Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 17-02-2021 01 Gestart door marti (19-02-2021 22:22:37) Gestart vanaf F:\Downloads Windows 10 Home Versie 20H2 19042.746 (X64) (2021-01-20 16:45:34) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4197053297-474317103-3523505551-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4197053297-474317103-3523505551-503 - Limited - Disabled) Gast (S-1-5-21-4197053297-474317103-3523505551-501 - Limited - Disabled) marti (S-1-5-21-4197053297-474317103-3523505551-1001 - Administrator - Enabled) => C:\Users\marti Martijn09 (S-1-5-21-4197053297-474317103-3523505551-1002 - Limited - Enabled) => C:\Users\Martijn09 WDAGUtilityAccount (S-1-5-21-4197053297-474317103-3523505551-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) µTorrent (HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) AES Crypt (HKLM\...\{562885D3-41A7-4211-822E-B1B1510069E5}) (Version: 3.10 - Packetizer, Inc.) Alt-Tab Terminator (HKLM-x32\...\Alt-Tab Terminator) (Version: 4.9 - NTWind Software) AquaSnap 1.23.10 (HKLM-x32\...\{9927E174-E121-4CAC-AD97-E8533CD0E99B}) (Version: 1.23.10 - Nurgo Software) Avast Battery Saver (HKLM\...\Avast Battery Saver) (Version: 20.1.1326.562 - Avast Software) Avast BreachGuard (HKLM\...\AvastBreachGuard) (Version: 20.7.919.3208 - Avast Software) Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.1.9801.2260 - Avast Software) Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.1.1187.3478 - Avast Software) Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 88.0.7977.151 - De auteurs van Avast Secure Browser) Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.9.5357.1746 - Avast Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden AvastAntiTrackPremium (HKLM-x32\...\AvastAntiTrackPremium) (Version: 1.7.0.115 - Avast) Bandicam (HKLM-x32\...\Bandicam) (Version: 5.0.1.1799 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlackTop 1.0 (HKLM-x32\...\BlackTop) (Version: 1.0 - Sound Doctrine Ministries) BPM-Studio 4 Private (HKLM-x32\...\{E341EE7E-0647-4607-8B6B-66A123999056}) (Version: 4.9.94 - AlcaTech) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) CloseAll (HKLM-x32\...\CloseAll) (Version: 4.8 - NTWind Software) Complete Internet Repair 6.0.3.5003 (HKLM\...\Complete Internet Repair_is1) (Version: 6.0.3.5003 - Rizonesoft) Driver Easy 5.6.15 (HKLM\...\DriverEasy_is1) (Version: 5.6.15 - Easeware) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Todo Backup Home 13.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 13.0 - CHENGDU YIWO Tech Development Co., Ltd) f.lux (HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\Flux) (Version: - f.lux Software LLC) Folder Lock (HKLM-x32\...\Folder Lock) (Version: - New Softwares.net) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC) History Clean 3.0 (HKLM-x32\...\{16578461-4C92-4191-94B8-EE29B97E44DE}_is1) (Version: - NewSoftwares.net Inc.) Intel Driver && Support Assistant (HKLM-x32\...\{F0E9774D-C5A1-4C83-89F9-191E1334D476}) (Version: 21.1.5.2 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{3f5ceda7-9b48-4fa4-af57-8feaf8ab1e46}) (Version: 21.1.5.2 - Intel) IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan) Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation) KC Softwares DUMo (HKLM-x32\...\KC Softwares DUMo_is1) (Version: 2.23.2.112 - KC Softwares) KC Softwares KCleaner (HKLM-x32\...\KC Softwares KCleaner_is1) (Version: 3.7.1.109 - KC Softwares) KC Softwares Startup Sentinel (HKLM-x32\...\KC Softwares Startup Sentinel_is1) (Version: 1.8.0.26 - KC Softwares) KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 5.12.4.476 - KC Softwares) Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech) Macro Keys 4.0 (HKLM-x32\...\{944E2C4C-8B87-437F-8D9C-AB4474A7F5D8}_is1) (Version: - NewSoftwares.net Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - ) Microsoft Office Professional Plus 2019 - nl-nl (HKLM\...\ProPlus2019Retail - nl-nl) (Version: 16.0.13628.20274 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4197053297-474317103-3523505551-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.2 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Grafisch stuurprogramma 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation) NVIDIA HD Audio-stuurprogramma 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX Systeem Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden OE Classic 3.2 (HKLM-x32\...\OEClassic) (Version: 3.2 - OE Classic) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0413-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Opera GX Stable 72.0.3815.473 (HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\Opera GX 72.0.3815.473) (Version: 72.0.3815.473 - Opera Software) Outbyte PC Repair (HKLM-x32\...