Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 17-04-2021 Gestart door rienv (25-04-2021 12:23:02) Gestart vanaf C:\Users\rienv\OneDrive\Bureaublad Windows 10 Home Versie 20H2 19042.928 (X64) (2020-10-23 15:52:28) Boot Modus: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1745599379-2395707021-3466574334-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1745599379-2395707021-3466574334-503 - Limited - Disabled) Gast (S-1-5-21-1745599379-2395707021-3466574334-501 - Limited - Disabled) rienv (S-1-5-21-1745599379-2395707021-3466574334-1010 - Administrator - Enabled) => C:\Users\rienv sjann (S-1-5-21-1745599379-2395707021-3466574334-1011 - Limited - Enabled) => C:\Users\sjann WDAGUtilityAccount (S-1-5-21-1745599379-2395707021-3466574334-504 - Limited - Disabled) ==================== Security Center ======================== (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: BullGuard Antispyware (Enabled - Up to date) {B73BE81F-4345-B6C3-E5AB-80F647E9AA59} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Geïnstalleerde programma's ====================== (Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated) BitTorrent (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.3 - Canon Inc.) Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: - Canon Inc.) Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.) Foxit PhantomPDF (HKLM-x32\...\{DB5A079E-C1DA-11E8-BD2C-000C296BF2A5}) (Version: 9.3.0.10826 - Foxit Software Inc.) Gebruikersregistratie voor Canon MG3600 series (HKLM-x32\...\Gebruikersregistratie voor Canon MG3600 series) (Version: - ‭Canon Inc.) GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team) Glary Utilities 5.156 (HKLM-x32\...\Glary Utilities 5) (Version: 5.156.0.182 - Glarysoft Ltd) Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version: - ) <==== AANDACHT Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.85 - Google LLC) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1826.12.0.1146 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.7.0.1009 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden Java(TM) SE Development Kit 15.0.1 (64-bit) (HKLM\...\{E6A95593-92FB-518A-B2D5-5E9EE8CBEA82}) (Version: 15.0.1.0 - Oracle Corporation) Kaspersky Security Cloud (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) KeePass Password Safe 2.47 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.47 - Dominik Reichl) Life App Explorer (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\Host App Service) (Version: 0.273.3.921 - SweetLabs) <==== AANDACHT Life App Explorer (HKU\S-1-5-21-1745599379-2395707021-3466574334-1011\...\Host App Service) (Version: 0.273.3.921 - SweetLabs) <==== AANDACHT MGET FLAC2MP3 convertor (HKLM-x32\...\MGET FLAC2MP3 convertor_is1) (Version: - ) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.46 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 15.0.5327.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1745599379-2395707021-3466574334-1011\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 88.0 (x64 nl) (HKLM\...\Mozilla Firefox 88.0 (x64 nl)) (Version: 88.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5327.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5327.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0413-0000-0000000FF1CE}) (Version: 15.0.5327.1000 - Microsoft Corporation) Hidden ProtonVPN (HKLM-x32\...\{2E5B3FB1-FDCC-4BC8-AA99-E0EE5343CAF8}) (Version: 1.16.3 - Proton Technologies AG) Hidden ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.3) (Version: 1.16.3 - Proton Technologies AG) ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG) Stremio (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\Stremio) (Version: 4.4.25 - Smart Code Ltd.) SupportAPP (HKLM\...\{0000A0AB-3A12-1EF4-A21C-9ADE1843AB04}) (Version: 1.1 - ) Sweet Home 3D version 6.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.2 - eTeks) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation) TomTom HOME 2.20.8.1298 (HKLM\...\TomTom HOME) (Version: 2.20.8.1298 - TomTom) TomTom MyDrive Connect 4.2.11.4200 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.11.4200 - TomTom) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation) ViewRight Web PC 4.1.2.0 (HKLM-x32\...\{40361A03-B6D7-461C-90EB-8D7DBF2A94E6}) (Version: 4.1.2.0 - Verimatrix, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN) WhatsApp (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\WhatsApp) (Version: 2.2114.9 - WhatsApp) Windows 10-updateassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23192 - Microsoft Corporation) Zoom (HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.) Packages: ========= Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.401.0_x64__rz1tebttyb220 [2021-04-22] (Dolby Laboratories) Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20402.409.0_x64__rz1tebttyb220 [2021-02-01] (Dolby Laboratories) Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Intel® Graphics besturingscentrum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-04-06] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-28] (INTEL CORP) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-03-29] (LinkedIn) Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation) Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_2.3.4061.0_x86__8wekyb3d8bbwe [2021-04-22] (Microsoft Studios) Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.11030.0_x64__8wekyb3d8bbwe [2020-12-25] (Microsoft Studios) [MS Ad] Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_3.1.9160.0_x86__8wekyb3d8bbwe [2020-12-25] (Microsoft Studios) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-18] (Microsoft Studios) [MS Ad] Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.3.2100.0_x64__8wekyb3d8bbwe [2021-04-05] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-17] (Netflix, Inc.