Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 06.05.2018 01
Gestart door F.J.Stols (Beheerder) op AZERTY (08-05-2018 08:35:17)
Gestart vanaf C:\Users\Gebruiker\Desktop
Geladen Profielen: F.J.Stols (Beschikbare Profielen: F.J.Stols)
Platform: Windows 10 Home Versie 1803 17134.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: FF)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processen (gefilterd) =================
(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(4Team) C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(BonSoft) C:\Program Files\ClocX\ClocX.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(eCOSM) C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
(4Team Corporation) C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Register (gefilterd) ===========================
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [588872 2017-02-20] ()
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [ClocX] => C:\Program Files\ClocX\ClocX.exe [2713600 2013-01-14] (BonSoft)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [495616 2007-08-20] (Gadwin Systems, Inc)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [MailWasher] => C:\PROGRA~2\MAILWA~1\MAILWA~1.EXE* [4393984 2003-11-06] ()
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [15792632 2018-02-01] (4Team Corporation)
==================== Internet (gefilterd) ====================
(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Tcpip\..\Interfaces\{b759dc05-4683-4f91-beb2-29472251c1ba}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.google.nl/
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://
www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://
www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-6b3d718d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://
www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://
www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> {1D4B9C1E-025D-41AE-8DEF-B53071ADC0CD} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
SearchScopes: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://
www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1916800224-2560957495-3225600593-1001 -> hxxp://
www.google.com
FireFox:
========
FF DefaultProfile: ujuy6qkm.default-1520352159751
FF DefaultProfile: 2ueyth03.default
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\TomTom\HOME\Profiles\qt9tjb9c.default [2017-08-15]
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ujuy6qkm.default-1520352159751 [2018-05-08]
FF Homepage: Mozilla\Firefox\Profiles\ujuy6qkm.default-1520352159751 ->
www.google.nl/
FF Extension: (uBlock Origin) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ujuy6qkm.default-1520352159751\Extensions\
uBlock0@raymondhill.net.xpi [2018-05-04]
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\2ueyth03.default [2018-05-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (gefilterd) ====================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1278208 2017-02-20] ()
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-09-04] (AOMEI Tech Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-07-23] (Macrovision Europe Ltd.) [Bestand niet getekend]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4795288 2017-02-13] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1282232 2018-01-19] (Bitdefender)
R2 SafePSTShadowCopy; C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe [16392 2018-02-01] (4Team)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7013704 2016-12-21] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [240696 2018-05-01] (Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [240696 2018-05-01] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240696 2018-05-01] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (gefilterd) ======================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] ()
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1179248 2018-04-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1725800 2018-03-10] (BitDefender)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2017-12-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2017-12-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-12-07] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-12-07] (Avira Operations GmbH & Co. KG)
R0 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [154888 2018-03-10] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-07] (Bitdefender)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [248336 2018-03-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-03-13] (Acronis International GmbH)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [191784 2018-03-10] (BitDefender LLC)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-04-27] (Malwarebytes)
R1 mtihint; C:\WINDOWS\system32\Drivers\mtihint.sys [18504 2015-07-14] (Micron Technology, Inc.) [Bestand niet getekend]
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310560 2017-03-13] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [214360 2017-03-13] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [688864 2017-03-13] (Acronis International GmbH)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [607280 2018-05-01] (Bitdefender)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102576 2015-08-21] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25904 2015-08-21] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-21] ()
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324448 2017-03-13] (Acronis International GmbH)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
U3 iswSvc; geen ImagePath
==================== NetSvcs (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
en dan:
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 06.05.2018 01
Gestart door F.J.Stols (08-05-2018 08:37:32)
Gestart vanaf C:\Users\Gebruiker\Desktop
Windows 10 Home Versie 1803 17134.1 (X64) (2018-05-01 16:02:31)
Boot Modus: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1916800224-2560957495-3225600593-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1916800224-2560957495-3225600593-503 - Limited - Disabled)
F.J.Stols (S-1-5-21-1916800224-2560957495-3225600593-1001 - Administrator - Enabled) => C:\Users\Gebruiker
Gast (S-1-5-21-1916800224-2560957495-3225600593-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1916800224-2560957495-3225600593-504 - Limited - Disabled)
==================== Security Center ========================
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Geïnstalleerde programma's ======================
(Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.)
4Team Safe PST Backup (HKLM-x32\...\{DF6372B1-3687-4C35-8FF3-AF289944A037}) (Version: 2.70.0639 - 4Team Corporation)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adres 2000 Versie 1.93 (HKLM-x32\...\Adres 2000_is1) (Version: - H.C.C. Akkerman)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.78 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.10.12 - Bitdefender)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Rolodex 3.2 (HKLM\...\{48FC3F43-D57D-43A3-B1E6-EE88AFD93DE5}) (Version: 3.2 - Woerdekom Webdesign en Software)
FastStone Capture 4.8 (HKLM-x32\...\FastStone Capture) (Version: 4.8 - FastStone Soft)
FastStone Image Viewer 6.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.4 - FastStone Soft)
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.3 - Gadwin Systems, Inc.)
