! In dit forumonderdeel kunnen forumgebruikers alleen op eigen onderwerpen reageren.

1. Voor het verhelpen van problemen met Windows Update zijn vaak meerdere stappen nodig, helaas bestaat er geen all-in-one tool om dit soort problemen op te lossen.
2. Neem a.u.b. nooit instructies van gelijkaardige problemen over, dit kan averechts werken en voor problemen zorgen. Open altijd een eigen onderwerp en volg de daarin gegeven instructies op.
Plaats reactie
1
- Welke versie van Windows is er in gebruik: Windows 10
- Welke virusscanner is er geïnstalleerd: Windows defender
- Wanneer ontstond het probleem: (omschrijf het probleem hieronder zo uitgebreid mogelijk).
Geen idee wanneer het probleem ontstaan is. Het is een laptop van m'n zwager. Via nationaalcomputerforum ben ik hier naar toe gestuurd.
https://www.nationaalcomputerforum.nl/t ... et.140916/
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
2
Hallo en welkom op het forum,

Exporteer de volgende registersleutel als hive-bestand
  • Open het startmenu en typ het commando CMD en kies de optie als administrator uitvoeren.
  • Kopieer en plak nu de onderstaande commandoregels in de opdrachtprompt en druk op enter.

Code: Selecteer alles

reg save "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" "%userprofile%\Desktop\Services.hiv"
  • Klik nu met de rechtermuisknop op Services.hiv en kies de optie Kopiëren naar > Gecomprimeerde (gezipte) map.
  • Upload dit bestand naar https://wetransfer.com/ en plaats hier de downloadlink.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
6
Hallo,

Stap 1. Download Afbeelding SFCFix naar bijvoorbeeld het bureaublad.

Let op: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  • Zorg dat Afbeelding SFCFix.exe op het bureaublad staat.
  • Download de bijlage SFCFixScript.txt en sla dit bestand ook op het bureaublad op.
  • Let op: Sluit nu eerst alle openstaande programma's.
  • Sleep het bestand SFCFixScript.txt in SFCFix.exe zoals op onderstaande afbeelding:
Afbeelding
  • SFCFix zal het script vervolgens uitvoeren.
  • Na afloop hiervan zal op het bureaublad een logbestand met de naam SFCFix.txt verschijnen.
  • Post dit logbestand als bijlage in je volgend bericht.

Stap 2. Download Afbeelding Farbar Service Scanner naar het bureaublad.

Farbar Service Scanner uitvoeren
  • Klik met de rechtermuisknop op FSS.exe en kies voor de optie "Als administrator uitvoeren".
  • Vink vervolgende de onderstaande items aan.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center / Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klik vervolgens op de knop Scan.
  • Er zal u een logbestand aangemaakt worden (FSS.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Plaats de inhoud hiervan in uw volgende bericht als bijlage.
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
7
SFCFix version 3.0.2.1 by niemiro.
Start time: 2025-01-14 18:54:48.594
Microsoft Windows 10 Build 19045 - amd64
Using .txt script file at C:\Users\Opa Job\Desktop\SFCFixScript.txt [0]




RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc with error code ERROR_ACCESS_DENIED.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend with error code ERROR_ACCESS_DENIED.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\Security.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\0.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\1.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc with error code ERROR_ACCESS_DENIED.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters with error code ERROR_ACCESS_DENIED.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security with error code ERROR_ACCESS_DENIED.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend with error code ERROR_ACCESS_DENIED.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security with error code ERROR_ACCESS_DENIED.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.

Failed to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.

Failed to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.

Failed to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\Security.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\0.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\1.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.

Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters.

Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security.

Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.

Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.
WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security.

Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc.
Failed to import registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc\Security.

Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\Security.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\0.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\1.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend.
Failed to find stored datablock for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc with error code ERROR_FILE_NOT_FOUND.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc\Security with error code ERROR_FILE_NOT_FOUND.
Failed to open registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc with error code ERROR_FILE_NOT_FOUND.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
RegistryScript:: directive failed to complete successfully.




Failed to process all directives successfully.



Failed to generate a complete zip file. Upload aborted.


SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 8 datablocks.
Finish time: 2025-01-14 18:58:53.448
Script hash: QoQdhk6+t3RH4iqPigdGc+PX6/Jf+1Fx7VlmZT/UWME=
----------------------EOF-----------------------
8
Farbar Service Scanner Version: 26-11-2024 01
Ran by Opa Job (administrator) on 14-01-2025 at 19:31:41
Running from "C:\Users\Opa Job\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
windefend Service is not running. Checking service configuration:
The start type of windefend service is "Auto".
The ImagePath of windefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23070.1004-0\MsMpEng.exe"".
WdNisSvc Service is not running. Checking service configuration:
The start type of WdNisSvc service is "Demand".
The ImagePath of WdNisSvc: ""%ProgramData%\Microsoft\Windows Defender\platform\4.18.23070.1004-0\NisSrv.exe"".
MDCoreSvc Service is not running. Checking service configuration:
Checking Start type of MDCoreSvc: ATTENTION!=====> Unable to open MDCoreSvc registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23070.1004-0\MsMpEng.exe => File is digitally signed
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23070.1004-0\NisSrv.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
9
AfbeeldingHelaas is de vorige niet gelukt vanwege een probleem met permissies.

Start de Afbeelding Farbar Recovery Scan Tool nogmaals.
Let op: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
  • Dubbelklik op FRST.exe om de tool te starten.
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk op de Fix knop
  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand als bijlage toe aan het volgende bericht..
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
10
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 14-01-2025
Gestart door Opa Job (15-01-2025 11:52:44) Run:1
Gestart vanaf C:\Users\Opa Job\Desktop
Geladen Profielen: Opa Job
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc
ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend
*****************

===================================
rechten van "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services":

Owner: NT AUTHORITY\SYSTEM

DACL:NP

BUILTIN\Users ALLOW Read (CI-I)
BUILTIN\Administrators ALLOW All Access (CI-I)
NT AUTHORITY\SYSTEM ALLOW All Access (CI-I)
CREATOR OWNER ALLOW All Access (CI-IO-I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW Read (CI-I)
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 ALLOW Read (CI-I)


===================================
===================================
rechten van "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc":

Owner: NT AUTHORITY\SYSTEM

DACL:AI

BUILTIN\Users ALLOW Read (CI-I)
BUILTIN\Administrators ALLOW All Access (CI-I)
NT AUTHORITY\SYSTEM ALLOW All Access (CI-I)
CREATOR OWNER ALLOW All Access (CI-IO-I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW Read (CI-I)
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 ALLOW Read (CI-I)


===================================

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc" -> Ophalen van rechten mislukt. sleutel niet gevonden.
===================================
rechten van "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend":

Owner: NT AUTHORITY\SYSTEM

DACL:AI

BUILTIN\Users ALLOW Read (CI-I)
BUILTIN\Administrators ALLOW All Access (CI-I)
NT AUTHORITY\SYSTEM ALLOW All Access (CI-I)
CREATOR OWNER ALLOW All Access (CI-IO-I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW Read (CI-I)
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 ALLOW Read (CI-I)


===================================

==== Einde van Fixlog 11:52:44 ====
11
We hebben voor de fix wellicht een combinatie van tools nodig om de fix met system privileges uit te voeren.

Please follow these instructions to run the Afbeelding Farbar Recovery Scan Tool with system privileges.

Download the 64 bit version: - Farbar Recovery Scan Tool Link

Warning: This script was written specifically for this system. Do not run this script on another system.
  • Download PsExec from Microsoft Sysinternals to your desktop.
  • Unzip PsTools.zip to its own directory on the system drive, for example: C:\Tools\PsTools
  • Navigate in an elevated command prompt to the PsTools directory: cd C:\Tools\PsTools.
  • Now copy and paste the following command into the command prompt and press enter. Click on the Agree button when the licence agreement of PsExec appears.
  • Note: Ensure that both FRST64.exe and the Fixlist.txt file are on your desktop! Otherwise you'll need to ammend the command to the right location.

