Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 18-02-2017 01 Gestart door vanessa (Beheerder) op VANESSA-PC (19-02-2017 16:24:51) Gestart vanaf C:\Users\vanessa\Desktop Geladen Profielen: vanessa (Beschikbare Profielen: vanessa & DefaultAppPool) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1") Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe ("My Web Shield") C:\Program Files\My Web Shield\mweshield.exe ("My Web Shield") C:\Program Files\My Web Shield\mweshieldup.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox\Firefox.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Suunto) C:\Users\vanessa\AppData\Local\Apps\2.0\DCH1PDD5.R5Y\DCMGTOXB.9EZ\move..tion_391e8feca7b0cf78_0001.0004_6f8afc924d2bed6c\Moveslink2.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files (x86)\Google\Update\Install\{F22ABAF1-DAE9-4C53-9F47-FF527AE548F5}\googleearth-win-7.1.8.3036.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-11] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\...\Run: [EpicScale] => [X] HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\...\Run: [Moveslink2] => C:\Users\vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1795736 2016-11-24] (Lavasoft) HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] () HKU\S-1-5-18\...\Run: [] => [X] HKLM\...\Providers\m75pkb0c: C:\Program Files (x86)\Tuwishprikudom Agent\local64spl.dll [312832 2017-02-10] () AppInit_DLLs: C:\ProgramData\Hotfresh\Domtough.dll => Geen bestand AppInit_DLLs-x32: C:\ProgramData\Hotfresh\S-anla.dll => Geen bestand ShellExecuteHooks: Geen Naam - {7FF42358-ECD1-11E6-946D-64006A5CFC23} - C:\Users\vanessa\AppData\Roaming\Prilecergutain\Woatdrusent.dll -> Geen bestand ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-11] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-11] (AVAST Software) Startup: C:\Users\vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2015-01-14] ShortcutTarget: TornTvDownloader.lnk -> C:\Users\vanessa\AppData\Roaming\TornTV.com\TornTV Downloader.exe (Geen bestand) GroupPolicy: Restrictie - Windows Defender <======= AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-09-18] (Lavasoft Limited) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-09-18] (Lavasoft Limited) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-09-18] (Lavasoft Limited) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-09-18] (Lavasoft Limited) Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-09-18] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-09-18] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-09-18] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-09-18] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-09-18] (Lavasoft Limited) Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-09-18] (Lavasoft Limited) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{f46f5c1c-e53f-4f42-806e-7e1a6e206a03}: [DhcpNameServer] 195.130.131.4 195.130.130.132 Tcpip\..\Interfaces\{f66f5496-a263-4ff0-b541-cfa12d092c83}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://be.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10232__160918__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zEd9PYP5nSeswmzBv6DjgHGAqoc-KKTe-aUmJItgMBOxJT9FT2ZWLPDg7Hv8aaTiyKL0fLYZucxqvHji3gMiRnHZ1nW3_yJWs4YfMRisRi54R9NTnydyPh5zcvQmbAtOlDwf94WHMv032mnxAgttwa2Wc,&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\kej28iaw.default\Profiles\kej28iaw.default [niet gevonden] FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\kej28iaw.default\Profiles\kej28iaw.default [niet gevonden] FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default [2017-02-18] FF NewTab: Mozilla\Firefox\Profiles\kej28iaw.default -> hxxps://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10232__160918__yaff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kej28iaw.default -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kej28iaw.default -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\kej28iaw.default -> hxxps://www.google.com/ FF Extension: (Belgium eID) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\Extensions\belgiumeid@eid.belgium.be.xpi [2016-12-14] FF Extension: (Firefox Hotfix) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\features\{5f4bd318-491d-4e60-8ef3-f66529f3e0c6}\disableSHA1rollout@mozilla.org.xpi [2017-02-16] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\searchplugins\m75pkb0c.xml [2017-02-10] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\searchplugins\yahoo-lavasoft.xml [2016-09-18] FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default [2017-02-19] FF NewTab: Firefox\Firefox\Profiles\kej28iaw.default -> hxxps://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10232__160918__yaff FF DefaultSearchEngine: Firefox\Firefox\Profiles\kej28iaw.default -> Yahoo® FF SelectedSearchEngine: Firefox\Firefox\Profiles\kej28iaw.default -> Yahoo® FF Homepage: Firefox\Firefox\Profiles\kej28iaw.default -> hxxps://www.google.com/ FF Extension: (SimilarWeb) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-17] [ niet getekend] FF Extension: (FF Adr) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-17] [ niet getekend] FF Extension: (Belgium eID) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\belgiumeid@eid.belgium.be.xpi [2016-12-14] FF Extension: (Firefox Hotfix) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF Extension: (Nederlands (NL) Language Pack) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2017-02-17] FF Extension: (Woordenboek Nederlands) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2017-02-17] [ niet getekend] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\features\{5f4bd318-491d-4e60-8ef3-f66529f3e0c6}\disableSHA1rollout@mozilla.org.xpi [2017-02-16] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\searchplugins\m75pkb0c.xml [2017-02-10] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\searchplugins\yahoo-lavasoft.xml [2016-09-18] FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-11-17] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-18] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated) R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [Bestand niet getekend] S4 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [760320 2017-02-11] () [Bestand niet getekend] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-16] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-11] (AVAST Software) R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [162992 2017-02-17] () R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [455168 2017-02-11] () [Bestand niet getekend] <==== AANDACHT R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-11-24] (Lavasoft Limited) R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [931640 2016-08-31] ("My Web Shield") <==== AANDACHT R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348472 2016-08-31] ("My Web Shield") <==== AANDACHT R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated) R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== AANDACHT R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25232 2016-11-24] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WinSAPSvc; C:\Users\vanessa\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: ) [Bestand niet getekend] S2 WinSnare; C:\Users\vanessa\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [Bestand niet getekend] S2 FirefoxDL; "C:\Users\vanessa\AppData\Local\Temp\1\QQBrowser.exe" -isvc [X] <==== AANDACHT S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== AANDACHT ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-11] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-11] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-11] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-11] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-11] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-11] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-11] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-11] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-11] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-11] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-11] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-11] (AVAST Software) S3 EMVSCARD; C:\WINDOWS\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader) R1 mwescontroller; C:\WINDOWS\system32\drivers\mwescontroller.sys [57680 2016-08-31] () <==== AANDACHT S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-31] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; geen