Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 23.08.2018 Gestart door mac (Beheerder) op MECKING123 (29-08-2018 11:01:07) Gestart vanaf C:\Users\mac\Desktop Geladen Profielen: mac (Beschikbare Profielen: mac & julia) Platform: Windows 10 Home Versie 1709 16299.309 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\virus en spyware\superantispyware\installatie\SASCORE64.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\downloads\teamviewer\installatie\TeamViewer_Service.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe () C:\Windows\SysWOW64\UMonit64.exe (TeamViewer GmbH) C:\downloads\teamviewer\installatie\TeamViewer.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (TeamViewer GmbH) C:\downloads\teamviewer\installatie\tv_w32.exe (TeamViewer GmbH) C:\downloads\teamviewer\installatie\tv_x64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Piriform Ltd) C:\virus en spyware\ccleaner\installatie\CCleaner64.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Adobe Systems Inc.) C:\programma\acrobat reader\installatie\Acrobat\acrotray.exe (PowerISO Computing, Inc.) C:\downloads\poweriso\installatie\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe ==================== Register (gefilterd) =========================== (Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-06] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\programma\acrobat reader\installatie\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\downloads\poweriso\installatie\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3905461994-3091038628-3558103521-1001\...\Run: [CCleaner Monitoring] => C:\virus en spyware\ccleaner\installatie\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-3905461994-3091038628-3558103521-1001\...\RunOnce: [Application Restart #3] => C:\Users\mac\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe /addfavoritec:\users\mac\documents\athenasummary 20172018 - boeksamenvatting pmb nederlands 2 feedback.docx --disable-inter (de data item heeft 687 meer tekens). HKU\S-1-5-21-3905461994-3091038628-3558103521-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2017-09-29] (Microsoft Corporation) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2b3d139f-0491-40ac-a1b9-9c9070ea5132}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a7b78334-d4bd-43ca-bc41-41e1a19e7183}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3905461994-3091038628-3558103521-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-3905461994-3091038628-3558103521-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=acer&m=start SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3905461994-3091038628-3558103521-1001 -> DefaultScope {518D9EBF-177A-11E5-8281-C45444DD2BA7} URL = SearchScopes: HKU\S-1-5-21-3905461994-3091038628-3558103521-1001 -> {47D9A23D-D132-480E-9913-1C8FD23E4E13} URL = SearchScopes: HKU\S-1-5-21-3905461994-3091038628-3558103521-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\programma\office 2013\installatie\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\programma\office 2013\installatie\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\programma\office 2013\installatie\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Edge: ====== Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29] Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-27] FireFox: ======== FF ProfilePath: C:\Users\mac\AppData\Roaming\TomTom\HOME\Profiles\zvdntge0.default [2015-12-10] FF Extension: (Geen Naam) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [niet gevonden] FF ProfilePath: C:\Users\mac\AppData\Roaming\Mozilla\Firefox\Profiles\TUUuXZ0V.default [2018-08-29] FF Extension: (Avira Browser Safety) - C:\Users\mac\AppData\Roaming\Mozilla\Firefox\Profiles\TUUuXZ0V.default\Extensions\abs@avira.com [2017-05-08] [Verouderd] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\programma\acrobat reader\installatie\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\programma\acrobat reader\installatie\Acrobat\Browser\WCFirefoxExtn [2015-02-20] [Verouderd] [ niet getekend] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~4\OFFICE~1\INSTAL~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\downloads\vlcplayer\installatie\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\programma\acrobat reader\installatie\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325111&octid=EB_ORIGINAL_CTID&ISID=6CA73037-1EF7-44DC-A882-1173362A1651&SearchSource=55&CUI=&UM=6&UP=SP2E2D137D-3882-4EB8-B468-782257A7A546&SSPV= CHR StartupUrls: Default -> "hxxps://www.google.nl/?gws_rd=ssl" CHR NewTab: Default -> Not-active:"chrome-extension://dkcgnbibdbhbpdbpinnkgiehamcdohhi/stubby.html", Active:"chrome-extension://kddckpmlbneidbekmajhmhikeegjdgcd/index.html" CHR DefaultSearchURL: Default -> hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} CHR DefaultSearchKeyword: Default -> homepage-web.com CHR Profile: C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default [2018-08-28] CHR Extension: (Presentaties) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (downloads) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-27] CHR