Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 18-01-2020 Gestart door luc de vreese (19-01-2020 09:32:30) Gestart vanaf C:\Users\luc de vreese\Downloads Windows 10 Home Versie 1909 18363.592 (X64) (2019-09-17 13:58:39) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1492113667-842105898-3889346494-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1492113667-842105898-3889346494-503 - Limited - Disabled) Gast (S-1-5-21-1492113667-842105898-3889346494-501 - Limited - Disabled) luc de vreese (S-1-5-21-1492113667-842105898-3889346494-1001 - Administrator - Enabled) => C:\Users\luc de vreese WDAGUtilityAccount (S-1-5-21-1492113667-842105898-3889346494-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Belgium e-ID middleware 4.4.4 (build 3838) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A73838}) (Version: 4.4.3838 - Belgian Government) Brackets (HKLM-x32\...\{090BE437-6981-4002-8D90-ED9D47AEDE11}) (Version: 1.14.17752 - brackets.io) CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5FD1DF50-FBB1-4888-8F8F-4ECDC78909C4}) (Version: 4.8.03928 - Microsoft Corporation) Hidden DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) FileZilla Client 3.46.3 (HKLM-x32\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse) Garmin BaseCamp (HKLM-x32\...\{1ac25e24-a380-4f68-bb3c-f9b1d7cdb2df}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Garmin BaseCamp (HKLM-x32\...\{25931634-b363-4840-9e62-4c52abaeffc3}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Garmin BaseCamp (HKLM-x32\...\{B6A0787C-1CD0-4999-B585-677C20139BA5}) (Version: 4.7.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden icecap_collection_neutral (HKLM-x32\...\{985FBEB2-DBE9-407D-B1E9-B07E0E4D0CBC}) (Version: 16.4.29430 - Microsoft Corporation) Hidden icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{1C86330F-D72E-4268-B461-758854BC4A52}) (Version: 16.4.29430 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{9E7C1C9B-6E2E-4057-857D-62F7F5ABE36B}) (Version: 16.4.29430 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{F5C67FC5-BF18-4304-9268-A971876B245A}) (Version: 16.4.29411 - Microsoft Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation) Java(TM) SE Development Kit 11.0.2 (64-bit) (HKLM\...\{07E85AEA-1F8D-5F49-8CC8-319389751152}) (Version: 11.0.2.0 - Oracle Corporation) JaVaWa Device Manager 3.9 (HKLM-x32\...\{4D700EE8-5A7D-43C1-B4E2-BC8A22B482DD}_is1) (Version: 3.9 - JaVaWa GPS-tools) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft .NET Core SDK 2.1.802 (x64) (HKLM-x32\...\{d115381e-8625-4088-9857-e022d8370667}) (Version: 2.1.802 - Microsoft Corporation) Microsoft .NET Core SDK 3.1.100 (x64) from Visual Studio (HKLM\...\{B90526D7-0AE6-4855-8CB4-BD8C9A345D76}) (Version: 3.1.100.014727 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.12325.20298 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.4.1080.1113 - Microsoft Corporation) MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0110.129 - Mio Technology) Mozilla Firefox 72.0.1 (x64 nl) (HKLM\...\Mozilla Firefox 72.0.1 (x64 nl)) (Version: 72.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20298 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden PDF Architect 7 (HKLM-x32\...\PDF Architect 7) (Version: 7.0.21.1534 - pdfforge GmbH) PDF Architect 7 Create Module (HKLM\...\{92B93B1C-433D-4271-875C-B13AF5F714D7}) (Version: 7.0.23.3193 - pdfforge GmbH) Hidden PDF Architect 7 Edit Module (HKLM\...\{E3032061-5B97-47A6-BEDA-A025BD37B07F}) (Version: 7.0.23.3193 - pdfforge GmbH) Hidden PDF Architect 7 View Module (HKLM\...\{FBD5D60A-B8C5-4626-A68F-6100E9BDB156}) (Version: 7.0.23.3193 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.4.1 - pdfforge GmbH) PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.8 - Bluefive software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) SAP Crystal Reports, version for Microsoft Visual Studio (HKLM-x32\...\{59C1ECF4-A652-4C3B-B542-8DEB4FBB5C94}) (Version: 13.0.26.3348 - SAP) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{A8059244-ADC7-4A76-9EEA-E0562F480BDE}) (Version: 14.24.28127 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\9e9e78d5) (Version: 16.4.29613.14 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{D885E075-8219-4378-9D28-3F76A6FE758E}) (Version: 16.4.29430 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{2C6EB385-1400-4B2E-8AE9-1F01FC236772}) (Version: 16.4.29411 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{AF6BD1E3-7FE3-4DED-B9A0-D564B0F4C349}) (Version: 16.4.29411 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Version: 16.3.29209 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{4B6D2CD8-324E-4462-AFD6-8F33E08BB214}) (Version: 16.4.29411 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{92B3118C-3214-4BFA-89A0-5FF5EDFA2AEA}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) WinRAR 5.80 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.1 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 7.3.1-0 - Bitnami) Packages: ========= Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1680.3.0_x86__kgqvnymyfvs32 [2020-01-17] (king.com) Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_7.0.0.2_x86__m9bz608c1b9ra [2019-12-05] (Nordcurrent) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-19] (Dolby Laboratories) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-24] (Fitbit) Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-28] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad] MSN