Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 24-12-2019 01 Gestart door hadev (24-12-2019 12:43:31) Gestart vanaf C:\Users\hadev\OneDrive\Bureaublad Windows 10 Home Versie 1909 18363.535 (X64) (2019-07-07 08:33:21) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1413174201-2892480338-577271866-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1413174201-2892480338-577271866-503 - Limited - Disabled) Gast (S-1-5-21-1413174201-2892480338-577271866-501 - Limited - Disabled) hadev (S-1-5-21-1413174201-2892480338-577271866-1001 - Administrator - Enabled) => C:\Users\hadev WDAGUtilityAccount (S-1-5-21-1413174201-2892480338-577271866-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Virusscan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) 64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{BED24701-751B-41C5-8888-A8EABAB9FE8C}) (Version: 8.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{88F21C94-88AF-4665-AF4F-FECB1FA059B9}) (Version: 8.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.16.310 - SurfRight B.V.) HP LJ300-400 color MFP M375-M475 (HKLM-x32\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version: 15.0.16078.1402 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM-x32\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard) HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden HPLJUTCore (HKLM-x32\...\{06C9D648-CFC6-48CC-A11B-C4A21BEDDAF1}) (Version: 018.000.0001 - HP) Hidden HPLJUTM375-M475 (HKLM-x32\...\{FA1B7AB4-9FE9-47A8-9A2F-C9FCB2F03A26}) (Version: 1.02.0013 - HP) Hidden hppFaxDrvM375M475 (HKLM-x32\...\{5145BEFE-84A6-4198-84C7-C8FBC919FE96}) (Version: 004.000.00001 - Hewlett-Packard) Hidden hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden hppM375_M475LaserJetService (HKLM-x32\...\{CAB2848F-4E7D-4D64-B071-C1539E345C1C}) (Version: 005.021.00132 - Hewlett-Packard) Hidden hppSendFaxM375M475 (HKLM-x32\...\{430DEBC5-40AA-4F2C-AB54-A95E6FA8325A}) (Version: 004.000.00001 - Hewlett-Packard) Hidden hppToolboxProxyM375 (HKLM-x32\...\{EAA710B0-DF9C-4202-978D-8B8C787313C6}) (Version: 035.024.006 - HP) Hidden hpStatusAlerts (HKLM-x32\...\{32DE03E8-D0B3-4D13-A885-D3EDFC959EEC}) (Version: 180.040.00267 - HP Development Company, L.P.) Hidden hpStatusAlertsM375_M475 (HKLM-x32\...\{22A9EE88-99F1-48B1-8A0C-AB8E65F6C4EB}) (Version: 050.034.0131 - Hewlett-Packard) Hidden Inkscape 0.92.1 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92 - inkscape.org) InstanceFinder (HKLM-x32\...\{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}) (Version: 020.021.004 - HP) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden iTunes (HKLM\...\{41E7C2EE-B314-4883-AFBD-5F29E9027EB6}) (Version: 12.10.2.3 - Apple Inc.) Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) Lenovo Service Bridge (HKU\S-1-5-21-1413174201-2892480338-577271866-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo) LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Office 2010 voor Thuisgebruik en Zakelijke toepassingen (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Language Pack 2010 - English (HKLM\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1413174201-2892480338-577271866-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) NVIDIA 3D Vision stuurprogramma 417.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.88 - NVIDIA Corporation) NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation) NVIDIA Grafisch stuurprogramma 417.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.88 - NVIDIA Corporation) NVIDIA PhysX Systeem Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0409-1000-0000000FF1CE}_Office14.OMUI.en-us_{E8C86A07-99F1-4750-A6CF-C4ED5211A146}) (Version: - Microsoft) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) ToolboxProxy (HKLM-x32\...\{B64E0B43-A452-4B25-93DD-E5C6645A534A}) (Version: 035.024.006 - HP) Hidden Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.0 - Ghisler Software GmbH) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) ViewRight Web PC 4.1.2.0 (HKLM-x32\...\{40361A03-B6D7-461C-90EB-8D7DBF2A94E6}) (Version: 4.1.2.0 - Verimatrix, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24101}) (Version: 20.0.11659 - WinZip Computing, S.L. ) Packages: ========= Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-20] (Dolby Laboratories) Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.249.0_x64__rz1tebttyb220 [2019-02-11] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-02-22] (Instagram) Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-06-19] (INTEL CORP) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-11-07] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-03] (LENOVO INC) [Startup Task] LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-02-11] (LinkedIn) Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-29] (Microsoft Corporation) Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft Nieuws -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad] Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) MSN weer -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-01] (NVIDIA Corp.) Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-09-28] (Thumbmunkeys Ltd) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-06-20] (Realtek Semiconductor Corp) Uitbreiding voor MPEG-2-video -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-1413174201-2892480338-577271866-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () [Bestand niet getekend] ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-02-02] (WinZip Computing LLC -> WinZip Computing, S.L.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-02-02] (WinZip Computing LLC -> WinZip Computing, S.L.