Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 11-04-2020 Gestart door Paul & Karin (11-04-2020 17:17:07) Gestart vanaf C:\Users\Paul & Karin\Desktop Windows 10 Pro Versie 1909 18363.720 (X64) (2019-09-27 18:30:00) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2958842789-4142555249-2892421365-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2958842789-4142555249-2892421365-503 - Limited - Disabled) Gast (S-1-5-21-2958842789-4142555249-2892421365-501 - Limited - Disabled) Paul & Karin (S-1-5-21-2958842789-4142555249-2892421365-1003 - Administrator - Enabled) => C:\Users\Paul & Karin WDAGUtilityAccount (S-1-5-21-2958842789-4142555249-2892421365-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET Security (Disabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) Acronis Disk Director 12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe) Adobe Reader XI (11.0.23) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) Asus Sonic Suite Plugins (HKLM-x32\...\{f0c1caa6-9d8d-47a9-b9a0-1d83ded7e857}) (Version: 1.2.401 - ASUSTeKcomputer.Inc) Hidden Belgium e-ID middleware 4.4.24 (build 4261) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74261}) (Version: 4.4.4261 - Belgian Government) CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World) ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden HP ENVY 4500 series Basissoftware van het apparaat (HKLM\...\{E7E2EB53-AA2D-4068-8242-28859DCB7C3A}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{8E0DEA5E-822C-4993-8D47-9305D61E6188}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation) Intel(R) Network Connections 20.1.2019.0 (HKLM\...\PROSetDX) (Version: 20.1.2019.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) MediaHuman YouTube Downloader 3.9.9.32 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.9.32 - MediaHuman) Microsoft Office Professional Plus 2019 - nl-nl (HKLM\...\ProPlus2019Volume - nl-nl) (Version: 16.0.12624.20382 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2958842789-4142555249-2892421365-1003\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation) NahimicSettingsConfigurator (HKLM\...\{3094F0B9-A3E1-4A01-9B0F-2531645C72CF}) (Version: 1.2.401 - ASUSTeKcomputer.Inc) Hidden NVIDIA 3D Vision controllerstuurprogramma 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision stuurprogramma 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation) NVIDIA Grafisch stuurprogramma 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) NVIDIA PhysX systeemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20382 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden Original Arcade Games (HKLM-x32\...\Original Arcade Games) (Version: 0.97 - B00) Productverbeteringsonderzoek voor HP ENVY 4500 series (HKLM\...\{A0B1D150-9577-4F9C-9FC7-AD8557C6BDFC}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 4.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.0 - VS Revo Group, Ltd.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) Spotnet (HKLM-x32\...\{12947715-B6F0-4597-816F-5E13FB647921}_is1) (Version: 1.9.0.2 - Spotnet) Stremio (HKU\S-1-5-21-2958842789-4142555249-2892421365-1003\...\Stremio) (Version: 4.4.106 - Smart Code Ltd.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Packages: ========= Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.8.5.0_x86__kgqvnymyfvs32 [2020-04-10] (king.com) Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.34.6.0_x86__kgqvnymyfvs32 [2020-04-10] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-28] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-28] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Studios) [MS Ad] MSN weer -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0 [2020-04-10] (Spotify AB) [Startup Task] ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Geen bestand ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll -> Geen bestand ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Geen bestand ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Geen bestand ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Geen bestand ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Geen bestand ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll -> Geen bestand ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Geen bestand ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-16] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (gefilterd) ==================== ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) Shortcut: C:\Users\Paul & Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio\Stremio web.lnk -> C:\Users\Paul & Karin\AppData\Local\Programs\LNV\Stremio-4\stremio web.bat () ==================== Geladen Modules (gefilterd) ============= 2019-11-21 19:49 - 2016-11-14 14:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Bestand niet getekend] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2019-11-21 19:48 - 2016-11-14 11:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Bestand niet getekend] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll 2018-04-06 20:29 - 2018-04-06 20:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Bestand niet getekend] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 20:29 - 2018-04-06 20:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Bestand niet getekend] C:\Program Files\Logitech Gaming Software\ssleay32.dll ==================== Alternate Data Streams (gefilterd) ======== (Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.) AlternateDataStreams: C:\ProgramData\Spotnet:spn.k [428] ==================== Veilige Modus (gefilterd) ================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer vertrouwde/beperkte toegang ========== ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT HKU\S-1-5-21-2958842789-4142555249-2892421365-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [TCP Query User{02158DB1-38B2-4701-AF48-748AB165E0DB}G:\drivers\samdrivers 15412 dvd\drivers\sdi-drv.exe] => (Allow) G:\drivers\samdrivers 15412 dvd\drivers\sdi-drv.exe Geen bestand FirewallRules: [UDP Query User{D8A7DFD4-9DF9-4FB8-8AFE-D9D18E5A9FAC}G:\drivers\samdrivers 15412 dvd\drivers\sdi-drv.exe] => (Allow) G:\drivers\samdrivers 15412 dvd\drivers\sdi-drv.exe Geen bestand FirewallRules: [{94D5EC5E-DC21-4451-92DB-1A24E9133780}] => (Block) C:\Program Files (x86)\Acronis\DiskDirector\DiskDirector.exe (Acronis International GmbH -> Acronis) FirewallRules: [{82D697AF-1FEE-4C75-BB32-0BA53621FC2D}] => (Block) C:\Program Files (x86)\Acronis\DiskDirector\DiskDirector.exe (Acronis International GmbH -> Acronis) FirewallRules: [{824C5D3B-8F9E-4BF3-BEC1-3A03E62B449E}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{1462DC22-489B-4F8C-9D9D-D258167F8B40}] => (Allow) LPort=5357 FirewallRules: [{9903CD8A-80D1-4092-AC69-20E14EBD09B3}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [TCP Query User{7C40A9F0-295D-4062-9688-A0F8F83CA1A1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{ACD468A5-5BE5-4A5E-9331-CB8E2023CB80}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{901FBCDF-0509-4AB2-A545-CD1CDE0B485D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{44D11EA6-2944-462F-B989-00645F9AF465}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C48E7B85-91F5-4C50-BB8D-CE492C601891}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0799AB82-1EC8-4B4A-8FA3-1DE28C7346FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E395AF93-FF1A-4664-BDF2-144DE5EBBD49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{82ACEE95-CF00-438D-9030-53AAE8403124}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8B06BAF0-FFA2-40C0-A202-CBDB90186554}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C9CC67DC-F761-4E2E-88E2-98BB714CBE3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{54063474-885D-42E2-BBD9-1E0CE6E689E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E442F2C7-B759-4837-BEB1-409D4A69560C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Herstelpunten ========================= 11-04-2020 16:29:59 End of disinfection ==================== Defecte Apparaatbeheer Apparaten ============ ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (04/10/2020 07:16:37 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd. . Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces. Bewerking: Schrijvergegevens verzamelen Context: Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220} Naam van schrijver: System Writer Instantie-id van schrijver: {92abab13-e89a-44c7-bbba-1744295d9731} Error: (04/10/2020 06:54:20 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: De vereiste buffergrootte is groter dan de grootte die is doorgegeven aan de verzamelfunctie van het DLL-bestand voor uitbreidbare items "C:\Windows\System32\perfts.dll" voor de "LSM"-service. De opgegeven buffergrootte was 30472 en de vereiste grootte was 33224. Error: (04/09/2020 07:59:04 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: De vereiste buffergrootte is groter dan de grootte die is doorgegeven aan de verzamelfunctie van het DLL-bestand voor uitbreidbare items "C:\Windows\System32\perfts.dll" voor de "LSM"-service. De opgegeven buffergrootte was 28136 en de vereiste grootte was 30464. Error: (04/08/2020 07:27:09 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: De vereiste buffergrootte is groter dan de grootte die is doorgegeven aan de verzamelfunctie van het DLL-bestand voor uitbreidbare items "C:\Windows\System32\perfts.dll" voor de "LSM"-service. De opgegeven buffergrootte was 29472 en de vereiste grootte was 32856. Error: (04/06/2020 04:33:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Het programma mame32.exe, versie 0.37.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm. Proces-id: 878 Starttijd: 01d60c204d010618 Eindtijd: 23 Toepassingspad: C:\Users\PAUL&K~1\DOCUME~1\MAX 2.10\EMULATOR\Mame 33\mame32.exe Rapport-id: 4b55a221-c944-4f4d-ac5e-b3e587d6dc38 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Type vastlopen: Cross-process Error: (04/06/2020 04:33:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: logitechg_discord.exe, versie: 9.2.65.0, tijdstempel: 0x5582854a Naam van module met fout: ntdll.dll, versie: 10.0.18362.719, tijdstempel: 0x832e7bce Uitzonderingscode: 0xc0000005 Foutmarge: 0x00051c3e Id van proces met fout: 0x1a80 Starttijd van toepassing met fout: 0x01d60c2064b5a81f Pad naar toepassing met fout: C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll Rapport-id: dc83d712-c527-4dd1-9838-8add51a7163f Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (04/06/2020 12:54:29 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: De vereiste buffergrootte is groter dan de grootte die is doorgegeven aan de verzamelfunctie van het DLL-bestand voor uitbreidbare items "C:\Windows\System32\perfts.dll" voor de "LSM"-service. De opgegeven buffergrootte was 26288 en de vereiste grootte was 32488. Error: (04/05/2020 10:06:42 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: De vereiste buffergrootte is groter dan de grootte die is doorgegeven aan de verzamelfunctie van het DLL-bestand voor uitbreidbare items "C:\Windows\System32\perfts.dll" voor de "LSM"-service. De opgegeven buffergrootte was 29696 en de vereiste grootte was 31752. Systeemfouten: ============= Error: (04/11/2020 04:29:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De ASUS Com Service-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (04/11/2020 04:29:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (60000 