Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 07-06-2017 01 Gestart door elsin (07-06-2017 21:34:50) Gestart vanaf C:\Users\elsin\Desktop Windows 10 Pro Versie 1703 (X64) (2017-04-18 06:16:26) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3641242021-2054865500-2050538764-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3641242021-2054865500-2050538764-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3641242021-2054865500-2050538764-1000 - Limited - Disabled) => C:\Users\defaultuser0 elsin (S-1-5-21-3641242021-2054865500-2050538764-1001 - Administrator - Enabled) => C:\Users\elsin Gast (S-1-5-21-3641242021-2054865500-2050538764-501 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Antivirus by F-Secure (Disabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Antivirus by F-Secure (Disabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) 20/20 v2.2 (HKLM-x32\...\20/20 v2.2) (Version: - ) Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated) Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - ) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Computer Security 14.176.101.0 (release) (x32 Version: 14.176.101.0 - F-Secure Corporation) Hidden Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.4.0.11 - Corel Corporation) Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden Corel Update Manager (x32 Version: 2.3.160 - Corel corporation) Hidden EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft) FileZilla Client 3.6.0 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0 - FileZilla Project) Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.1.1.805 - Foxit Software Company) F-Secure CCF Reputation (x32 Version: 2.1.1342.0 - F-Secure) Hidden F-Secure CCF Scanning 1.73.275.1078 (release) (x32 Version: 1.73.275.1078 - F-Secure Corporation) Hidden F-Secure Network CCF 1.04.214 (x32 Version: 1.04.214 - F-Secure Corporation) Hidden F-Secure SafeSearch 1.11.101.0 (release) (x32 Version: 1.11.101.0 - F-Secure Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HEMA fotoservice (HKLM-x32\...\{5AA74D8E-4E02-401A-BCCE-C7565BEBE289}_is1) (Version: - HEMA NL) ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Uw bedrijfsnaam) K-Lite Mega Codec Pack 8.3.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.3.2 - ) KPN Assistent (HKLM-x32\...\KPN Assistent) (Version: 1.2.0.59 - KPN) KPN Assistent (x32 Version: 1.2.0.59 - KPN) Hidden KPN Veilig (HKLM-x32\...\F-Secure ServiceEnabler 4582601) (Version: 2.76.212.0 - F-Secure Corporation) KPN Veilig (x32 Version: 2.76.212.0 - F-Secure Corporation) Hidden Malwarebytes versie 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.8067.2115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3641242021-2054865500-2050538764-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.1.1.6338 - Mozilla) Mozilla Thunderbird 52.1.1 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 nl)) (Version: 52.1.1 - Mozilla) Mpeg Layer3 Codec FHG-Radium v1.263 (HKLM-x32\...\Mp3 Codec) (Version: - ) NXPowerLite (HKLM\...\{B26F9EFE-96A7-462B-9C3B-BF4018058969}) (Version: 7.1.2 - Neuxpower Solutions Ltd) Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Online Safety 2.176.4626.2945 (x32 Version: 2.176.4626.2945 - F-Secure Corporation) Hidden PSP Thumbnail Handler (HKLM-x32\...\{2086A549-ED96-4dc9-BBE3-0538AB29ABEC}) (Version: 1.10.21 - Bot Productions) PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden Setup (x32 Version: 17.0.0.199 - Uw bedrijfsnaam) Hidden Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) Spotify (HKU\S-1-5-21-3641242021-2054865500-2050538764-1001\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software) Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {053921E0-687C-4979-9861-979FBA4A1995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-28] (Microsoft Corporation) Task: {159782CB-2371-47C7-B03E-8CA99A8BCEB8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-28] () Task: {1806A08B-6B2D-40DA-AFE2-B30B536EA6B1} - System32\Tasks\{3437B74A-D1D8-46BF-BBE7-60FBF9DA2B31} => pcalua.exe -a "C:\Program Files (x86)\byLight\2020\2020.exe" -d C:\PROGRA~2\byLight\2020 Task: {241E8F34-3E26-40FC-B089-504E26E7CC36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-28] (Microsoft Corporation) Task: {72189936-C09E-49AA-B948-CEE07DC1845F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-28] () Task: {72E69326-1826-4A62-8857-2EF0416F82DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {93DD65AB-D212-45DA-AC93-8FB64687938C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-29] (Google Inc.) Task: {9A57E2EC-2066-4546-BC61-EA4D1A4B9568} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-04-24] (Corel Corporation) Task: {B234211E-A28B-4DFF-A21C-FA9D324ACF00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {CA81FBE8-6688-4995-BA4B-899112B770B0} - System32\Tasks\CorelUpdateHelperTask => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-04-24] (Corel Corporation) Task: {F02077DC-8E57-43FF-9956-7A6CFF4B1D17} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {FCEB1505-1058-41A7-8CF4-5048C9FC4563} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-29] (Google Inc.) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) ==================== Snelkoppelingen ============================= (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ShortcutWithArgument: C:\Users\elsin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a253f58d8885b1\Adblock Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cfhdojbkjhnklbpkdaibdccddilifddb ==================== Geladen Modules (gefilterd) ============== 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 05:56 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2017-05-26 08:32 - 2017-05-26 08:33 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-05-26 08:32 - 2017-05-26 08:33 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-05-26 08:32 - 2017-05-26 08:33 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-05-26 08:32 - 2017-05-26 08:33 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll 2017-01-30 15:33 - 2016-10-26 17:05 - 00074720 _____ () C:\Program Files (x86)\KPN Veilig\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng 2017-01-05 14:42 - 2017-01-05 14:42 - 00254944 _____ () C:\Program Files (x86)\KPN Veilig\daas2.dll 2017-01-30 15:34 - 2017-01-30 15:37 - 00213984 _____ () C:\Program Files (x86)\KPN Veilig\apps\ComputerSecurity\Spam Control\fsas.dll 2017-04-18 13:14 - 2017-06-06 19:16 - 00120944 _____ () C:\Users\elsin\AppData\Roaming\Spotify\SpotifyWinRT.dll 2017-06-07 21:15 - 2017-06-07 21:15 - 00098816 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32api.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00110080 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\pywintypes27.dll 2017-06-07 21:15 - 2017-06-07 21:15 - 00364544 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\pythoncom27.dll 2017-06-07 21:15 - 2017-06-07 21:15 - 00320512 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32com.shell.shell.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00914432 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_hashlib.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 01176576 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._core_.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00806400 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._gdi_.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00816128 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._windows_.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 01067008 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._controls_.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00733184 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._misc_.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00682496 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\pysqlite2._sqlite.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00088064 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_ctypes.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00686080 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\unicodedata.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00119808 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32file.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00108544 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32security.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00007168 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\hashobjs_ext.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00017920 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\thumbnails_ext.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00088064 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\usb_ext.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00012800 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\common.time34.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00018432 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32event.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00167936 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32gui.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00046080 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_socket.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 01303552 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_ssl.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00128512 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_elementtree.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00127488 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\pyexpat.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00038912 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32inet.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00036864 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_psutil_windows.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00524248 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\windows._lib_cacheinvalidation.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00011264 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32crypt.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00123392 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._wizard.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00077312 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._html2.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00027648 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_multiprocessing.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00020480 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\_yappi.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00035840 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32process.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00078848 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\wx._animate.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00024064 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32pipe.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00010240 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\select.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00025600 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32pdh.