ImagePath R1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-19 16:25 - 2017-02-19 16:25 - 00002185 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-19 16:25 - 2017-02-19 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-19 16:24 - 2017-02-19 16:26 - 00027329 _____ C:\Users\vanessa\Desktop\FRST.txt 2017-02-19 16:24 - 2017-02-19 16:24 - 00000000 ____D C:\FRST 2017-02-19 16:23 - 2017-02-19 16:24 - 02422784 _____ (Farbar) C:\Users\vanessa\Desktop\FRST64.exe 2017-02-18 23:57 - 2017-02-18 23:57 - 00000000 ___HD C:\$SysReset 2017-02-18 21:24 - 2017-02-18 21:24 - 00000000 ____D C:\rsit 2017-02-18 21:24 - 2017-02-18 21:24 - 00000000 ____D C:\Program Files\trend micro 2017-02-18 20:38 - 2017-02-18 21:24 - 01222144 _____ C:\Users\vanessa\Desktop\RSITx64.exe 2017-02-18 20:29 - 2017-02-18 20:29 - 00000000 ____D C:\Users\vanessa\AppData\Local\Standuck 2017-02-17 20:09 - 2017-02-17 20:09 - 00000000 ____D C:\Users\vanessa\AppData\Local\Firefox 2017-02-17 20:08 - 2017-02-17 20:08 - 00000000 ____D C:\WINDOWS\system32\log 2017-02-17 20:08 - 2017-02-17 20:08 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Firefox 2017-02-17 20:08 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys 2017-02-17 20:08 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2017-02-17 20:07 - 2017-02-17 20:08 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-02-17 20:07 - 2017-02-17 20:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-17 20:07 - 2017-02-17 20:07 - 00000219 _____ C:\Users\Public\Desktop\Google Chrome.url 2017-02-17 20:07 - 2017-02-17 20:07 - 00000000 ____D C:\ProgramData\Apple 2017-02-17 20:07 - 2017-02-17 20:07 - 00000000 ____D C:\Program Files (x86)\Standuck 2017-02-17 20:06 - 2017-02-19 10:43 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-02-17 20:06 - 2017-02-18 19:50 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job 2017-02-16 18:42 - 2017-02-17 18:02 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 2017-02-16 18:42 - 2017-02-16 18:42 - 00003246 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 2017-02-14 18:58 - 2017-02-14 18:58 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Sun 2017-02-14 18:53 - 2017-02-17 18:02 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\WinSAPSvc 2017-02-14 18:01 - 2017-02-18 17:32 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader 2017-02-14 18:01 - 2017-02-14 18:01 - 00003344 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel 2017-02-11 19:50 - 2017-02-11 19:50 - 00000000 ___HD C:\$AV_ASW 2017-02-11 15:40 - 2017-02-11 15:40 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2017-02-11 15:40 - 2017-02-11 15:38 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2017-02-11 15:39 - 2017-02-11 15:39 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-02-11 15:10 - 2017-02-11 15:10 - 00330870 _____ C:\Users\vanessa\Desktop\Het grote topic voor nette lan afwerking thuis deel 3 - Netwerken - GoT.htm 2017-02-11 15:10 - 2017-02-11 15:10 - 00000000 ____D C:\Users\vanessa\Desktop\Het grote topic voor nette lan afwerking thuis deel 3 - Netwerken - GoT_bestanden 2017-02-11 13:30 - 2017-02-11 13:30 - 00003260 _____ C:\WINDOWS\System32\Tasks\{FE0C3B58-629A-40DF-9997-3D15635AFD19} 2017-02-11 13:23 - 2017-02-18 19:59 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\WinSnare 2017-02-11 13:23 - 2017-02-18 19:59 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0) 2017-02-11 13:23 - 2017-02-17 20:07 - 00003660 _____ C:\WINDOWS\System32\Tasks\Milimili 2017-02-11 13:23 - 2017-02-16 18:38 - 00000000 ____D C:\ProgramData\WinSAPSvc 2017-02-11 13:23 - 2017-02-11 13:23 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-02-11 13:23 - 2017-02-11 13:23 - 00000000 ____D C:\Program Files (x86)\MIO 2017-02-11 13:20 - 2017-02-14 17:59 - 00000000 ____D C:\Program Files (x86)\m75pkb0c 2017-02-11 13:18 - 2017-02-11 13:18 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-02-11 13:17 - 2017-02-11 13:17 - 00000000 ____D C:\Program Files\m75pkb0c 2017-02-11 08:53 - 2017-02-11 08:53 - 00000262 __RSH C:\Users\vanessa\ntuser.pol 2017-02-10 23:45 - 2017-02-17 20:08 - 00002036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-10 23:45 - 2017-02-17 20:08 - 00001966 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-10 