Gebruikersregistratie voor Canon MG6600 series (HKLM-x32\...\Gebruikersregistratie voor Canon MG6600 series) (Version: - Canon Inc.)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited)
Malwarebytes versie 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
NVIDIA 3D Vision controllerstuurprogramma 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.93.00 - Panda Security) Hidden
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - Uw bedrijfsnaam)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WhatsApp (HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\WhatsApp) (Version: 0.2.9229 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Wise Disk Cleaner 9.73 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.73 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 9.5.5 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.5.5 - WiseCleaner.com, Inc.)
ZoneAlarm Antivirus (HKLM-x32\...\{1E626920-8C87-4114-BBD0-428B6F4BFB4F}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
==================== Aangepaste CLSID (gefilterd): ==========================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> Geen bestand
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => -> Geen bestand
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> Geen bestand
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => -> Geen bestand
==================== Geplande Taken (gefilterd) =============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
Task: {03A48460-7DE1-483B-B5E6-F0C1E9C65D6A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {07C7DC7C-CFD5-4205-9F90-827910FE6D07} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {28912CB6-DDD4-49E7-AE8E-7F79DEC40FF0} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {32309752-8F3B-4705-B828-99C458485744} - System32\Tasks\S-1-5-21-1916800224-2560957495-3225600593-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {4031BCF8-B131-4C2D-B9DB-C6413139549E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-30] (Microsoft Corporation)
Task: {40DD6017-782F-43B3-AEF3-9AA4634D15C6} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2018-04-10] (WiseCleaner.com)
Task: {495DDB1E-2354-4A25-A523-0F326C7E717E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {4D7EE024-5645-45C6-A06A-87AF0F3FBFFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-30] (Microsoft Corporation)
Task: {5F8E209E-4C48-4828-A1D4-4967CF23B3E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6B31CA1C-C0F9-4F8C-AA6F-AD074AD1565F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-30] (Microsoft Corporation)
Task: {73DBD391-BE80-4FFC-BF4E-2BF6B30205C0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {86A8A05C-DA51-44CB-B60D-1E9E371F987D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-04-30] (Microsoft Corporation)
Task: {964DCF5A-4676-4E00-8FE3-E455808F97B9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {B023A6D4-5F3D-47BB-8ADA-D2BE786B5CD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {B04A40A7-AD03-4856-AD97-AFDDFE00BA7B} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2017-11-09] ()
Task: {B3F76EB7-EF2C-4675-9FD2-B8AF73020F8E} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {D3147D94-0CC0-4C2F-BBB8-2D820098EA1F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {E2C5A62E-7B4E-4367-8D20-5420025AAB75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {ECF8FDF8-7EAB-4350-A6A6-94186DE17BBF} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2018-03-14] (WiseCleaner.com)
Task: {F249645E-F3B7-4535-B36F-60A69A64402A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-01-19] (Bitdefender)
(Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Snelkoppelingen & WMI ========================
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
==================== Geladen Modules (gefilterd) ==============
2016-07-23 11:08 - 2016-01-22 16:57 - 000089008 _____ () C:\WINDOWS\System32\cpwmon64.dll
2017-02-20 18:24 - 2017-02-20 18:24 - 001278208 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2018-03-10 11:39 - 2013-06-28 16:28 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2018-05-01 18:24 - 2018-05-01 18:24 - 000280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-02-27 13:18 - 2017-02-07 13:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2018-02-27 13:18 - 2017-02-07 13:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2018-02-27 13:18 - 2017-02-07 13:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2018-02-27 13:18 - 2017-02-07 13:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 18:03 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000139112 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000495464 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000040808 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-02-27 14:06 - 2017-09-01 17:35 - 002411968 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000978792 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000348008 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-02-27 14:06 - 2017-09-04 11:10 - 000126832 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-02-27 14:06 - 2017-09-04 11:11 - 000188264 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-07-22 10:10 - 2016-06-14 22:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-04-29 11:49 - 2018-04-30 16:43 - 000164528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
==================== Alternate Data Streams (gefilterd) =========
(Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.)
==================== Veilige Modus (gefilterd) ===================
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.)
==================== Bestandskoppeling (gefilterd) ===============
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.)
==================== Internet Explorer vertrouwde/beperkte toegang ===============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.)
==================== Hosts inhoud: ===============================
(Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.)
