Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 23.08.2018 Gestart door Vivi N (19-05-2019 18:31:08) Gestart vanaf C:\Users\Vivi N\Downloads Windows 10 Home Versie 1803 17134.706 (X64) (2018-07-03 17:55:52) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2483446999-2797766171-3834256128-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2483446999-2797766171-3834256128-503 - Limited - Disabled) Gast (S-1-5-21-2483446999-2797766171-3834256128-501 - Limited - Disabled) Vivi N (S-1-5-21-2483446999-2797766171-3834256128-1001 - Administrator - Enabled) => C:\Users\Vivi N WDAGUtilityAccount (S-1-5-21-2483446999-2797766171-3834256128-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Symantec Endpoint Protection (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.) ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.138 - ICEpower a/s) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 73.0.1258.86 - De auteurs van Avast Secure Browser) Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden Belgium e-ID middleware 4.1.20 (build 1779) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71779}) (Version: 4.1.1779 - Belgian Government) BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{A242EB06-0518-48A3-AF7A-5973BE9CAF7B}) (Version: 1.0.7.3 - Brother Industries Ltd.) Hidden BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform) ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.) DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.) Foxit PhantomPDF (HKLM-x32\...\{E40149BB-552F-44C8-A10F-4188ADC5AD70}) (Version: 7.0.510.429 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\{0CCF3C48-E676-36F2-B17B-B890488DEB34}) (Version: 74.0.3729.157 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.11.110.1 - Intel Security) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Microsoft OneDrive (HKU\S-1-5-21-2483446999-2797766171-3834256128-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Mozilla Firefox 66.0.5 (x64 nl) (HKLM\...\Mozilla Firefox 66.0.5 (x64 nl)) (Version: 66.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla) Mozilla Thunderbird 60.6.1 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 nl)) (Version: 60.6.1 - Mozilla) NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden NVIDIA Grafisch stuurprogramma 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{41E7B095-1618-49CF-972F-72B5D5235423}) (Version: 4.12.9782 - Apache Software Foundation) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.) ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden Stuurprogrammapakket voor Windows - Fedict SmartCard (11/30/2016 4.1.9) (HKLM\...\A9FBB4D4E267FA9BF2CEBF564F02DB39E147B466) (Version: 11/30/2016 4.1.9 - Fedict) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Endpoint Protection (HKLM\...\{F90EEB64-A4CB-484A-8666-812D9F92B37B}) (Version: 12.1.7004.6500 - Symantec Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.5.541 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5178 - Kingsoft Corp.) Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games) ==================== Aangepaste CLSID (gefilterd): ========================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-04-30] (Foxit Software Inc.) ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-08-10] (Symantec Corporation) ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-08-10] (Symantec Corporation) ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2018-04-12] (Microsoft Corporation) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation) ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-08-10] (Symantec Corporation) ==================== Geplande Taken (gefilterd) ============= (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {02475FEA-2E5F-408B-80B6-B933D7C8C445} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {07880964-1B4A-43B3-84DC-F4186BF18F6F} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-09-18] (ASUSTek Computer Inc) Task: {07B031BE-0647-40C3-82CC-54EDE225A974} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-03-30] (Adobe Systems Incorporated) Task: {0A7D06FB-171D-4951-9962-6DA512727F34} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-03-11] (Piriform Software Ltd) Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.) Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {176E4AED-04B6-4096-BA07-AAEA7EBB6E0E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-04-03] (AVAST Software) Task: {2407FF46-B198-4261-AA89-AFE121ACD9B4} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS) Task: {243B5A83-E613-40F0-8F22-E2B49AD19177} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2019-04-05] (AVAST Software) Task: {3AE8FE7B-FA6A-42B8-A426-8C6CF8BC4486} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-30] (Realtek Semiconductor) Task: {3EC38515-A315-4617-82D1-4C3EF6962118} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [2019-03-30] (Adobe Systems Incorporated) Task: {4516A5A7-180D-4D4A-9D28-05F3453822E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.) Task: {4FAC5154-9A38-484D-ACCF-32F1E8F36096} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {7B564587-6064-4852-B223-8AA948145EDA} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-09-29] (AVAST Software) Task: {80A05519-DB99-4D1D-B448-2B6CF405720B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {8F242305-100B-49C7-B887-F58B11753C6C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-30] (Realtek Semiconductor) Task: {9033FCC4-461D-463E-B53A-12E92A7DF6EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-03-11] (Piriform Software Ltd) Task: {956E96D6-19C8-4231-952B-95D1466D1A0A} - System32\Tasks\S-1-5-21-2483446999-2797766171-3834256128-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation) Task: {A320508F-8B9C-4A72-99E4-D5E202277DF2} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures Task: {B0D92780-61F3-4631-A385-89CE9729A9D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {C170B557-1B44-4113-801F-24B195F9E404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.) Task: {C7D393B2-0971-422F-A65B-4FC75B363CA5} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {CDE99667-698D-4449-93B7-71B6763B4F90} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software) Task: {E06D0FF1-E2D5-45E3-BC76-381C3B44D9B9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2019-04-05] (AVAST Software) Task: {E2520E2A-A8E8-4915-B254-7280D6B699F9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software) Task: {E958F268-6632-4042-B85C-2A9A989CF340} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {F009E0E9-B5E5-44BB-8025-A54FC5BDED6C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] () (Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ==================== Geladen Modules (gefilterd) ============== 2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2016-09-29 17:47 - 2016-09-29 17:48 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2018-02-10 15:13 - 2005-04-22 14:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 20:02 - 2018-11-09 04:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-04-10 19:04 - 2019-04-02 09:46 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-04-04 15:55 - 2019-04-04 15:56 - 026138624 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-04-04 15:45 - 2019-04-04 15:47 - 000289280 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\SharedUI.dll 2017-12-06 17:37 - 2017-12-06 17:41 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-11-29 16:32 - 2018-11-29 16:33 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-04-04 15:45 - 2019-04-04 15:45 - 005709824 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-04-04 15:45 - 2019-04-04 15:46 - 008948224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\EntPlat.dll 2016-11-30 22:57 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe 2019-03-11 17:16 - 2019-03-11 17:16 - 000109248 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll 2016-08-10 09:16 - 2016-08-10 09:16 - 000578856 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\AvPluginImpl.dll 2017-09-18 09:15 - 2017-09-18 09:15 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll 2016-04-11 11:55 - 2015-10-03 04:24 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2009-02-27 17:38 - 2009-02-27 17:38 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2015-08-07 02:09 - 2015-08-07 02:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-09-18 09:15 - 2017-09-18 09:15 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll 2017-09-18 09:15 - 2017-09-18 09:15 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll 2017-09-18 09:15 - 2017-09-18 09:15 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll 2017-09-18 09:15 - 2017-09-18 09:15 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node ==================== Alternate Data Streams (gefilterd) ========= (Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.) ==================== Veilige Modus (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) ==================== Bestandskoppeling (gefilterd) =============== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.) ==================== Internet Explorer vertrouwde/beperkte toegang =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.) ==================== Hosts inhoud: =============================== (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2015-10-30 09:24 - 2019-01-04 13:49 - 000000835 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere gebieden ============================ (Momenteel is er geen automatische fix voor dit onderdeel.) HKU\S-1-5-21-2483446999-2797766171-3834256128-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vivi N\AppData\Roaming\mozilla\firefox\bureaubladachtergrond.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk" HKLM\...\StartupApproved\Run32: => "WebStorage" HKU\S-1-5-21-2483446999-2797766171-3834256128-1001\...\StartupApproved\Run: => "OneDrive" ==================== Firewall regels (gefilterd) =============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{08A0B4D3-2FAB-4CFD-88BE-CFA82923B755}] => (Allow) LPort=54925 FirewallRules: [{74623E24-3A95-46A4-9114-2346CFA75D25}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe FirewallRules: [{325FE36B-00F4-4489-83F9-14D97FD92252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D084F5EE-796E-42D7-821F-4CBA2628180F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C0D46545-2AED-4296-944C-D786675DB159}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\snac64.exe FirewallRules: [{E88278F3-71F2-422A-B06C-D38A58AF702D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\snac64.exe FirewallRules: [{875A9790-4D70-49A5-9C2C-BB79F745ECE8}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe FirewallRules: [{2955ED01-C1ED-4DD6-806A-BBF3EFF451E4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe FirewallRules: [TCP Query User{AF525986-7D94-473E-A3F1-0301B0F634AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{171BC530-558B-4E33-BB6D-F7BCD187652F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C9BF5658-D60F-452D-98CC-ADA7635F46A8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{CAA4BEA1-7A6A-40EB-A7FB-E06E286039FE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{411740A3-6580-4E7A-BD69-F3E25CD32076}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe FirewallRules: [{B009A7DF-3F26-497A-AA7D-46EC8CB2FEF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Herstelpunten ========================= 26-04-2019 18:39:12 Gepland controlepunt 05-05-2019 17:10:42 Gepland controlepunt 13-05-2019 15:56:46 Gepland controlepunt 16-05-2019 16:24:57 Windows Update 18-05-2019 19:30:51 Removed Symantec Endpoint Protection. 