    Code: Selecteer alles

    psexec -i -d -s "%userprofile%\desktop\FRST64.exe"
    
  • FRST will make a new backup of the registry first, please wait until this process is completed.
  • Ensure the provided Fixlist.txt is in the same location as FRST64.exe and then press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.
  • When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  • Post the logfile Fixlog.txt as attachment in your next reply.
Als gast kunt u geen bijlagen bekijken. Registreer via deze link een (gratis) account om bijlagen te kunnen bekijken.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
12
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2025
Ran by SYSTEM (15-01-2025 17:56:31) Run:2
Running from C:\Users\Opa Job\Desktop
Loaded Profiles: Opa Job
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend

StartRegedit:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dosvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dosvc.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="NT Authority\\NetworkService"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6f,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"SvcMemHardLimitInMB"=dword:00000027
"SvcMemMidLimitInMB"=dword:0000001b
"SvcMemSoftLimitInMB"=dword:0000000f
"Type"=dword:00000020
"DelayedAutostart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\
00,28,00,02,00,02,00,01,06,00,00,00,00,00,05,50,00,00,00,4d,f8,19,b6,b3,a7,\
7f,e3,93,9a,10,ee,20,5d,51,ab,9b,39,b9,82,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:75,10,bc,a3,29,01,c6,41
"DataType0"=dword:00000001
"GUID"=hex:16,28,7a,2d,5e,0c,fc,45,9c,e7,57,0e,5e,cd,e9,c9
"Type"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc\TriggerInfo\1]
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
"Type"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc]
"DependOnService"=hex(7):57,00,64,00,4e,00,69,00,73,00,44,00,72,00,76,00,00,00,\
00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-242"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-320"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,25,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,65,00,\
66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,70,00,6c,00,61,00,74,00,66,00,6f,\
00,72,00,6d,00,5c,00,34,00,2e,00,31,00,38,00,2e,00,32,00,33,00,30,00,34,00,\
2e,00,38,00,2d,00,30,00,5c,00,4e,00,69,00,73,00,53,00,72,00,76,00,2e,00,65,\
00,78,00,65,00,22,00,00,00
"LaunchProtected"=dword:00000003
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security]
"Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,9c,00,06,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
00,01,06,00,00,00,00,00,05,50,00,00,00,bf,55,08,72,3b,e0,28,d0,89,79,4b,f8,\
91,89,6e,7c,40,25,ec,f4,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-240"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-310"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,e8,03,00,00,01,00,00,00,10,27,00,00,01,00,00,00,60,ea,00,00
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,44,00,61,00,74,00,61,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,\
65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,70,00,6c,00,61,00,74,00,66,\
00,6f,00,72,00,6d,00,5c,00,34,00,2e,00,31,00,38,00,2e,00,32,00,33,00,30,00,\
34,00,2e,00,38,00,2d,00,30,00,5c,00,4d,00,73,00,4d,00,70,00,45,00,6e,00,67,\
00,2e,00,65,00,78,00,65,00,22,00,00,00
"LaunchProtected"=dword:00000003
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,\
00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,73,00,\
65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]
"Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,9c,00,06,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
00,01,06,00,00,00,00,00,05,50,00,00,00,bf,55,08,72,3b,e0,28,d0,89,79,4b,f8,\
91,89,6e,7c,40,25,ec,f4,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,25,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,65,00,\
66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,50,00,6c,00,61,00,74,00,66,00,6f,\
00,72,00,6d,00,5c,00,34,00,2e,00,31,00,38,00,2e,00,32,00,34,00,30,00,39,00,\
30,00,2e,00,31,00,31,00,2d,00,30,00,5c,00,4d,00,70,00,44,00,65,00,66,00,65,\
00,6e,00,64,00,65,00,72,00,43,00,6f,00,72,00,65,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="@C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.24090.11-0\\MpAsDesc.dll,-245"
"ObjectName"="LocalSystem"
"Description"="@C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.24090.11-0\\MpAsDesc.dll,-244"
"ServiceSidType"=dword:00000001
"LaunchProtected"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,\
65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,\
69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,\
00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,\
76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,68,00,75,00,74,\
00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,\
00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,e8,03,00,00,01,00,00,00,10,27,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDCoreSvc\Security]
"Security"=hex:01,00,14,80,0c,01,00,00,18,01,00,00,14,00,00,00,48,00,00,00,02,\
00,34,00,02,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,14,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,13,00,02,00,00,00,06,00,\
00,02,00,c4,00,07,00,00,00,00,00,18,00,bd,01,02,00,01,02,00,00,00,00,00,05,\
20,00,00,00,21,02,00,00,00,00,14,00,bd,01,02,00,01,01,00,00,00,00,00,05,12,\
00,00,00,00,00,18,00,bd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\
00,00,00,00,14,00,bd,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,\
00,bd,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,00,\
01,06,00,00,00,00,00,05,50,00,00,00,bf,55,08,72,3b,e0,28,d0,89,79,4b,f8,91,\
89,6e,7c,40,25,ec,f4,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,\
00,00,9c,2c,d2,01,4a,89,fb,78,9b,be,5d,db,73,a6,49,8b,88,8c,34,1f,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