23:45 - 2017-02-11 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-10 23:35 - 2017-02-10 23:35 - 00003258 _____ C:\WINDOWS\System32\Tasks\{3B49C743-57EF-4801-944D-FD04991CD0A7} 2017-02-10 23:16 - 2017-02-11 09:09 - 00000000 ____D C:\Program Files\My Web Shield 2017-02-10 23:16 - 2017-02-10 23:16 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll 2017-02-10 23:16 - 2016-08-31 16:00 - 00057680 _____ C:\WINDOWS\system32\Drivers\mwescontroller.sys 2017-02-10 23:15 - 2017-02-16 18:38 - 00000000 ____D C:\Program Files (x86)\Pluteward 2017-02-10 23:15 - 2017-02-10 23:15 - 00000262 __RSH C:\ProgramData\ntuser.pol 2017-02-10 23:15 - 2017-02-10 23:15 - 00000000 ____D C:\Users\vanessa\AppData\Local\Cevtherlepit 2017-02-10 20:08 - 2017-02-10 20:08 - 00250912 _____ C:\WINDOWS\SysWOW64\kz.exe 2017-02-10 18:50 - 2017-02-11 00:27 - 00000000 ____D C:\Users\vanessa\AppData\Local\AdvinstAnalytics 2017-02-10 18:49 - 2017-02-10 18:49 - 00003744 _____ C:\WINDOWS\System32\Tasks\{C4CEC978-8CCC-4085-BFCA-1BF2BFA616CC} 2017-02-10 18:46 - 2017-02-10 18:50 - 00000000 ____D C:\Users\vanessa\AppData\Local\app 2017-02-10 18:42 - 2017-02-10 18:42 - 00000000 ____D C:\Users\vanessa\AppData\Local\UCBrowser 2017-02-10 18:41 - 2017-02-10 20:05 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-02-10 18:40 - 2017-02-11 22:13 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\KuaiZip 2017-02-10 18:40 - 2017-02-10 18:40 - 00003778 _____ C:\WINDOWS\System32\Tasks\Therqoght 2017-02-10 18:40 - 2017-02-10 18:40 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Softlink 2017-02-10 18:39 - 2017-02-10 18:40 - 00000000 ____D C:\ProgramData\Microleaves 2017-02-10 18:38 - 2017-02-14 18:41 - 00000000 ____D C:\Program Files (x86)\Plizoy 2017-02-10 18:38 - 2017-02-11 00:27 - 00000000 ____D C:\Program Files (x86)\Tuwishprikudom Agent 2017-02-10 18:38 - 2017-02-10 23:26 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Prilecergutain 2017-02-10 18:38 - 2017-02-10 18:38 - 00006124 _____ C:\WINDOWS\System32\Tasks\Tuwishprikudom Agent 2017-02-10 18:38 - 2017-02-10 18:38 - 00000000 ____D C:\Users\vanessa\AppData\Local\Chinoly 2017-02-10 18:37 - 2017-02-17 18:02 - 00000396 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job 2017-02-10 18:37 - 2017-02-17 18:02 - 00000344 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job 2017-02-10 18:37 - 2017-02-16 18:42 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian 2017-02-10 18:37 - 2017-02-16 18:42 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard 2017-02-10 18:37 - 2017-02-16 18:42 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange 2017-02-10 18:37 - 2017-02-16 18:42 - 00003284 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 2017-02-10 18:37 - 2017-02-16 18:42 - 00003232 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 2017-02-10 18:37 - 2017-02-10 18:37 - 00000000 _____ C:\TOSTACK 2017-02-10 18:36 - 2017-02-16 18:42 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-02-10 18:36 - 2017-02-11 00:27 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-10 18:36 - 2017-02-11 00:27 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-10 18:35 - 2017-02-11 21:32 - 00000000 ____D C:\ProgramData\CloudPrinter 2017-02-10 18:35 - 2017-02-11 00:27 - 00000000 ____D C:\ProgramData\Logic Handler 2017-02-10 18:35 - 2017-02-10 18:37 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Microleaves 2017-02-10 18:35 - 2017-02-10 18:35 - 07316480 _____ C:\Users\vanessa\AppData\Roaming\agent.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 01938530 _____ C:\Users\vanessa\AppData\Roaming\Touchsolohome.bin 2017-02-10 18:35 - 2017-02-10 18:35 - 01908361 _____ C:\Users\vanessa\AppData\Roaming\StrongTop.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 00126464 _____ C:\Users\vanessa\AppData\Roaming\noah.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 00126464 _____ C:\Users\vanessa\AppData\Roaming\lobby.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 00072787 _____ C:\Users\vanessa\AppData\Roaming\QvoLa.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 00070752 _____ C:\Users\vanessa\AppData\Roaming\Config.xml 2017-02-10 18:35 - 2017-02-10 18:35 - 00054272 _____ C:\Users\vanessa\AppData\Roaming\ApplicationHosting.