\{D5C6DB0C-BC43-4A77-9121-D1A07591F855}_is1) (Version: 1.1.7.62798 - Outbyte Computing Pty Ltd) PicPick (HKLM-x32\...\PicPick) (Version: 5.1.4c - NGWIN) PowerISO (HKLM-x32\...\PowerISO) (Version: 7.8 - Power Software Ltd) Quick CPU x64 (HKLM\...\{BE4CDD19-9BC6-40B5-B9E8-050A63AB4D01}) (Version: 3.3.4.0 - CoderBag) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.13.18.1333 - Razer Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0130.011816 - Razer Inc.) Restoro (HKLM\...\Restoro) (Version: 2.0.2.4 - Restoro) Revo Uninstaller Pro 4.4.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.0 - VS Revo Group, Ltd.) RuneLite (HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\RuneLite Launcher_is1) (Version: 2.1.6 - RuneLite) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Stardock ObjectDock (HKLM-x32\...\Stardock ObjectDock) (Version: 2.20 - Stardock Software, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TidyTabs 1.18.0 (HKLM-x32\...\{CA4E3EE1-FE79-4FE5-99D9-5CC698F0D360}) (Version: 1.18.0 - Nurgo Software) Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.18.0.0 - Winaero) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Packages: ========= Intel® Graphics besturingscentrum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-20] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-01-08] (INTEL CORP) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-26] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.22.240.0_x64__dt26b99r8h8gj [2021-01-24] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-06] (Spotify AB) [Startup Task] Teletekst -> C:\Program Files\WindowsApps\50716AVSoft.Teletekst_2.0.38.0_x64__p77w9eqrp4cet [2021-01-09] (AV Soft) WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2100.7.0_x64__cv1g1gvanyjgm [2021-01-22] (WhatsApp Inc.) ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKU\S-1-5-21-4197053297-474317103-3523505551-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel) CustomCLSID: HKU\S-1-5-21-4197053297-474317103-3523505551-1001_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\marti\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-01-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [AESCrypt] -> {35872D53-3BD4-45FA-8DB5-FFC47D4235E7} => C:\Program Files\AESCrypt\AESCrypt.dll [2015-04-17] (Packetizer, Inc.) [Bestand niet getekend] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-12-31] (Notepad++ -> ) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-01-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-12-22] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-01-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-12-22] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-12-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c4c88e9630d3f61b\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-01-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-12-22] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] ==================== Codecs (gefilterd) ==================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [Bestand niet getekend] HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [Bestand niet getekend] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ShortcutWithArgument: C:\Users\marti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Google Maps.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mnhkaebcjjhencmpkapnbdaogjamfbcj ShortcutWithArgument: C:\Users\marti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Outlook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eigpmdhekjlgjgcppnanaanbdmnlnagl ShortcutWithArgument: C:\Users\marti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Geladen Modules (gefilterd) ============= 2021-02-18 20:38 - 2021-02-18 20:38 - 001050624 _____ () [Bestand niet getekend] C:\Program Files\HomeGuard Pro\vmap.dll 2021-02-18 20:38 - 2021-02-18 20:38 - 000854528 _____ () [Bestand niet getekend] C:\Program Files\HomeGuard Pro\vmapa.dll 2021-01-12 21:06 - 2021-01-12 21:06 - 000135680 _____ (Brother Industries, Ltd.) [Bestand niet getekend] C:\WINDOWS\system32\spool\DRIVERS\x64\3\BRLGC12A_0013.DLL 2021-01-12 21:06 - 2021-01-12 21:06 - 001826816 _____ (Brother Industries, Ltd.) [Bestand niet getekend] C:\WINDOWS\system32\spool\DRIVERS\x64\3\BRUIC12A.DLL 2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [Bestand niet getekend] C:\WINDOWS\System32\StartMenuHelper64.dll 2015-04-17 17:30 - 2015-04-17 17:30 - 000139264 _____ (Packetizer, Inc.) [Bestand niet getekend] C:\Program Files\AESCrypt\AESCrypt.dll 2020-12-15 14:37 - 2020-12-15 14:37 - 001638912 _____ (Robert Simpson, et al.) [Bestand niet getekend] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll 2020-10-06 06:42 - 2020-10-06 06:42 - 000180224 _____ (Software Security System) [Bestand niet getekend] C:\Program Files (x86)\AVAST Software\AvastAntiTrackPremium\Ekc3220.dll 2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [Bestand niet getekend] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll 2014-06-19 21:21 - 2014-06-19 21:21 - 000731648 _____ (Stardock) [Bestand niet getekend] C:\Program Files (x86)\Stardock\ObjectDock\Dock64.dll 2014-03-17 20:00 - 2014-03-17 20:00 - 000627200 _____ (Stardock) [Bestand niet getekend] C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ==================== Alternate Data Streams (gefilterd) ======== ==================== Veilige Modus (gefilterd) ================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HG51 AMC => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HG52 AM REM => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HG52 AM SRV => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HG52 AM VI => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HG52 AMC => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HG51 AMC => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HG52 AM REM => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HG52 AM SRV => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HG52 AM VI => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HG52 AMC => ""="Service" ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer (gefilterd) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-01-24] (Oracle America, Inc. -> Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-24] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-07] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2018-09-15 08:31 - 2021-02-13 19:55 - 001184807 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 mfr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 static.a-ads.com 127.0.0.1 abcstats.com 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 csh.actiondesk.com 127.0.0.1 ads.activepower.net 127.0.0.1 app.activetrail.com 127.0.0.1 ad2games.com 127.0.0.1 adadvisor.net 127.0.0.1 www.adchimp.com 127.0.0.1 pixel.adcrowd.com 127.0.0.1 ct1.addthis.com 127.0.0.1 static.uk.addynamo.com 127.0.0.1 adexc.net 127.0.0.1 static.adfclick1.com 127.0.0.1 server.adformdsp.net 127.0.0.1 s.adframesrc.com 127.0.0.1 media.adfrontiers.com 127.0.0.1 www.adgitize.com 127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code] 127.0.0.1 adgrx.com 127.0.0.1 adhall.com 127.0.0.1 adhitzads.com 127.0.0.1 aj.adjungle.com Er zijn 35881 meer regels. ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-4197053297-474317103-3523505551-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-4197053297-474317103-3523505551-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.2.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk" HKLM\...\StartupApproved\StartupFolder: => "DwmUnExtendFrame.lnk" HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe" HKLM\...\StartupApproved\Run: => "Restoro" HKLM\...\StartupApproved\Run: => "MacroKeys" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKLM\...\StartupApproved\Run32: => "TrayProcess" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\StartupFolder: => "PowerPoint.lnk" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\StartupFolder: => "MacroKeys.lnk" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_8000C8FE2D40D4B88D888FB17405EC37" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "PicPick Start" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "YoloMouse" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "TransparentTaskbar" HKU\S-1-5-21-4197053297-474317103-3523505551-1001\...\StartupApproved\Run: => "TheAeroClock" HKU\S-1-5-21-4197053297-474317103-3523505551-1002\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-4197053297-474317103-3523505551-1002\...\StartupApproved\Run: => "OneDrive" ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{1021EA33-C573-4510-B3E9-0B99097924FE}] => (Allow) C:\Program Files\HomeGuard\vglsetw.exe => Geen bestand FirewallRules: [TCP Query User{B590B018-6060-46BE-9D62-851F3DDD2884}C:\program files\windowsapps\spotifyab.spotifymusic_1.148.625.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.148.625.0_x86__zpdnekdrzrea0\spotify.exe => Geen bestand FirewallRules: [UDP Query User{200B717B-8FA9-4884-A028-33F27188B3C9}C:\program files\windowsapps\spotifyab.spotifymusic_1.148.625.