weer -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad] Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-10-03] (Thumbmunkeys Ltd) [MS Ad] ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PDFArchitect7_ManagerExt] -> {21989F59-B260-4302-90C3-E51740E03639} => C:\Program Files\PDF Architect 7\context-menu.dll [2019-04-01] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-09-22] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-09-22] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Geen bestand ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-17] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-09-22] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-09-22] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (gefilterd) ==================== ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ShortcutWithArgument: C:\Users\luc de vreese\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Geladen Modules (gefilterd) ============= 2019-05-04 12:35 - 2019-05-04 12:35 - 000116736 _____ (pdfforge GmbH) [Bestand niet getekend] C:\WINDOWS\System32\pdfcmon.dll 2019-08-08 14:16 - 2012-11-12 14:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [Bestand niet getekend] C:\WINDOWS\System32\enppmon.dll 2019-08-08 14:16 - 2012-10-22 16:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [Bestand niet getekend] C:\WINDOWS\System32\enpres.dll 2018-12-10 09:29 - 2018-12-10 09:29 - 000438272 _____ (The curl library, hxxps://curl.haxx.se/) [Bestand niet getekend] C:\Program Files\PDF Architect 7\libcurl.dll ==================== Alternate Data Streams (gefilterd) ======== ==================== Veilige Modus (gefilterd) ================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer vertrouwde/beperkte toegang ========== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.) IE trusted site: HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\localhost -> localhost ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2018-04-12 00:38 - 2020-01-17 20:03 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts 2020-01-02 18:56 - 2020-01-02 18:56 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\Brackets\command HKU\S-1-5-21-1492113667-842105898-3889346494-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 195.130.130.5 - 195.130.131.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\StartupApproved\Run: => "EPSON331930 (Epson Stylus SX235)" HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-1492113667-842105898-3889346494-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Herstelpunten ========================= 19-01-2020 09:01:08 Removed Java 8 Update 221 (64-bit) ==================== Defecte Apparaatbeheer Apparaten ============ ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (01/19/2020 09:27:44 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12300,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/19/2020 09:19:35 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7076,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/19/2020 09:09:59 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2916,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/18/2020 04:47:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2412,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/18/2020 04:22:08 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11628,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/18/2020 03:54:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (824,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/18/2020 03:35:21 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4972,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/18/2020 03:19:25 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3520,R,98) TILEREPOSITORYS-1-5-18: Fout -1023 (0xfffffc01) is opgetreden tijdens het openen van logboekbestand C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systeemfouten: ============= Error: (01/18/2020 05:03:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TVS7SE8) Description: De server {F9717507-6651-4EDB-BFF7-AE615179BCCF} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/18/2020 03:03:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De File History Service-service is bij het starten vastgelopen. Error: (01/17/2020 08:07:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TVS7SE8) Description: De server Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/17/2020 08:07:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TVS7SE8) Description: De server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/17/2020 08:07:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TVS7SE8) Description: De server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/17/2020 08:07:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: De server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/17/2020 08:07:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: De server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (01/17/2020 08:07:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: De server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Windows Defender: =================================== Date: 2020-01-17 14:20:25.020 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Naam: HackTool:Win32/AutoKMS ID: 2147685180 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Windows\System32\SppExtComObjHook.dll Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: DESKTOP-TVS7SE8\luc de vreese Procesnaam: C:\Users\luc de vreese\Downloads\FRST64.exe Versie van beveiligingsinformatie: AV: 1.307.2508.0, AS: 1.307.2508.0, NIS: 1.307.2508.0 Engineversie: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-17 13:33:22.218 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS.I!MTB&threatid=2147743522&enterprise=0 Naam: HackTool:MSIL/AutoKMS.I!MTB ID: 2147743522 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Users\luc de vreese\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSAutoS\bin\TunMirror.exe; file:_C:\Users\luc de vreese\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSAutoS\bin\TunMirror2.