Extension: (Documenten) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31] CHR Extension: (YouTube) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Screenshot - Webpage Screenshot) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-18] CHR Extension: (Google Search) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (FileShareFanatic) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcgnbibdbhbpdbpinnkgiehamcdohhi [2017-11-11] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-02-14] CHR Extension: (Adobe Acrobat) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07] CHR Extension: (Google Agenda) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07] CHR Extension: (Spreadsheets) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Avira Browser Safety) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-05-28] CHR Extension: (Offline Documenten) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Pinterest-bewaarknop) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-08-12] CHR Extension: (Lightning Speed Dial) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kddckpmlbneidbekmajhmhikeegjdgcd [2015-03-02] CHR Extension: (Avira SafeSearch Plus) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2018-07-19] CHR Extension: (Ask Web Search) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2018-07-19] CHR Extension: (Google Maps) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-16] CHR Extension: (gmail) - C:\Users\mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkcopackdhgnkkhiiehlcpddniomdfo [2017-06-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\programma\acrobat reader\installatie\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 !SASCORE; C:\virus en spyware\superantispyware\installatie\SASCORE64.EXE [173472 2018-08-28] (SUPERAntiSpyware.com) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1290784 2016-01-08] () R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-07-22] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [Bestand niet getekend] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation) S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation) R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend] R2 TeamViewer; C:\downloads\teamviewer\installatie\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH) S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-07] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-07] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-08-17] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-08-17] (Avira Operations GmbH & Co. KG) R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [173384 2014-04-08] (ELAN Microelectronic Corp.) S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic) R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation) R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation) R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation) R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation) R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-09-29] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\virus en spyware\superantispyware\installatie\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\virus en spyware\superantispyware\installatie\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-07] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-07] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-07] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2022-03-25 03:48 - 2022-03-25 03:48 - 000000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC1.dat 2022-03-25 03:48 - 2022-03-25 03:48 - 000000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat 2022-03-25 02:22 - 2022-03-25 02:22 - 000000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat 2022-03-25 02:22 - 2022-03-25 02:22 - 000000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat 2018-08-29 11:01 - 2018-08-29 11:02 - 000026943 _____ C:\Users\mac\Desktop\FRST.txt 2018-08-29 10:39 - 2018-08-29 10:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-08-29 10:37 - 2018-08-29 10:37 - 000000000 ____D C:\WINDOWS\pss 2018-08-29 10:09 - 2018-08-29 10:18 - 000080022 _____ C:\Users\mac\Desktop\mb-clean-results.txt 2018-08-28 19:36 - 2018-08-29 11:01 - 000000000 ____D C:\FRST 2018-08-28 19:35 - 2018-08-28 19:35 - 002413056 _____ (Farbar) C:\Users\mac\Desktop\FRST64.exe 2018-08-28 17:25 - 2018-08-28 17:31 - 000000000 ____D C:\Users\mac\AppData\Local\PlaceholderTileLogoFolder 2018-08-28 16:39 - 2018-08-28 16:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2018-08-28 16:30 - 2018-08-28 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-08-28 15:17 - 2018-08-28 15:18 - 000195174 _____ C:\Users\mac\Documents\cc_20180828_151736.reg 2018-08-15 19:54 - 2018-08-15 19:55 - 000000000 ___HD C:\$WINDOWS.