seconden) tijdens het wachten op het verbinden van deze service: ASUS Com Service. Error: (04/11/2020 04:28:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (60000 seconden) tijdens het wachten op het verbinden van deze service: NvStreamNetworkSvc. Error: (04/11/2020 04:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: De Klik-en-klaar-service van Microsoft Office-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten. Error: (04/11/2020 04:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Intel(R) Security Assist-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (04/11/2020 04:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Intel(R) Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (04/11/2020 04:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De NVIDIA Network Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (04/11/2020 04:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: De Logitech Gaming Registry Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Windows Defender: =================================== Date: 2020-04-06 18:44:01.074 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Naam: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\Paul & Karin\AppData\Local\Temp\Download_Mortal-Kombat-II_3431763246.exe; file:_C:\Users\Paul & Karin\Desktop\Doorgaan Mortal-Kombat-II Installatie.lnk Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Gebruiker Gebruiker: DESKTOP-9A7KD91\Paul & Karin Procesnaam: Unknown Versie van beveiligingsinformatie: AV: 1.313.893.0, AS: 1.313.893.0, NIS: 1.313.893.0 Engineversie: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-06 18:39:32.976 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Naam: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\Paul & Karin\AppData\Local\Temp\Download_Mortal-Kombat-II_3431763246.exe Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Gebruiker Gebruiker: DESKTOP-9A7KD91\Paul & Karin Procesnaam: C:\Windows\explorer.exe Versie van beveiligingsinformatie: AV: 1.313.893.0, AS: 1.313.893.0, NIS: 0.0.0.0 Engineversie: AM: 1.1.16900.4, NIS: 0.0.0.0 Date: 2020-04-06 18:08:40.174 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Naam: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\Paul & Karin\AppData\Local\Temp\Download_Mortal-Kombat-II_3431763246.exe Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Real-timebeveiliging Gebruiker: DESKTOP-9A7KD91\Paul & Karin Procesnaam: C:\Windows\explorer.exe Versie van beveiligingsinformatie: AV: 1.313.893.0, AS: 1.313.893.0, NIS: 1.313.893.0 Engineversie: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-06 18:02:47.593 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0 Naam: Trojan:Win32/Wacatac.D!ml ID: 2147749373 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\Paul & Karin\AppData\Local\Temp\Download_Mortal-Kombat-II_3431763246.exe Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Gebruiker Gebruiker: DESKTOP-9A7KD91\Paul & Karin Procesnaam: Unknown Versie van beveiligingsinformatie: AV: 1.313.893.0, AS: 1.313.893.0, NIS: 1.313.893.0 Engineversie: AM: 1.1.16900.4, NIS: 1.1.16900.4 Date: 2020-04-06 18:02:47.587 Description: Windows Defender Antivirus heeft malware of andere mogelijke ongewenste software gedetecteerd. Zie het volgende voor meer informatie: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.A!ml&threatid=2147735504&enterprise=0 Naam: Trojan:Win32/Wacatac.A!ml ID: 2147735504 Ernst: Ernstig Categorie: Trojaans paard Pad: file:_C:\Users\Paul & Karin\Downloads\PacMan Museum!\Sleutel\steam_api.dll Detectieoorsprong: Lokale computer Detectietype: Snel pad Detectiebron: Gebruiker Gebruiker: DESKTOP-9A7KD91\Paul & Karin Procesnaam: Unknown Versie van beveiligingsinformatie: AV: 1.313.893.0, AS: 1.313.893.0, NIS: 1.313.893.0 Engineversie: AM: 1.1.16900.4, NIS: 1.1.16900.4 CodeIntegrity: =================================== Date: 2020-04-11 17:12:42.986 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:39:42.531 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:36:28.242 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:36:24.570 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:36:24.527 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:35:54.302 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:31:13.237 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-04-11 16:31:11.108 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Geheugen info =========================== BIOS: American Megatrends Inc. 5.15 06/25/2010 Moederbord: MSI IONA Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentage geheugen in gebruik: 38% Totaal fysiek RAM-geheugen: 8119.11 MB Beschikbaar fysiek RAM-geheugen: 4988.47 MB Totaal Virtueel geheugen: 9399.11 MB Beschikbaar Virtueel geheugen: 6377.19 MB ==================== Schijven ================================ Drive c: (Windows_10_Pro) (Fixed) (Total:223.03 GB) (Free:151.78 GB) NTFS Drive i: () (Fixed) (Total:1396.7 GB) (Free:903.28 GB) NTFS Drive j: (data 9/12/19) (Fixed) (Total:465.76 GB) (Free:179.42 GB) NTFS \\?\Volume{0a7ab398-0000-0000-0000-100000000000}\ (Door systeem gereserveerd) (Fixed) (Total:0.54 GB) (Free:0.14 GB) NTFS \\?\Volume{7d1b84dc-0000-0000-0000-100000000000}\ (Door systeem gereserveerd) (Fixed) (Total:0.57 GB) (Free:0.53 GB) NTFS \\?\Volume{3ee68416-0bc4-11ea-9a47-806e6f6e6963}\ () (Removable) (Total:0 GB) (Free:0 GB) ==================== MBR & Partitietabel ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 0A7AB398) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: FC2314DD) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 7D1B84DC) Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1396.7 GB) - (Type=07 NTFS) ==================== Einde van Addition.txt =======================