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files (x86)\TotalAV\SecurityService.exe Versie van beveiligingsinformatie: AV: 1.307.2508.0, AS: 1.307.2508.0, NIS: 1.307.2508.0 Engineversie: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-17 13:33:21.980 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS.I!MTB&threatid=2147743522&enterprise=0 Naam: HackTool:MSIL/AutoKMS.I!MTB ID: 2147743522 Ernst: Hoog Categorie: Hulpprogramma Pad: file:_C:\Users\luc de vreese\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSAutoS\bin\TunMirror2.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: C:\Program Files (x86)\TotalAV\SecurityService.exe Versie van beveiligingsinformatie: AV: 1.307.2508.0, AS: 1.307.2508.0, NIS: 1.307.2508.0 Engineversie: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-17 13:07:42.787 Description: Windows Defender Antivirus heeft een fout ontdekt tijdens het bijwerken van beveiligingsinformatie. Nieuwe versie van beveiligingsinformatie: Vorige versie van beveiligingsinformatie: 1.303.217.0 Updatebron: Microsoft-updateserver Type beveiligingsinformatie: AntiVirus Updatetype: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.16400.2 Foutcode: 0x80240022 Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht. Date: 2020-01-17 13:07:42.786 Description: Windows Defender Antivirus heeft een fout ontdekt tijdens het bijwerken van beveiligingsinformatie. Nieuwe versie van beveiligingsinformatie: Vorige versie van beveiligingsinformatie: 1.303.217.0 Updatebron: Microsoft-updateserver Type beveiligingsinformatie: AntiVirus Updatetype: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.16400.2 Foutcode: 0x80240022 Foutbeschrijving: Er kan niet naar definitie-updates worden gezocht. Date: 2019-10-30 19:10:41.709 Description: Windows Defender Antivirus heeft een fout ontdekt tijdens het bijwerken van beveiligingsinformatie. Nieuwe versie van beveiligingsinformatie: Vorige versie van beveiligingsinformatie: 1.303.217.0 Updatebron: Microsoft-updateserver Type beveiligingsinformatie: AntiVirus Updatetype: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.16400.2 Foutcode: 0x80240438 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Date: 2019-10-30 19:07:42.071 Description: Windows Defender Antivirus heeft een fout ontdekt tijdens het bijwerken van beveiligingsinformatie. Nieuwe versie van beveiligingsinformatie: Vorige versie van beveiligingsinformatie: 1.303.217.0 Updatebron: Microsoft-updateserver Type beveiligingsinformatie: AntiVirus Updatetype: Volledig Gebruiker: NT AUTHORITY\SYSTEM Huidige engineversie: Vorige engineversie: 1.1.16400.2 Foutcode: 0x80070643 Foutbeschrijving: Onherstelbare fout bij installatie. CodeIntegrity: =================================== Date: 2020-01-19 09:18:40.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:18:40.422 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:18:40.088 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:18:40.083 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:18:39.932 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:18:39.925 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:17:17.258 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-19 09:17:17.251 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. ==================== Geheugen info =========================== BIOS: American Megatrends Inc. X751LA.311 05/28/2014 Moederbord: ASUSTeK COMPUTER INC. X751LA Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage geheugen in gebruik: 41% Totaal fysiek RAM-geheugen: 8075.67 MB Beschikbaar fysiek RAM-geheugen: 4763.98 MB Totaal Virtueel geheugen: 9355.67 MB Beschikbaar Virtueel geheugen: 6109.1 MB ==================== Schijven ================================ Drive c: (OS) (Fixed) (Total:185.75 GB) (Free:104.73 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)] Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:184.36 GB) NTFS Drive g: () (Removable) (Total:7.28 GB) (Free:5.48 GB) FAT32 \\?\Volume{5f76c22f-7db1-4e6a-b36f-7816f6262d95}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.55 GB) NTFS \\?\Volume{d91a43b6-d484-47ab-830e-bc282863fdbb}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS \\?\Volume{dd1dfd6f-c28e-4daa-a64f-2295dd0f85e6}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.34 GB) NTFS \\?\Volume{6ac402c4-b18e-406d-acb1-619b743c71b0}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32 ==================== MBR & Partitietabel ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 7C1F391C) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 7.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== Einde van Addition.txt =======================