~BT 2018-08-14 10:00 - 2018-08-14 10:00 - 000053888 _____ C:\Users\mac\Documents\944656.pdf 2018-08-13 20:22 - 2018-08-13 20:22 - 000869112 _____ C:\Users\mac\Documents\domain_information_be_may_15_2018.pdf 2018-08-13 19:56 - 2018-08-13 19:56 - 000011046 _____ C:\Users\mac\Documents\Schedule_PCretake_BB.xlsx 2018-08-13 19:37 - 2018-08-13 19:39 - 000420720 _____ C:\Users\mac\Documents\Powerpoint PC2.pptx ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.) 2018-08-29 10:43 - 2015-02-18 18:19 - 000000000 __SHD C:\Users\mac\IntelGraphicsProfiles 2018-08-29 10:42 - 2018-02-06 16:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-08-29 10:41 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-08-29 10:30 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-08-29 10:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-08-29 10:21 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-08-29 10:09 - 2015-02-22 13:41 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-08-29 09:58 - 2015-02-19 17:47 - 000000000 ____D C:\virus en spyware 2018-08-29 09:54 - 2018-02-06 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-08-28 19:53 - 2017-12-22 23:38 - 000000000 ___DC C:\WINDOWS\Panther 2018-08-28 17:36 - 2018-02-06 15:45 - 000000000 ____D C:\Users\mac 2018-08-28 17:35 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-08-28 17:31 - 2018-02-06 15:46 - 000000000 ____D C:\Users\mac\AppData\Local\Packages 2018-08-28 16:39 - 2018-02-06 16:15 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray 2018-08-28 16:38 - 2015-02-19 17:51 - 000000000 ____D C:\Program Files (x86)\Avira 2018-08-28 16:36 - 2014-07-25 23:21 - 000000000 ____D C:\ProgramData\Package Cache 2018-08-28 15:57 - 2015-02-19 17:51 - 000000000 ____D C:\ProgramData\Avira 2018-08-28 15:53 - 2015-02-23 17:22 - 000000000 ____D C:\Users\mac\AppData\Roaming\WildTangent 2018-08-28 15:53 - 2014-07-25 23:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-08-28 15:53 - 2014-07-25 23:23 - 000000000 ____D C:\ProgramData\WildTangent 2018-08-28 15:29 - 2015-02-18 18:51 - 000000000 ____D C:\ProgramData\Citrix 2018-08-28 15:27 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF 2018-08-28 15:22 - 2018-02-07 16:11 - 000000000 ____D C:\Users\julia\AppData\Local\Citrix 2018-08-28 15:22 - 2015-02-18 18:50 - 000000000 ____D C:\Users\mac\AppData\Local\Citrix 2018-08-28 15:22 - 2015-02-18 18:50 - 000000000 ____D C:\Program Files (x86)\Citrix 2018-08-28 15:12 - 2018-02-07 00:37 - 000000000 ____D C:\WINDOWS\Minidump 2018-08-28 15:12 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-08-28 15:12 - 2017-03-29 11:31 - 000000000 ____D C:\Users\mac\AppData\Roaming\TeamViewer 2018-08-28 12:41 - 2018-02-06 15:39 - 005028120 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-08-28 12:34 - 2015-02-19 18:12 - 000000000 ____D C:\Users\mac\AppData\Roaming\Avira 2018-08-28 12:27 - 2018-02-06 16:15 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D5234D42-E046-458F-85E9-494B31A09241} 2018-08-25 22:07 - 2015-02-20 20:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-08-17 12:47 - 2017-06-17 13:32 - 000069656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2018-08-17 12:47 - 2016-10-06 22:37 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2018-08-17 12:47 - 2015-02-19 17:53 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2018-08-17 12:47 - 2015-02-19 17:53 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2018-08-16 23:43 - 2017-09-29 20:04 - 000000000 ____D C:\Program Files\rempl 2018-08-15 14:20 - 2015-02-20 18:36 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-08-15 14:13 - 2015-02-20 18:36 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-08-15 13:41 - 2013-08-22 15:25 - 000000199 _____ C:\WINDOWS\win.ini 2018-08-15 03:04 - 2017-09-29 10:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-08-15 02:45 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Registration 2018-08-15 02:43 - 2018-02-06 16:13 - 000009528 _____ C:\WINDOWS\diagwrn.xml 2018-08-15 02:43 - 2018-02-06 16:13 - 000009528 _____ C:\WINDOWS\diagerr.xml 2018-08-15 00:36 - 2015-02-18 18:37 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-11 21:02 - 2018-06-21 22:58 - 000002425 _____ C:\Users\mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-08-11 21:02 - 2018-02-06 16:15 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3905461994-3091038628-3558103521-1001 2018-08-11 21:02 - 2015-02-18 18:28 - 000000000 __RDO C:\Users\mac\OneDrive 2018-08-07 13:00 - 2018-02-22 16:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== Bestanden in de root van sommige mappen ======= 2015-02-18 19:54 - 2015-02-18 19:55 - 000000093 _____ () C:\Users\mac\AppData\Roaming\ARCompanion.log 2015-02-18 18:19 - 2015-11-22 19:45 - 000435139 _____ () C:\Users\mac\AppData\Local\BTServer.log 2017-01-31 15:35 - 2017-01-31 15:35 - 000000000 _____ () C:\Users\mac\AppData\Local\{0790122C-3EC9-4095-8A98-C3874BD4AEDC} 2017-01-31 15:35 - 2017-01-31 15:35 - 000000000 _____ () C:\Users\mac\AppData\Local\{08C6C7D3-A600-4FF1-A9B3-9B94E9FD873B} Sommige bestanden in TEMP: ==================== 2018-08-29 10:53 - 2014-09-20 01:41 - 005951488 _____ (Spotify Ltd) C:\Users\mac\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2018-08-15 00:51 ==================== Eind van FRST.txt ============================