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-02-13] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-02-02] (WinZip Computing LLC -> WinZip Computing, S.L.) ==================== Codecs (gefilterd) ==================== ==================== Snelkoppelingen & WMI ======================== ==================== Geladen Modules (gefilterd) ============= 2016-02-02 20:00 - 2016-02-02 20:00 - 000687104 _____ () [Bestand niet getekend] C:\Program Files\WinZip\adxloader64.dll 2019-12-09 11:33 - 2019-05-28 14:06 - 001021440 _____ () [Bestand niet getekend] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Bestand niet getekend] C:\WINDOWS\System32\hptcpmib.dll 2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Bestand niet getekend] C:\WINDOWS\System32\HpTcpMon.dll 2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Bestand niet getekend] C:\WINDOWS\System32\hpzjrd01.dll 2014-06-24 23:31 - 2014-06-24 23:31 - 000041472 _____ (Hewlett-Packard Company) [Bestand niet getekend] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll 2014-06-24 23:31 - 2014-06-24 23:31 - 000073728 _____ (Hewlett-Packard Company) [Bestand niet getekend] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll 2014-06-24 23:31 - 2014-06-24 23:31 - 001222656 _____ (Hewlett-Packard Company) [Bestand niet getekend] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [Bestand niet getekend] c:\windows\system32\hpzinw12.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [Bestand niet getekend] c:\windows\system32\hpzipm12.dll 2014-06-24 23:31 - 2014-06-24 23:31 - 000034816 _____ (HP) [Bestand niet getekend] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll 2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Bestand niet getekend] C:\WINDOWS\System32\HPTcpMUI.dll 2019-11-27 10:47 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [Bestand niet getekend] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2019-07-07 18:35 - 2019-07-07 18:35 - 000005632 _____ (WinZip Computing, S.L.) [Bestand niet getekend] C:\Users\hadev\AppData\Local\assembly\dl3\RQK4VPV9.L1L\BZVWNDEC.8CW\6665c10e\00f84bea_eb5dd101\WinZipExpressForOffice.resources.DLL 2019-07-07 18:35 - 2019-07-07 18:35 - 000040960 _____ (WinZip Computing, S.L.) [Bestand niet getekend] C:\Users\hadev\AppData\Local\assembly\dl3\RQK4VPV9.L1L\BZVWNDEC.8CW\cfbe515f\00f84bea_eb5dd101\WinZipExpressForOffice.DLL ==================== Alternate Data Streams (gefilterd) ======== ==================== Veilige Modus (gefilterd) ================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer vertrouwde/beperkte toegang ========== ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-1413174201-2892480338-577271866-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hadev\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_3682.JPG DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{EB458E5A-71C1-44A3-A70A-B6095491C115}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{7E65FB0F-6DFC-4079-A4C0-09CA3622EAA6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{AF05323A-0573-4209-AC70-CD4009935AF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A046EFF2-C8E2-401A-8B02-E7CDB05E8262}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{81FF0268-ABA3-425A-8920-F444195F4B9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{660DEB58-8495-453C-9D1A-CB1380A827DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9A2F7067-4E53-4BB2-8376-55BD8D48DAE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A9D5AC1D-BEF8-499D-9F51-BC1C99811402}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C8E25D0F-50A2-406C-B525-A73E2DBC905C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2D204E44-179E-419C-B8D2-FF48D3222DB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A63BD837-5D34-4780-B498-3A12F817465A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D5CDC71D-007B-41E3-BCAF-9F14E709FAEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5F105BEC-76F2-41A2-817B-40FD6AF3805E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{44CDEA12-5594-4C41-B2F8-93F243B68482}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{444BEBA1-FDAD-4316-B502-C7662DED2EEC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A4DD387F-ED5D-4530-963D-837F03C67E93}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Herstelpunten ========================= AANDACHT: Systeemherstel is uitgeschakeld (Total:118 GB) (Free:74.64 GB) (63%) ==================== Defecte Apparaatbeheer Apparaten ============ ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (12/24/2019 12:41:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2772,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 12:35:15 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2092,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 12:22:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3728,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 12:12:24 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6628,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 12:09:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LENOVO) Description: Windows kan het DLL-bestand voor uitbreidbare items "C:\WINDOWS\system32\sysmain.dll" niet laden (Win32-foutcode 126). Error: (12/24/2019 12:09:53 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LENOVO) Description: Kan het prestatieobject voor de Server-service niet openen. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de statuscode. Error: (12/24/2019 12:09:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1018) (User: LENOVO) Description: Het verzamelen van prestatiemeteritemgegevens van de Outlook-service is uitgeschakeld voor deze sessie vanwege één of meer fouten die zijn gegenereerd door het DLL-bestand voor prestatiemeteritems voor die service. De fout(en) die deze actie heeft/hebben veroorzaakt, is/zijn naar het gebeurtenislogboek Toepassing geschreven. Error: (12/24/2019 12:09:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1022) (User: LENOVO) Description: Windows kan het 64-bits DLL-bestand voor uitbreidbare items C:\PROGRA~1\MICROS~1\Office14\OLMAPI32.DLL niet openen in een 32-bits omgeving (Win32-foutcode 193). Neem contact op met de fabrikant van het bestand voor een 32-bits versie. U kunt ook, als u een 64-bits omgeving in native modus gebruikt, het 64-bits DLL-bestand voor uitbreidbare items openen met behulp van de 64-bits versie van Prestatiemeter. Ga naar de map Windows, ga naar System32 en start Perfmon.exe als u dit hulpprogramma wilt gebruiken. Systeemfouten: ============= Error: (12/24/2019 12:04:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De McAfee WebAdvisor-service kan vanwege de volgende fout niet worden gestart: Bestand of map is beschadigd en onleesbaar. Error: (12/24/2019 12:02:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: De vorige afsluiting van het systeem om 12:00:45 op ‎24-‎12-‎2019 is onverwacht gebeurd. Error: (12/24/2019 12:02:05 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 3221225684Er is een onherstelbare fout opgetreden tijdens het verwerken van de herstelgegevens. Error: (12/24/2019 10:49:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De McAfee WebAdvisor-service kan vanwege de volgende fout niet worden gestart: Bestand of map is beschadigd en onleesbaar. Error: (12/24/2019 10:46:57 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO) Description: De server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (12/24/2019 10:46:57 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO) Description: De server {021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (12/24/2019 10:46:57 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO) Description: De server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (12/24/2019 10:46:57 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO) Description: De server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Windows Defender: =================================== Date: 2019-12-14 10:34:32.360 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {C27B2DFB-485E-47D5-ABBB-528BE894A93E} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-12-09 17:18:11.355 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {F0E7AC0C-94A7-4A00-8710-E0D9CE7A7238} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-11-30 16:46:35.119 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {59522B98-A8A4-415C-862B-E8D543BF510B} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-11-18 10:53:13.901 Description: Scan van Windows Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {47B47354-34C0-4B44-B67D-1110EE047C4A} Type scan: Antimalware Scanparameters: Snelle scan Gebruiker: NT AUTHORITY\SYSTEM Date: 2019-11-15 17:09:38.866 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Brocoiner.N!lib&threatid=2147726121&enterprise=0 Naam: Trojan:HTML/Brocoiner.N!lib ID: 2147726121 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\hadev\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PLQH5M4\smmch-mine[1].js Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Real-timebeveiliging Gebruiker: LENOVO\hadev Procesnaam: C:\Program Files\CCleaner\CCleaner64.exe Versie van beveiligingsinformatie: AV: 1.305.2145.0, AS: 1.305.2145.0, NIS: 1.305.2145.0 Engineversie: AM: 1.1.16500.1, NIS: 1.1.16500.1 Date: 2019-12-13 09:57:22.057 Description: Windows Defender Antivirus heeft een fout ontdekt tijdens het bijwerken van beveiligingsinformatie. Nieuwe versie van beveiligingsinformatie: Vorige versie van beveiligingsinformatie: 1.307.309.0 Updatebron: Microsoft-updateserver Type beveiligingsinformatie: AntiVirus Updatetype: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.16600.7 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Date: 2019-11-16 19:42:47.753 Description: Real-timebeveiligingsonderdeel van Windows Defender Antivirus heeft een fout aangetroffen en is niet uitgevoerd. Onderdeel: Bij toegang Foutcode: 0x80004005 Foutbeschrijving: Niet nader omschreven fout Reden: Het scannen van items is in het filterstuurprogramma overgeslagen en de doorgiftemodus is geactiveerd. Mogelijk wordt dit veroorzaakt door onvoldoende bronnen. CodeIntegrity: =================================== Date: 2019-12-24 12:15:19.844 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 12:15:19.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 12:15:19.502 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 12:15:19.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 12:12:49.901 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-12-24 12:12:49.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-12-24 12:12:49.018 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-12-24 12:12:49.015 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Geheugen info =========================== BIOS: LENOVO 7ZCN30WW 01/24/2019 Moederbord: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz Percentage geheugen in gebruik: 45% Totaal fysiek RAM-geheugen: 8066.3 MB Beschikbaar fysiek RAM-geheugen: 4379.59 MB Totaal Virtueel geheugen: 9346.3 MB Beschikbaar Virtueel geheugen: 4864.39 MB ==================== Schijven ================================ Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:74.64 GB) NTFS Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:809.9 GB) NTFS Drive e: (PKBACK# 002) (Removable) (Total:3.84 GB) (Free:1.24 GB) FAT32 \\?\Volume{8cee5256-dc17-49d9-b91b-36299ea02ad1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.56 GB) NTFS \\?\Volume{95de2c88-0e7f-4315-9977-45997ac18e5a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partitietabel ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6FAC1D6F) Partition: GPT. ========================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: 2F95C804) Partition: GPT. ========================================================== Disk: 2 (Size: 3.8 GB) (Disk ID: 69686373) No partition Table on disk 2. ==================== Einde van Addition.txt =======================