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 00018432 _____ C:\Users\vanessa\AppData\Roaming\Main.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 00005568 _____ C:\Users\vanessa\AppData\Roaming\md.xml 2017-02-10 18:35 - 2017-02-10 18:35 - 00002394 _____ C:\WINDOWS\SysWOW64\findit.xml 2017-02-10 18:35 - 2017-02-10 18:35 - 00000000 ____D C:\ProgramData\Hotfreshs 2017-02-10 18:34 - 2017-02-10 18:35 - 00016560 _____ C:\Users\vanessa\AppData\Roaming\InstallationConfiguration.xml 2017-02-10 18:34 - 2017-02-10 18:34 - 00140288 _____ C:\Users\vanessa\AppData\Roaming\Installer.dat 2017-01-27 17:10 - 2017-02-11 09:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2017-01-27 17:10 - 2017-02-11 00:27 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-25 17:35 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 17:35 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-19 16:25 - 2015-06-18 07:19 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-19 16:18 - 2016-09-17 03:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-19 07:49 - 2016-11-18 15:36 - 00000000 ____D C:\Users\vanessa\AppData\LocalLow\Mozilla 2017-02-19 07:49 - 2016-09-17 08:46 - 00000000 ____D C:\Users\vanessa\AppData\Local\Deployment 2017-02-18 23:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 23:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-18 23:53 - 2014-06-29 19:53 - 00000000 ____D C:\Users\vanessa\AppData\Local\Adobe 2017-02-18 23:53 - 2014-06-27 18:02 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-18 20:29 - 2015-06-18 07:19 - 00000000 ____D C:\Users\vanessa\AppData\Local\Google 2017-02-18 19:49 - 2016-09-17 03:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-18 19:49 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-18 09:52 - 2016-12-07 11:20 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-02-17 20:11 - 2016-09-17 03:11 - 00000000 ____D C:\Users\vanessa 2017-02-16 23:23 - 2014-07-16 15:44 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\SoftGrid Client 2017-02-15 20:23 - 2014-07-01 07:31 - 00006775 _____ C:\WINDOWS\ODBC.INI 2017-02-15 20:19 - 2014-06-26 11:17 - 00000000 ____D C:\Users\vanessa\AppData\Local\VirtualStore 2017-02-14 18:59 - 2014-07-08 17:36 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-02-14 18:59 - 2014-07-08 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-14 18:59 - 2014-07-08 17:36 - 00000000 ____D C:\Program Files\Java 2017-02-14 18:58 - 2014-07-16 05:37 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-02-14 18:58 - 2014-07-16 05:37 - 00000000 ____D C:\Program Files (x86)\Java 2017-02-14 18:51 - 2014-06-26 11:52 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Adobe 2017-02-12 10:46 - 2016-09-29 18:30 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-11 19:49 - 2016-09-29 18:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-11 19:49 - 2011-10-27 12:41 - 00000000 ____D C:\ProgramData\Skype 2017-02-11 15:40 - 2016-09-29 18:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148682405125004 2017-02-11 15:39 - 2016-09-29 18:32 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-02-11 15:35 - 2016-09-29 18:34 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-02-11 15:35 - 2016-09-29 18:34 - 00001931 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-02-11 13:20 - 2016-01-01 10:49 - 00000000 ___RD C:\Users\vanessa\Dropbox 2017-02-11 11:28 - 2016-09-30 17:03 - 00137479 ____H C:\Users\vanessa\AppData\Local\IconCache.db.backup 2017-02-11 09:09 - 2016-11-17 20:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-11 09:09 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-11 09:09 - 2014-07-16 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2017-02-11 09:09 - 2011-10-27 13:14 - 00000000 ____D C:\ProgramData\BackupManager 2017-02-11 09:09 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2017-02-11 08:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration 2017-02-11 00:27 - 2016-09-30 17:57 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\vlc 2017-02-11 00:27 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-02-11 00:27 - 2015-01-14 18:54 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\uTorrent 2017-02-10 23:34 - 2015-09-08 16:39 - 00000000 ____D C:\ProgramData\WinZip 