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.224.0_x64__dt26b99r8h8gj [2020-10-20] (Realtek Semiconductor Corp) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-04-05] (Microsoft Corporation) Uitbreiding voor MPEG-2-video -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2020-11-20] (Media Life) ==================== Aangepaste CLSID (gefilterd): ============== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Bestand niet getekend] ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-12-04] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\shellex.dll [2021-02-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-07-01] (Wondershare Technology Co.,Ltd -> Wondershare) ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-12-04] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\shellex.dll [2021-02-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Bestand niet getekend] ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\shellex.dll [2021-02-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Bestand niet getekend] ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-12-04] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\shellex.dll [2021-02-27] (Kaspersky Lab JSC -> AO Kaspersky Lab) ==================== Codecs (gefilterd) ==================== ==================== Snelkoppelingen & WMI ======================== (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ShortcutWithArgument: C:\Users\rienv\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Geladen Modules (gefilterd) ============= 2019-09-27 16:01 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll 2019-09-27 16:01 - 2017-07-05 13:43 - 000561152 _____ (CANON INC.) [Bestand niet getekend] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll 2019-04-04 15:32 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [Bestand niet getekend] C:\Program Files\7-Zip\7-zip.dll 2021-04-05 19:25 - 2021-04-05 19:25 - 042499072 _____ (Intel Corporation) [Bestand niet getekend] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.dll ==================== Alternate Data Streams (gefilterd) ======== ==================== Veilige Modus (gefilterd) ================== ==================== Bestandskoppeling (gefilterd) ================= ==================== Internet Explorer (gefilterd) ========== HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D040719-N0690A915F698E57&form=CONMHP&conlogo=CT3335818 HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-1745599379-2395707021-3466574334-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-1745599379-2395707021-3466574334-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE SearchScopes: HKU\S-1-5-21-1745599379-2395707021-3466574334-1010 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D040719-N0700A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms} SearchScopes: HKU\S-1-5-21-1745599379-2395707021-3466574334-1010 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D040719-N0700A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2020-06-16] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2020-06-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2018-09-26] (Foxit Software Incorporated -> ) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2018-09-26] (Foxit Software Incorporated -> ) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2019-03-29] (Microsoft Corporation -> Microsoft Corporation) (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.) IE trusted site: HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\sharepoint.com -> hxxps://mustbewindnl-files.sharepoint.com IE trusted site: HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts inhoud: ========================= (Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.) 2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere gebieden =========================== (Momenteel is er geen automatische fix voor dit onderdeel.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Player\bin\;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\rienv\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg HKU\S-1-5-21-1745599379-2395707021-3466574334-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\sjann\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg DNS Servers: 192.168.7.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is ingeschakeld. Network Binding: ============= Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) LAN-verbinding: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) Bluetooth-netwerkverbinding: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items == (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\StartupApproved\Run: => "btweb" HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\StartupApproved\Run: => "MyDriveConnect.exe" HKU\S-1-5-21-1745599379-2395707021-3466574334-1010\...\StartupApproved\Run: => "OneDrive" ==================== Firewall regels (gefilterd) ================ (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [UDP Query User{E7F6C37C-B011-4B2F-9B12-FA974B38C2B2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{15E8E758-F049-4B1A-9534-3EED5D1BD617}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{55BB1235-115C-462D-A6B1-EC2969BF807C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4E03153D-8BC5-4B66-89F2-1B0F558BC78D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{0210DC8E-0370-46D0-9D84-C16A0F54281E}C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{B9691545-BE48-43CB-BC03-E766DC7FC9C7}C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{86B37AF0-0748-469A-AD6C-CD34019D009A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7EE56A46-2C5D-4B5A-91A7-2D5FF998191C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{87AE9801-45B4-4AF2-84D3-C75989F16161}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{98DC08F8-EE5A-4C5A-866F-6F916EBC4DAB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{35C8BADB-4742-4767-99CE-4EAE21A71F96}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{612C6CEF-ADA2-4752-A316-72CF7E98EBC3}C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe] => (Block) C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{35699AC1-5F3B-4BF2-9917-6FA2B5182571}C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe] => (Block) C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{BEC51D95-1F1B-40A5-ABB0-40C13952860F}C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{68217771-8572-4123-BCA8-772244E1507B}C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\rienv\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{71704D07-A993-487A-9300-A5A0E6E03BA1}C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{3AB72030-C5A4-4B01-88C0-12F641C836CC}C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\rienv\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{D169770D-A014-4CD1-806F-E1E23485F7B4}] => (Allow) C:\Users\rienv\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{9F691613-1B33-4069-83ED-7C2247DEFC15}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{AEF21CC9-682C-481B-965E-6F79DF368331}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{8F9D18ED-121E-4AB3-8600-AC31B855925A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Geen bestand FirewallRules: [{1518A7CF-4280-4062-9B06-F75339A919CD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Geen bestand FirewallRules: [{FEDDD6FA-0F17-43D0-A999-32E7528D1AC8}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Geen bestand FirewallRules: [{5BACAC75-E48D-437C-9D74-22BB76519D89}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{72E8329D-B72B-4FAF-B25A-10EF2AE975D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{38BE3496-DFAB-44DE-BF7C-CBADF0EF6C0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A73C6CFA-6B1A-4A3A-871F-7F81549297C8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{12DE1EF3-8F25-4503-88AB-6A9A7CDBC80D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Herstelpunten ========================= 12-04-2021 07:23:47 Installed Foxit PhantomPDF 14-04-2021 20:38:25 Installed Foxit PhantomPDF 16-04-2021 07:46:23 Installatieprogramma voor Windows-modules ==================== Defecte Apparaatbeheer Apparaten ============ ==================== Eventlog fouten: ======================== Applicatiefouten: ================== Error: (04/25/2021 12:20:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x8007045b, Systeem wordt afgesloten. . Error: (04/25/2021 12:20:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten. ] Error: (04/25/2021 12:20:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x8007045b, Systeem wordt afgesloten. . Error: (04/25/2021 12:20:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten. ] Error: (04/17/2021 07:30:19 AM) (Source: Outlook) (EventID: 34) (User: ) Description: Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x8007045b. Error: (04/14/2021 07:38:04 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x8007045b, Systeem wordt afgesloten. . Error: (04/14/2021 07:38:04 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten. ] Error: (04/14/2021 07:38:04 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x8007045b, Systeem wordt afgesloten. . Systeemfouten: ============= Error: (04/25/2021 07:50:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (04/20/2021 06:23:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (04/18/2021 07:55:42 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: Er is een onherstelbare fout opgetreden bij het maken van een TLS-referentie voor client. De interne foutstatus is 10013. Error: (04/18/2021 07:51:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (04/17/2021 12:20:32 PM) (Source: ACPI) (EventID: 4) (User: ) Description: AMLI: ACPI BIOS probeert op het ongeldige I/O-poortadres 0x75 te lezen, dat in het beschermde 0x74 - 0x76-adresbereik ligt. Dit leidt mogelijk tot een instabiel systeem. Neem voor technische ondersteuning contact op met de leverancier van het systeem. Error: (04/17/2021 12:20:32 PM) (Source: ACPI) (EventID: 5) (User: ) Description: AMLI: ACPI BIOS probeert naar het ongeldige I/O-poortadres 0x74 te schrijven, dat in het beschermde 0x74 - 0x76-adresbereik ligt. Dit leidt mogelijk tot een instabiel systeem. Neem voor technische ondersteuning contact op met de leverancier van het systeem. Error: (04/17/2021 12:10:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PRACD1P) Description: De server {40ECCDBB-2202-4FDF-83ED-272187326B7A} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd. Error: (04/14/2021 07:52:43 PM) (Source: ACPI) (EventID: 4) (User: ) Description: AMLI: ACPI BIOS probeert op het ongeldige I/O-poortadres 0x75 te lezen, dat in het beschermde 0x74 - 0x76-adresbereik ligt. Dit leidt mogelijk tot een instabiel systeem. Neem voor technische ondersteuning contact op met de leverancier van het systeem. CodeIntegrity: =============== Date: 2021-04-25 12:22:41 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. Date: 2021-04-25 12:20:29 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-04-25 07:42:58 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. ==================== Geheugen info =========================== BIOS: American Megatrends Inc. 212 09/17/2019 Moederbord: MEDION M15WUN Processor: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz Percentage geheugen in gebruik: 47% Totaal fysiek RAM-geheugen: 8081.19 MB Beschikbaar fysiek RAM-geheugen: 4221.94 MB Totaal Virtueel geheugen: 13457.19 MB Beschikbaar Virtueel geheugen: 9280.47 MB ==================== Schijven ================================ Drive c: (Boot) (Fixed) (Total:449.85 GB) (Free:128.32 GB) NTFS Drive d: (Recover) (Fixed) (Total:25 GB) (Free:7.34 GB) NTFS \\?\Volume{f0400058-6214-466b-847c-7e19919c687f}\ () (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS \\?\Volume{26580dcb-9638-4297-af1b-503ad45458cb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitietabel ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 7F73D08D) Partition: GPT. ==================== Einde van Addition.txt =======================