 00:17:29.456 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0 Naam: HackTool:MSIL/AutoKMS ID: 2147711767 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Program Files\KMSpico\Service_KMS.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe Versie van beveiligingsinformatie: AV: 1.305.748.0, AS: 1.305.748.0, NIS: 1.305.748.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-10-28 00:17:29.026 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0 Naam: HackTool:MSIL/AutoKMS ID: 2147711767 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Program Files\KMSpico\Service_KMS.exe; process:_pid:5616,ProcessStart:132166911969720122; service:_Service KMSELDI Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files\KMSpico\Service_KMS.exe Versie van beveiligingsinformatie: AV: 1.305.748.0, AS: 1.305.748.0, NIS: 1.305.748.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 CodeIntegrity: =================================== Date: 2019-10-30 00:11:17.735 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.729 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.724 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.709 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.704 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.698 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2019-10-30 00:11:17.692 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\BullGuard Ltd\BullGuard\BgAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Geheugen info =========================== BIOS: HP P85 Ver. 01.23 07/18/2018 Moederbord: HP 8231 Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage geheugen in gebruik: 56% Totaal fysiek RAM-geheugen: 8087.75 MB Beschikbaar fysiek RAM-geheugen: 3492.15 MB Totaal Virtueel geheugen: 8487.75 MB Beschikbaar Virtueel geheugen: 3457.76 MB ==================== Schijven ================================ Drive c: (Windows) (Fixed) (Total:115.8 GB) (Free:32.28 GB) NTFS Drive d: (Extra opslag) (Fixed) (Total:465.63 GB) (Free:424.73 GB) NTFS Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32 \\?\Volume{cd64ca2c-1a0d-4d89-bacd-facad5d28cc6}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.36 GB) NTFS \\?\Volume{6313748a-25f1-4140-a791-c3b5d5a27976}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.25 GB) FAT32 ==================== MBR & Partitietabel ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: 86F4951B) Partition: GPT. ==================== Einde van Addition.txt =======================