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.148.625.0_x86__zpdnekdrzrea0\spotify.exe => Geen bestand FirewallRules: [{E7909E91-B644-4F53-8522-473716FBC578}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{AD144029-7991-4FC4-969D-1B15CFF6EC14}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{B71E1AA1-CF2B-406E-A9F6-3F5CC655A9FD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{809B29C4-8CA8-4789-8A25-C665D7D20224}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{98CEF0D8-78BB-4599-9A87-8AFD744E13AB}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{0C1C374A-E56F-423B-852C-4E92724694AC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{9E52984D-3F55-4217-95C8-EF78B70A6E78}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{4E6ABF5E-B86E-4415-B410-100C816E0B96}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{691BAA01-6ED3-4D6E-9DD0-BDE5FA2C69EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Geen bestand FirewallRules: [{AFFF3B84-BF4C-4D4A-9EDB-860BA7D677AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Geen bestand FirewallRules: [{2F582C67-DB5B-4382-AE90-C3435FE0D5CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transparent Taskbar\TransparentTaskbar.exe () [Bestand niet getekend] FirewallRules: [{4EAA7A62-7BA3-4E1E-8DFE-627E13384A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transparent Taskbar\TransparentTaskbar.exe () [Bestand niet getekend] FirewallRules: [{068FC3B2-3A1B-45C5-9EAB-76CE038E1FC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Navigation Bar\NavigationBar.exe () [Bestand niet getekend] FirewallRules: [{FDBCC5AE-9D18-4018-8041-27280B45DCB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Navigation Bar\NavigationBar.exe () [Bestand niet getekend] FirewallRules: [{9C351168-6F5A-4677-89D6-FD15005ECD96}] => (Allow) C:\Users\marti\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{3981FE18-2EA6-4457-B408-A295CE4C211D}] => (Allow) C:\Users\marti\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{91714E85-3DA8-4BAC-8AEF-1524C49C3BE6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{10B64855-E57F-426F-B390-4A912E1FE4AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F4C28DC3-0E86-4257-9144-8845AA047A94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{74D9F2D1-92A1-4C53-A9C1-26A89464F079}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FECA877E-FA03-4717-893A-FFA1BBAF47FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2BDF0752-18A4-40D4-832B-BB15D82DC05A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EAD45F90-A910-4B76-9E08-8AC053B945EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoE2DE\BattleServer\BattleServer.exe () [Bestand niet getekend] FirewallRules: [{6B283BE9-211D-44D5-BC8F-202632704AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoE2DE\BattleServer\BattleServer.exe () [Bestand niet getekend] FirewallRules: [TCP Query User{C6F23FFD-5CC3-45FE-BCAC-7FEF1F5DFB5A}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{85505E89-998F-49F0-A3B5-811189E3FE55}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{DFE2E060-DD3E-4F84-9F4F-C9EEACCF5472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D4311639-1ECC-42DA-AEE3-4961B8CFF6DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7B75F073-FFED-4CB4-8AD9-2FE0A455F385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{966A35F2-327C-463A-BE79-993993BC2777}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8D4B2881-2314-4C5E-8492-DC28B0B06347}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{23F03E0C-4AB0-45F9-BF1F-F18107D6DC3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A7070B2C-ECE4-4095-A3B2-D5B678361E1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DE057822-8CCF-4378-94F4-0F63D294CDCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B08CF7FC-F36C-4A37-AE4A-93306D3F84F8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1C7AAF8F-1742-473D-8026-2AD766A63349}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5D168A37-033A-4B7D-A9DC-2B62B2B660F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9A88E4B6-52BD-4D67-BBA9-146D5724967D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{438C182D-8086-4FD6-AFF2-24D7AFF0003D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1C63D5A4-982B-4DB5-9544-D65DD7CFA246}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{00CB5510-2648-45D3-8DC2-0401CC4A779B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A12AD434-6752-4A8D-BF8A-55D58E89F1CD}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{E0892029-4548-4E72-ABDD-DBD773555805}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{57C8435C-5B9F-41D8-AC3E-94191D923B4C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{42C1590E-B35E-4EBB-84B0-4EE8B34ABD9A}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{CABFCBD8-3BB6-4E33-A1CD-00BF464E4979}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{B9C5837D-044B-4D54-90B7-F858C2B9D13C}] => (Allow) C:\Program Files\HomeGuard Pro\vglsetw.exe () [Bestand niet getekend] FirewallRules: [{42CCE418-85CE-42F6-B823-A468A8C00A99}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_51f81f063870aea7\ASUSLinkNear\AsusLinkNear.