EndRegedit:
*****************

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend => could not remove. Access Denied.
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc <==== Access Denied
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Parameters <==== Access Denied
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc\Security <==== Access Denied
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend <==== Access Denied
Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security <==== Access Denied
Registry ====> ERROR: Error accessing the registry.

Resultaat van geplande bestanden te verplaatsen (Boot Modus: Normal) (Datum&Tijd: 15-01-2025 17:57:30)


Resultaat van geplande sleutels te verwijderen na herstart:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WdNisSvc => kon niet worden verwijderd. Toegang geweigerd.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend => kon niet worden verwijderd. Toegang geweigerd.

==== Einde van Fixlog 17:57:30 ====
13
Helaas nog steeds hetzelfde probleem, Start de computer op in de veilige modus en voer de voorgaande fix opnieuw uit.
  • Open het startmenu en typ het commando msconfig en druk op enter.
  • Open het tabblad Computer opstarten.
  • Plaats een vinkje bij de optie Opstarten in veilige modus en selecteer de optie Minimaal.
    • Om weer in de normale modus van Windows op te starten haal je het vinkje weg bij de optie "Opstarten in veilige modus".
  • Klik vervolgens op OK en laat de computer herstarten door op Opnieuw opstarten te klikken.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
14
Het jammer maar het lukt niet. Als ik in de veilige modus opstart en de fix wil uitvoeren kan hij het programma PSExec niet vinden.
Ik heb besloten om de pogingen te staken. Ik zet nu een antivirus programma op de laptop dan is hij toch beveiligd.

Hartelijk dank voor je hulp en de tijd die je erin hebt gestopt.
15
Indien PSXec niet werkt, kan je SFCFix in post #6 ook nog proberen in de veilige modus, dat zou namelijk moeten werken en misschien lukt het dan wel zonder access denied errors.

De laptop is dan wel beveiligd met een andere Antivirus, maar mogelijk loop je in de toekomst tegen andere problemen aan omdat bepaalde services niet functioneren. Een andere optie die je ook nog kan uitvoeren in de volgende tool in de veilige modus.

Download Afbeelding Windows Repair (All-in-One) Portable to your desktop.
  • Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
  • Keep the defaults and click the Extract button.
  • A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
  • Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
  • Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
  • Double-click on Repair_Windows.exe to open.
  • When the program opens, click the Repairs tab and click the Open Repairs button.
  • A backup of your registry will be made. After a few moments you will have many options from which you can choose.
  • Please click the Unselect All button and then click to enable only the following ones:
    • Reset Registry Permissions
    • Reset File Permissions
    • Reset Service Permissions
    • Register System Files
    • Repair WMI
    • Remove Policies Set By Infections
    • Repair Windows Updates
    • Restore Important Windows Services
    • Set Windows Services To Default Startup
  • Ensure the Restart/Shutdown System check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
  • Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Plaats reactie

Maak een account aan of log in om deel te nemen aan de discussie

Je moet lid zijn om een ​​reactie te kunnen plaatsen

Maak een account aan

Geen lid? Registreer om lid te worden van onze community
Leden kunnen hun eigen onderwerpen starten en zich abonneren op onderwerpen
Het is gratis en duurt maar een minuut

Registreer

Log in

Gebruikersnaam
Wachtwoord

Terug naar “Windows Update problemen & SFC Scannow corrupties”