2017-02-10 23:16 - 2007-03-01 04:43 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll 2017-02-10 18:33 - 2011-10-27 12:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-10 18:32 - 2014-06-26 10:42 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll 2017-02-10 18:32 - 2011-10-27 13:13 - 00000000 ____D C:\Program Files (x86)\NTI 2017-02-10 18:03 - 2014-06-26 10:43 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll 2017-02-09 19:54 - 2014-07-01 07:31 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\EIBA sc 2017-02-05 10:42 - 2016-12-24 16:51 - 00061952 _____ C:\Users\vanessa\Desktop\schema marathon.xls 2017-02-02 01:51 - 2016-10-30 00:57 - 20358232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2017-01-31 09:50 - 2015-01-14 18:23 - 00002715 _____ C:\WINDOWS\wininit.ini 2017-01-25 17:37 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-22 09:06 - 2016-12-15 20:51 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-22 09:06 - 2015-08-31 19:36 - 00002437 _____ C:\Users\vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-22 09:06 - 2015-08-31 19:36 - 00000000 ___RD C:\Users\vanessa\OneDrive 2017-01-20 14:49 - 2016-11-01 16:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Bestanden in de root van sommige mappen ======= 2017-02-10 18:35 - 2017-02-10 18:35 - 7316480 _____ () C:\Users\vanessa\AppData\Roaming\agent.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0054272 _____ () C:\Users\vanessa\AppData\Roaming\ApplicationHosting.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0070752 _____ () C:\Users\vanessa\AppData\Roaming\Config.xml 2017-02-10 18:34 - 2017-02-10 18:35 - 0016560 _____ () C:\Users\vanessa\AppData\Roaming\InstallationConfiguration.xml 2017-02-10 18:34 - 2017-02-10 18:34 - 0140288 _____ () C:\Users\vanessa\AppData\Roaming\Installer.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0126464 _____ () C:\Users\vanessa\AppData\Roaming\lobby.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0018432 _____ () C:\Users\vanessa\AppData\Roaming\Main.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0005568 _____ () C:\Users\vanessa\AppData\Roaming\md.xml 2017-02-10 18:35 - 2017-02-10 18:35 - 0126464 _____ () C:\Users\vanessa\AppData\Roaming\noah.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0072787 _____ () C:\Users\vanessa\AppData\Roaming\QvoLa.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 1908361 _____ () C:\Users\vanessa\AppData\Roaming\StrongTop.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 1938530 _____ () C:\Users\vanessa\AppData\Roaming\Touchsolohome.bin 2017-02-10 18:35 - 2017-02-10 18:35 - 0032038 _____ () C:\Users\vanessa\AppData\Roaming\uninstall_temp.ico 2015-10-06 20:51 - 2016-11-10 12:12 - 0005120 _____ () C:\Users\vanessa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-29 14:22 - 2014-06-29 14:22 - 0000095 _____ () C:\Users\vanessa\AppData\Local\fusioncache.dat 2014-06-26 10:46 - 2014-06-26 10:48 - 0015252 _____ () C:\ProgramData\ArcadeDeluxe5.log 2016-09-17 03:08 - 2016-09-17 03:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-11-11 21:27 - 2016-11-11 21:27 - 0000016 _____ () C:\ProgramData\mntemp 2016-11-11 21:27 - 2016-11-11 21:27 - 0004965 _____ () C:\ProgramData\mudtcpaz.vzs Sommige bestanden in TEMP: ==================== 2017-02-10 18:58 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\0Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\1Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\2Uninst.exe 2017-02-10 20:06 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\3Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\4Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\5Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\6Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\7Uninst.exe 2017-02-10 20:08 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\8Uninst.exe 2017-02-10 18:38 - 2017-02-10 18:38 - 1171283 _____ ( ) C:\Users\vanessa\AppData\Local\Temp\F410.tmp.exe 2016-10-14 09:45 - 2016-10-14 09:46 - 70524384 _____ (Dropbox, Inc.) C:\Users\vanessa\AppData\Local\Temp\{2120DB75-9822-4293-B619-7D9EDC3F54F6}-DropboxClient_12.4.22.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-10 05:32 ==================== Eind van FRST.txt ============================