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) FirewallRules: [{707C24FA-81D9-4D7A-AE9C-4F890E5B0E15}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_51f81f063870aea7\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​) FirewallRules: [{B0D93454-2652-479D-BA65-38A8C3C5FA84}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_51f81f063870aea7\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​) FirewallRules: [{DA0BB1CB-9BC8-44B6-820A-0BE57F4492A3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Herstelpunten ========================= 14-02-2021 19:18:24 Revo Uninstaller Pro's restore point - Documenten 18-02-2021 21:19:37 PC Repair restore point ==================== Defecte Apparaatbeheer Apparaten ============ Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: ASUS Number Pad Description: ASUS Number Pad Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: ASUSTek COMPUTER INC. Service: kbdhid Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (02/19/2021 10:14:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: taskhostw.exe, versie: 10.0.19041.662, tijdstempel: 0xd1ac4c39 Naam van module met fout: pla.dll, versie: 10.0.19041.1, tijdstempel: 0xb08eebc4 Uitzonderingscode: 0xc0000005 Foutmarge: 0x00000000000fd9db Id van proces met fout: 0xb48 Starttijd van toepassing met fout: 0x01d7070419f6856c Pad naar toepassing met fout: C:\WINDOWS\system32\taskhostw.exe Pad naar module met fout: C:\WINDOWS\system32\pla.dll Rapport-id: f09269ed-e15b-49bc-ba08-23b4d9e2f3b5 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (02/18/2021 10:13:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: taskhostw.exe, versie: 10.0.19041.662, tijdstempel: 0xd1ac4c39 Naam van module met fout: pla.dll, versie: 10.0.19041.1, tijdstempel: 0xb08eebc4 Uitzonderingscode: 0xc0000005 Foutmarge: 0x00000000000fd9db Id van proces met fout: 0x10bc Starttijd van toepassing met fout: 0x01d7063431ce8e88 Pad naar toepassing met fout: C:\WINDOWS\system32\taskhostw.exe Pad naar module met fout: C:\WINDOWS\system32\pla.dll Rapport-id: 2d4a464e-8a15-4479-a9a7-6f8a145600bb Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (02/18/2021 08:59:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: WLANExt.exe, versie: 10.0.19041.1, tijdstempel: 0x45c477dd Naam van module met fout: ntdll.dll, versie: 10.0.19041.662, tijdstempel: 0x27bfa5f0 Uitzonderingscode: 0xc0000005 Foutmarge: 0x0000000000045f86 Id van proces met fout: 0x1258 Starttijd van toepassing met fout: 0x01d706305fd0bb80 Pad naar toepassing met fout: C:\WINDOWS\system32\WLANExt.exe Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll Rapport-id: 6a3f8550-ac80-45c7-98d9-aebabcc88717 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (02/16/2021 09:55:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: taskhostw.exe, versie: 10.0.19041.662, tijdstempel: 0xd1ac4c39 Naam van module met fout: pla.dll, versie: 10.0.19041.1, tijdstempel: 0xb08eebc4 Uitzonderingscode: 0xc0000005 Foutmarge: 0x00000000000fd9db Id van proces met fout: 0xb78 Starttijd van toepassing met fout: 0x01d704a60f4e8a2e Pad naar toepassing met fout: C:\WINDOWS\system32\taskhostw.exe Pad naar module met fout: C:\WINDOWS\system32\pla.dll Rapport-id: 4604729d-9a9d-464b-9075-3aa036fe598c Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (02/16/2021 08:30:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x8007045b, Systeem wordt afgesloten. . Error: (02/16/2021 08:30:25 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten. ] Error: (02/16/2021 08:29:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.19041.610, tijdstempel: 0x07896577 Naam van module met fout: SystemSettingsViewModel.Desktop.dll, versie: 10.0.19041.610, tijdstempel: 0xd5731ed1 Uitzonderingscode: 0xc0000005 Foutmarge: 0x000000000001a1db Id van proces met fout: 0x21cc Starttijd van toepassing met fout: 0x01d7048d74a65bbc Pad naar toepassing met fout: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Pad naar module met fout: C:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll Rapport-id: 88a5168d-9d8f-447c-af6b-073fb3b54d13 Volledige pakketnaam met fout: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Relatieve toepassings-id van pakket met fout: microsoft.windows.immersivecontrolpanel Error: (02/16/2021 06:36:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: taskhostw.exe, versie: 