2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere gebieden ============================
(Momenteel is er geen automatische fix voor dit onderdeel.)
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.254 - 195.121.1.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is uitgeschakeld.
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-1916800224-2560957495-3225600593-1001\...\StartupApproved\Run: => "OneDrive"
==================== Firewall regels (gefilterd) ===============
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
FirewallRules: [{4B900F12-5F53-469E-9D5B-7357696A8C72}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AAAF11CC-CF22-469C-ABB7-1524B2114B7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{06826EE2-49A5-4F9A-813A-9C874BB0A015}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{41348984-7DEA-47DB-87AB-CED746CA3BF0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6EED48A1-FD4D-4811-A627-DD6DD3120137}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9A626E48-5E9A-452B-B853-D22E6A42B175}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6CDDF7EB-A2D8-48AD-A127-CA89845A05CB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Herstelpunten =========================
02-05-2018 14:06:54 systeemherstel was alweer uitgeschakeld
04-05-2018 11:39:00 de vierde mei
==================== Defecte Apparaatbeheer Apparaten =============
==================== Eventlog fouten: =========================
Applicatiefouten:
==================
Error: (05/08/2018 08:38:00 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID 'FDE3E71C-2412-4847-928C-AD8BC32C3AE8' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:38:00 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID '1A7779C8-8294-4740-8160-E7D888EB3738' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:38:00 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Taakplanner kan de taak >> "" met GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:37:59 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID 'FDE3E71C-2412-4847-928C-AD8BC32C3AE8' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:37:59 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID '1A7779C8-8294-4740-8160-E7D888EB3738' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:37:59 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Taakplanner kan de taak >> "" met GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:37:58 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID 'FDE3E71C-2412-4847-928C-AD8BC32C3AE8' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Error: (05/08/2018 08:37:58 AM) (Source: Acronis Scheduler) (EventID: 1) (User: AZERTY)
Description: Taakplanner kan de taak >> "" met GUID '1A7779C8-8294-4740-8160-E7D888EB3738' niet uitvoeren vanwege fout 267> (The directory name is invalid.).
Systeemfouten:
=============
Error: (05/08/2018 03:57:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
Windows.SecurityCenter.WscBrokerManager
en APPID
Niet beschikbaar
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (05/08/2018 03:55:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De mmsminisrv-service kan vanwege de volgende fout niet worden gestart:
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.
Error: (05/08/2018 03:55:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: mmsminisrv.
Error: (05/08/2018 03:55:14 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: avipbb.sys
Error: (05/08/2018 03:55:12 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
Error: (05/07/2018 03:12:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Starten niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
Windows.SecurityCenter.WscBrokerManager
en APPID
Niet beschikbaar
aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
Error: (05/07/2018 03:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De mmsminisrv-service kan vanwege de volgende fout niet worden gestart:
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.
Error: (05/07/2018 03:10:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: mmsminisrv.
==================== Geheugen info ===========================
Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage geheugen in gebruik: 32%
Totaal fysiek RAM-geheugen: 8127.79 MB
Beschikbaar fysiek RAM-geheugen: 5515.02 MB
Totaal Virtueel geheugen: 9407.79 MB
Beschikbaar Virtueel geheugen: 6302.88 MB
==================== Schijven ================================
Drive c: () (Fixed) (Total:221.22 GB) (Free:166.49 GB) NTFS
Drive e: ( 1 TB dikzak) (Fixed) (Total:931.51 GB) (Free:801.14 GB) NTFS
Drive f: (NieuwVolume) (Fixed) (Total:111.66 GB) (Free:74.85 GB) NTFS
Drive i: (Western Dig USB bovenop) (Fixed) (Total:465.63 GB) (Free:281.55 GB) NTFS
\\?\Volume{58bd4e30-ce49-01d3-18a7-5cac24e7e900}\ (Herstel) (Fixed) (Total:1.11 GB) (Free:0.71 GB) NTFS
\\?\Volume{926f9b4d-00dd-4234-bda6-7b0c27252c8e}\ () (Fixed) (Total:0.47 GB) (Free:0.09 GB) NTFS
\\?\Volume{5b7fd410-ce49-01d3-086a-adad24e7e900}\ () (Fixed) (Total:0.65 GB) (Free:0.62 GB) FAT32
\\?\Volume{4ed8ac85-4ff0-11e6-a66f-806e6f6e6963}\ () (Removable) (Total:0 GB) (Free:0 GB)
==================== MBR & Partitietabel ==================
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 223.6 GB) (Disk ID: 45245DFC)
Partition: GPT.
========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3F00AE48)
Partition: GPT.
==================== Eind van Addition.txt ============================
(ging wat traag weg, hoop dat het compleet en niet dubbel gepost is)