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00017408 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32profile.pyd 2017-06-07 21:15 - 2017-06-07 21:15 - 00022528 ____R () C:\Users\elsin\AppData\Local\Temp\_MEI79802\win32ts.pyd ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) ==================== Hosts inhoud: =============================== (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2016-07-16 13:47 - 2016-07-16 13:45 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-3641242021-2054865500-2050538764-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\elsin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.2.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is uitgeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{1C4F7D3C-D2B9-46F0-AE89-11EA2DA0F868}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll FirewallRules: [{59DE8EB4-4AA1-4A9C-831E-314B0B6235EB}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll FirewallRules: [{F6C87E87-CC8F-4E67-8D89-337914C7D44A}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{E892DD21-1708-4CF7-AECA-89F80A32247B}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [UDP Query User{073961CB-5841-4A90-A8A5-AC6B775CA08D}C:\users\elsin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elsin\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{8F0F5BC2-92B0-40B5-B610-6BA73336CAE6}C:\users\elsin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elsin\appdata\roaming\spotify\spotify.exe FirewallRules: [{BBC06303-9CBD-4A93-A013-1BE8E8793303}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{20F15665-6AEC-432C-BB4B-9D4154669BFC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{28A9634D-EC2D-4A2F-B83E-2BDE56E109A5}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{0617D21F-66C5-4E4E-934F-4DC3779BEF87}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{92762908-C19F-4577-BF16-EAE6CBC2DFD6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{4977ADB6-1848-4505-9A58-DDD6BEEBC44C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe FirewallRules: [{2F393A16-A63F-4E37-9730-B18B1D93B622}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{1058D38A-5EFA-4BA7-AA0D-45FEC05D8E29}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe FirewallRules: [{A637B86A-116A-4386-A310-0344E68D58EA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{B391E275-DBDB-4275-9B14-11386D1585FE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{34FE92C6-B4A6-48BF-8A20-BF501499A603}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{0D497DCC-D7D6-4F93-BFF4-22984EAE0A8D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{4DB638FA-5074-4AC1-A899-E3B5691B641F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{FC114A6D-7155-4808-A2A1-F5422D455AFA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{92EF3F17-BCF2-4BF4-9AD7-56C7657CC841}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{037390E8-C5C1-40FB-A24D-8AC35F9DD60E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{70F7DCE8-A63E-485D-A7BB-6538CC667D92}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{3D98C29A-48DC-413B-86E0-4B4417905DF7}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe FirewallRules: [{EE70B8A0-6CBE-48EE-ABB7-3AC992CD81BC}] => (Allow) C:\Users\elsin\AppData\Local\Temp\ImInstaller\IncrediBackup_installer.exe FirewallRules: [{E06212A4-F56D-4DFE-8C26-37122A35E699}] => (Allow) C:\Users\elsin\AppData\Local\Temp\ImInstaller\IncrediBackup_installer.exe FirewallRules: [{271CDEF6-236B-4B35-9B33-D7D9ABB72260}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{6567D3B1-BCB0-493B-A4DB-280C673ECD2B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [UDP Query User{328DB460-B371-4310-8BF9-6B2F9C641004}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe FirewallRules: [TCP Query User{4153EDC3-8326-4F14-857E-B6954275C998}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe FirewallRules: [{B0B24505-BACE-4573-87AD-33E53CD91DC1}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe FirewallRules: [{4495CA7D-9A31-466B-94B3-35CDA630BC3A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe FirewallRules: [{0050E618-3CD6-4E09-B5D1-31F09173902B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe FirewallRules: [{3E351C83-250C-4F04-8F8E-CDFFAFF3DBA7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe FirewallRules: [{E3E3114D-7D7B-4415-B5B1-E4FD59093A6C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe FirewallRules: [{9FEFD2CC-A691-49E1-8AA4-BD73C2F8DC20}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe FirewallRules: [{AD0BED37-B21C-45FE-B1CE-5D9686E6608C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe FirewallRules: [{FB0845FA-18AA-4D0C-9D44-315B8281B64F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe FirewallRules: [UDP Query User{8947E924-09FB-4E74-9FD2-360E7854A23E}C:\users\elsin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elsin\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{5D1F065D-02FA-4FE1-8E4E-3621E7916E5F}C:\users\elsin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elsin\appdata\roaming\spotify\spotify.exe FirewallRules: [{EACBB11E-F907-4E1C-BA97-13546927EA5F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{A771FE80-A09B-4C41-ACF4-96887D952745}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{AE8DE2FA-5629-45EA-8328-98ED3B510912}] => (Allow) C:\Users\elsin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7CCDA6F0-3041-4F27-84BC-BD3EBE3520B4}] => (Allow) C:\Users\elsin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{30FD07FE-44A2-41DA-8DE0-CF2E93EBDC46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{960A06FD-486F-447D-929E-D1DCE00BEBFC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{C1E988B0-F54E-4C2A-831D-F010BB9D2100}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe FirewallRules: [{316A862E-64F4-4DEB-833D-06B6D73A79E6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe FirewallRules: [{D97899BC-231E-4E0C-A559-3FCEF67C3D26}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe FirewallRules: [{72F8F218-BCFC-4DA5-9BC4-605209818604}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe ==================== Herstelpunten ========================= 07-06-2017 18:31:18 Removed Photo Notifier and Animation Creator. ==================== Defecte Apparaatbeheer Apparaten ============= Name: PCI-seriële poort Description: PCI-seriële poort Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications-controller Description: PCI Simple Communications-controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HID Non-User Input Data Filter Description: HID Non-User Input Data Filter Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48) Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers. Name: HID Non-User Input Data Filter Description: HID Non-User Input Data Filter Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48) Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers. ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (06/07/2017 09:32:03 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 1 2017-06-07 21:32:01+02:00 SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\users\elsin\desktop\frst64.exe File hash: 6285823708a13ec84b3fd7319f3e27acdf0e6c5a Error: (06/07/2017 09:17:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FA6FBC5) Description: Het activeren van de app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (06/07/2017 08:31:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: MicrosoftEdge.exe, versie: 11.0.15063.250, tijdstempel: 0x58f6ff5f Naam van module met fout: EMODEL.dll, versie: 11.0.15063.296, tijdstempel: 0xa50b1267 Uitzonderingscode: 0xc0000409 Foutmarge: 0x00000000000ea93c Id van proces met fout: 0x14e8 Starttijd van toepassing met fout: 0x01d2dfb2bdcada1d Pad naar toepassing met fout: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Pad naar module met fout: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll Rapport-id: 66f780ed-164c-4fc1-90d0-a7c0883a4f57 Volledige pakketnaam met fout: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Relatieve toepassings-id van pakket met fout: MicrosoftEdge Error: (06/07/2017 07:48:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FA6FBC5) Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (06/07/2017 07:16:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FA6FBC5) Description: Het activeren van de app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (06/07/2017 06:53:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FA6FBC5) Description: Het activeren van de app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (06/07/2017 06:53:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FA6FBC5) Description: Het activeren van de app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel is mislukt door de fout -2144927142. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (06/07/2017 06:31:45 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-FA6FBC5) Description: Product: Photo Notifier and Animation Creator -- Error 2809.On the dialog CancelSetup the next control pointers do not form a cycle. There is a pointer from No to Yes, but there is no further pointer. Error: (06/06/2017 09:24:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW. hr = 0x80070006, De ingang is ongeldig. . Bewerking: Asynchrone bewerking uitvoeren Context: Huidige status: DoSnapshotSet Error: (06/06/2017 08:14:18 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: De openprocedure voor de WmiApRpl-service in DLL-bestand C:\WINDOWS\system32\wbem\wmiaprpl.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode. Systeemfouten: ============= Error: (06/07/2017 08:37:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: De aanvraag wordt niet ondersteund. Error: (06/07/2017 08:37:44 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: NuidFltr.sys Error: (06/07/2017 07:48:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FA6FBC5) Description: De server Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (06/07/2017 07:13:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: De aanvraag wordt niet ondersteund. Error: (06/07/2017 07:13:06 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: NuidFltr.sys Error: (06/07/2017 06:53:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: De Delivery Optimization-service is bij het starten vastgelopen. Error: (06/07/2017 06:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: De aanvraag wordt niet ondersteund. Error: (06/07/2017 06:48:39 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: NuidFltr.sys Error: (06/07/2017 08:03:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} en APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (06/06/2017 07:17:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FA6FBC5) Description: De server {0002DF02-0000-0000-C000-000000000046} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage geheugen in gebruik: 78% Totaal fysiek RAM-geheugen: 3797.3 MB Beschikbaar fysiek RAM-geheugen: 806.99 MB Totaal Virtueel geheugen: 5653.3 MB Beschikbaar Virtual geheugen: 2156.8 MB ==================== Schijven ================================ Drive c: () (Fixed) (Total:232.34 GB) (Free:172.77 GB) NTFS ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 17593766) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Eind van Addition.txt ============================