10.0.19041.662, tijdstempel: 0xd1ac4c39 Naam van module met fout: pla.dll, versie: 10.0.19041.1, tijdstempel: 0xb08eebc4 Uitzonderingscode: 0xc0000005 Foutmarge: 0x00000000000fd9db Id van proces met fout: 0xb3c Starttijd van toepassing met fout: 0x01d7048a2af1bc00 Pad naar toepassing met fout: C:\WINDOWS\system32\taskhostw.exe Pad naar module met fout: C:\WINDOWS\system32\pla.dll Rapport-id: b9619c23-374c-44e6-9f3f-125eddacf416 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Systeemfouten: ============= Error: (02/19/2021 10:23:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (02/19/2021 10:23:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De HG52 AMC-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Windows Defender: =============== Date: 2021-02-13 15:28:20 Description: Microsoft Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/HostsFileHijack&threatid=265754&enterprise=0 Naam: SettingsModifier:Win32/HostsFileHijack ID: 265754 Ernst: Ernstig Categorie: Programma dat instellingen wijzigt Pad: file:_C:\WINDOWS\system32\drivers\etc\hosts Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Systeem Gebruiker: NT AUTHORITY\SYSTEM Procesnaam: Unknown Versie van beveiligingsinformatie: AV: 1.331.907.0, AS: 1.331.907.0, NIS: 1.331.907.0 Engineversie: AM: 1.1.17800.5, NIS: 1.1.17800.5 Date: 2021-01-29 20:00:28 Description: Scan van Microsoft Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {9E3FE308-4E18-4477-B849-EAFCF43A61D1} Type scan: Antimalware Scanparameters: Volledige scan Gebruiker: MARTIJN-PC\marti Date: 2021-01-28 16:12:50 Description: Scan van Microsoft Defender Antivirus is gestopt voordat deze was voltooid. Scan-id: {5D8932F7-A1B8-4701-97B6-6AA5A103725C} Type scan: Antimalware Scanparameters: Volledige scan Gebruiker: MARTIJN-PC\marti Date: 2021-01-28 16:05:46 Description: Microsoft Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C12&threatid=2147755975&enterprise=0 Naam: Trojan:Win32/Occamy.C12 ID: 2147755975 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_D:\ClassicPack\Classic\Taskbar.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: MARTIJN-PC\marti Procesnaam: C:\Windows\explorer.exe Versie van beveiligingsinformatie: AV: 1.329.2981.0, AS: 1.329.2981.0, NIS: 1.329.2981.0 Engineversie: AM: 1.1.17700.4, NIS: 1.1.17700.4 Date: 2021-01-28 16:05:46 Description: Microsoft Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Naam: PUA:Win32/Presenoker ID: 242420 Ernst: Laag Categorie: Mogelijk ongewenste software Pad: file:_D:\ClassicPack\Classic\UninstallTool.exe Detectieoorsprong: Lokale computer Detectietype: Concreet Detectiebron: Real-timebeveiliging Gebruiker: MARTIJN-PC\marti Procesnaam: C:\Windows\explorer.exe Versie van beveiligingsinformatie: AV: 1.329.2981.0, AS: 1.329.2981.0, NIS: 1.329.2981.0 Engineversie: AM: 1.1.17700.4, NIS: 1.1.17700.4  CodeIntegrity: =============== Date: 2021-02-19 22:23:34 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe) attempted to load \Device\HarddiskVolume6\Program Files\HomeGuard Pro\vmapa.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-19 22:23:34 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\HomeGuard Pro\vmap.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-19 22:23:34 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume6\Program Files\HomeGuard Pro\vmap.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-19 22:23:34 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\fontdrvhost.exe) attempted to load \Device\HarddiskVolume6\Program Files\HomeGuard Pro\vmap.dll that did not meet the Microsoft signing level requirements. ==================== Geheugen info =========================== BIOS: American Megatrends Inc. G531GT.307 04/28/2020 Moederbord: ASUSTeK COMPUTER INC. G531GT Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Percentage geheugen in gebruik: 51% Totaal fysiek RAM-geheugen: 16236.55 MB Beschikbaar fysiek RAM-geheugen: 7890.48 MB Totaal Virtueel geheugen: 18668.55 MB Beschikbaar Virtueel geheugen: 8232.53 MB ==================== Schijven ================================ Drive c: (Windows 10) (Fixed) (Total:319.5 GB) (Free:175.61 GB) NTFS Drive d: (HDD) (Fixed) (Total:683.59 GB) (Free:648.48 GB) NTFS Drive f: (Data) (Fixed) (Total:97.66 GB) (Free:97.4 GB) NTFS \\?\Volume{9a163c93-91bd-42ba-aaac-a37fc75800e0}\ (Herstel) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{60ecc86a-bd84-4249-ba10-d7cabfbe6ead}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS \\?\Volume{03dbadbe-9933-4be9-97ca-bde312e9a603}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitietabel ==================== ==================== Einde van Addition.txt =======================