18-05-2019 19:33:25 Removed Symantec Endpoint Protection. 19-05-2019 17:46:13 Removed Java 8 Update 172 19-05-2019 17:48:00 Removed Java 8 Update 191 19-05-2019 17:49:01 Removed Symantec Endpoint Protection. ==================== Defecte Apparaatbeheer Apparaten ============= ==================== Eventlog fouten: ========================= Applicatiefouten: ================== Error: (05/19/2019 06:22:18 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (05/19/2019 05:44:59 PM) (Source: MsiInstaller) (EventID: 11704) (User: DESKTOP-Q1P3FPC) Description: Product: Java 8 Update 171 -- Error 1704. An installation for ASUS Smart Gesture is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error: (05/19/2019 05:44:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AUDIODG.EXE, versie: 10.0.17134.619, tijdstempel: 0x7ba55a2a Naam van module met fout: ICEsoundAPO64.dll, versie: 1.0.0.18, tijdstempel: 0x564db767 Uitzonderingscode: 0xc0000005 Foutmarge: 0x000000000003b262 Id van proces met fout: 0xc14 Starttijd van toepassing met fout: 0x01d50e59630439c9 Pad naar toepassing met fout: C:\WINDOWS\system32\AUDIODG.EXE Pad naar module met fout: C:\WINDOWS\system32\ICEsoundAPO64.dll Rapport-id: 71515b41-78ab-4660-89f4-81b785be6457 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (05/19/2019 05:37:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: AUDIODG.EXE, versie: 10.0.17134.619, tijdstempel: 0x7ba55a2a Naam van module met fout: ICEsoundAPO64.dll, versie: 1.0.0.18, tijdstempel: 0x564db767 Uitzonderingscode: 0xc0000005 Foutmarge: 0x000000000003b262 Id van proces met fout: 0x1468 Starttijd van toepassing met fout: 0x01d50da1fb9f9ba3 Pad naar toepassing met fout: C:\WINDOWS\system32\AUDIODG.EXE Pad naar module met fout: C:\WINDOWS\system32\ICEsoundAPO64.dll Rapport-id: 0e48c958-62e2-4cf3-970b-f9f892546f74 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (05/19/2019 05:25:19 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (05/18/2019 07:29:57 PM) (Source: MsiInstaller) (EventID: 11704) (User: DESKTOP-Q1P3FPC) Description: Product: TomTom HOME -- Fout 1704. De installatie van ASUS Smart Gesture is momenteel onderbroken. Als u door wilt gaan, moet u de wijzigingen die door de installatie zijn aangebracht, ongedaan maken. Wilt u de wijzigingen ongedaan maken? Error: (05/18/2019 06:33:19 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (05/18/2019 03:33:21 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Systeemfouten: ============= Error: (05/19/2019 06:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID Windows.SecurityCenter.WscBrokerManager en APPID Niet beschikbaar aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (05/19/2019 06:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (05/19/2019 06:24:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: FontCache3.0.0.0. Error: (05/19/2019 06:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} en APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (05/19/2019 06:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} en APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (05/19/2019 06:23:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De Kingsoft_WPS_UpdateService-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (05/19/2019 06:23:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Kingsoft_WPS_UpdateService. Error: (05/19/2019 05:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen standaard voor deze computer wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} en APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. CodeIntegrity: =================================== Date: 2018-07-04 21:20:29.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\Windows.WARP.JITService.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\sysfer.dll that did not meet the Store signing level requirements. ==================== Geheugen info =========================== Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Percentage geheugen in gebruik: 32% Totaal fysiek RAM-geheugen: 8062.7 MB Beschikbaar fysiek RAM-geheugen: 5411.04 MB Totaal Virtueel geheugen: 9342.7 MB Beschikbaar Virtueel geheugen: 6644.5 MB ==================== Schijven ================================ Drive c: (OS) (Fixed) (Total:278.7 GB) (Free:226.6 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)] Drive d: (DATA) (Fixed) (Total:419.18 GB) (Free:418.99 GB) NTFS \\?\Volume{e154de7b-2643-4d59-afc2-b255f7a29f95}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS \\?\Volume{c700261b-c075-4008-be65-8d8fc3c9d3d8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partitietabel ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: F48FB097) Partition: GPT. ==================== Eind van Addition.txt ============================