Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 22-02-2017 Gestart door vanessa (Beheerder) op VANESSA-PC (22-02-2017 16:57:44) Gestart vanaf C:\Users\vanessa\Desktop Geladen Profielen: vanessa (Beschikbare Profielen: vanessa & DefaultAppPool) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-11] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\...\Run: [Moveslink2] => C:\Users\vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-11] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-11] (AVAST Software) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{f46f5c1c-e53f-4f42-806e-7e1a6e206a03}: [DhcpNameServer] 195.130.131.4 195.130.130.132 Tcpip\..\Interfaces\{f66f5496-a263-4ff0-b541-cfa12d092c83}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ HKU\S-1-5-21-3158286090-3323772245-4144222817-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope waarde ontbreekt SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3158286090-3323772245-4144222817-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox FireFox: ======== FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\kej28iaw.default\Profiles\kej28iaw.default [niet gevonden] FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default [2017-02-22] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kej28iaw.default -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kej28iaw.default -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\kej28iaw.default -> hxxps://www.google.com/ FF Extension: (Belgium eID) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\Extensions\belgiumeid@eid.belgium.be.xpi [2016-12-14] FF Extension: (Firefox Hotfix) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\features\{5f4bd318-491d-4e60-8ef3-f66529f3e0c6}\disableSHA1rollout@mozilla.org.xpi [2017-02-16] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\kej28iaw.default\searchplugins\m75pkb0c.xml [2017-02-10] FF ProfilePath: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default [2017-02-21] FF NewTab: Firefox\Firefox\Profiles\kej28iaw.default -> hxxps://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10232__160918__yaff FF DefaultSearchEngine: Firefox\Firefox\Profiles\kej28iaw.default -> Yahoo® FF SelectedSearchEngine: Firefox\Firefox\Profiles\kej28iaw.default -> Yahoo® FF Homepage: Firefox\Firefox\Profiles\kej28iaw.default -> hxxps://www.google.com/ FF Extension: (SimilarWeb) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-17] [ niet getekend] FF Extension: (FF Adr) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-17] [ niet getekend] FF Extension: (Belgium eID) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\belgiumeid@eid.belgium.be.xpi [2016-12-14] FF Extension: (Firefox Hotfix) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF Extension: (Nederlands (NL) Language Pack) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2017-02-17] FF Extension: (Woordenboek Nederlands) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2017-02-17] [ niet getekend] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\features\{5f4bd318-491d-4e60-8ef3-f66529f3e0c6}\disableSHA1rollout@mozilla.org.xpi [2017-02-16] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\searchplugins\m75pkb0c.xml [2017-02-10] FF SearchPlugin: C:\Users\vanessa\AppData\Roaming\Firefox\Firefox\Profiles\kej28iaw.default\searchplugins\yahoo-lavasoft.xml [2016-09-18] FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-11-17] [ niet getekend] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-18] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-18] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated) R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [Bestand niet getekend] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-16] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-11] (AVAST Software) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-11] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-11] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-11] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-11] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-11] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-11] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-11] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-11] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-11] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-11] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-11] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-11] (AVAST Software) S3 EMVSCARD; C:\WINDOWS\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-31] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-22 16:44 - 2017-02-22 16:44 - 00002598 _____ C:\Users\vanessa\Desktop\JRT.txt 2017-02-22 16:40 - 2017-02-22 16:41 - 01663040 _____ (Malwarebytes) C:\Users\vanessa\Desktop\JRT.exe 2017-02-21 23:02 - 2017-02-21 23:02 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-21 23:02 - 2017-02-21 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-21 23:01 - 2017-02-21 23:01 - 00245472 _____ C:\Users\vanessa\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-21 22:50 - 2017-02-21 22:50 - 44057800 _____ C:\Users\vanessa\Downloads\Firefox-Setup-49-0-1-NL.exe 2017-02-21 22:50 - 2017-02-21 22:50 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-02-21 22:45 - 2017-02-21 22:45 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-02-21 21:54 - 2017-02-21 22:43 - 00000000 ____D C:\AdwCleaner 2017-02-21 21:53 - 2017-02-21 21:54 - 04015056 _____ C:\Users\vanessa\Desktop\adwcleaner_6.043.exe 2017-02-21 17:55 - 2017-02-21 19:05 - 00040040 _____ C:\Users\vanessa\Desktop\Fixlog.txt 2017-02-21 17:51 - 2017-02-22 16:56 - 00000000 ____D C:\Users\vanessa\Desktop\FRST-OlderVersion 2017-02-19 19:57 - 2017-02-19 19:57 - 00000000 ____D C:\Users\vanessa\AppData\Local\VS Revo Group 2017-02-19 19:56 - 2017-02-19 19:56 - 00001086 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2017-02-19 19:56 - 2017-02-19 19:56 - 00000000 ____D C:\ProgramData\VS Revo Group 2017-02-19 19:56 - 2017-02-19 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2017-02-19 19:56 - 2017-02-19 19:56 - 00000000 ____D C:\Program Files\VS Revo Group 2017-02-19 19:56 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2017-02-19 19:54 - 2017-02-19 19:56 - 11523496 _____ (VS Revo Group ) C:\Users\vanessa\Downloads\RevoUninProSetup.exe 2017-02-19 16:28 - 2017-02-19 21:00 - 00055320 _____ C:\Users\vanessa\Desktop\Addition.txt 2017-02-19 16:25 - 2017-02-19 16:25 - 00002185 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-19 16:25 - 2017-02-19 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-19 16:24 - 2017-02-22 16:58 - 00017310 _____ C:\Users\vanessa\Desktop\FRST.txt 2017-02-19 16:24 - 2017-02-22 16:57 - 00000000 ____D C:\FRST 2017-02-19 16:23 - 2017-02-22 16:56 - 02422784 _____ (Farbar) C:\Users\vanessa\Desktop\FRST64.exe 2017-02-18 23:57 - 2017-02-18 23:57 - 00000000 ___HD C:\$SysReset 2017-02-18 21:24 - 2017-02-18 21:24 - 00000000 ____D C:\rsit 2017-02-18 21:24 - 2017-02-18 21:24 - 00000000 ____D C:\Program Files\trend micro 2017-02-18 20:38 - 2017-02-18 21:24 - 01222144 _____ C:\Users\vanessa\Desktop\RSITx64.exe 2017-02-18 20:29 - 2017-02-18 20:29 - 00000000 ____D C:\Users\vanessa\AppData\Local\Standuck 2017-02-17 20:09 - 2017-02-17 20:09 - 00000000 ____D C:\Users\vanessa\AppData\Local\Firefox 2017-02-17 20:08 - 2017-02-21 22:00 - 00000000 ____D C:\WINDOWS\system32\log 2017-02-17 20:08 - 2017-02-17 20:08 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Firefox 2017-02-17 20:07 - 2017-02-17 20:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-17 20:07 - 2017-02-17 20:07 - 00000219 _____ C:\Users\Public\Desktop\Google Chrome.url 2017-02-17 20:07 - 2017-02-17 20:07 - 00000000 ____D C:\ProgramData\Apple 2017-02-14 18:58 - 2017-02-14 18:58 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Sun 2017-02-11 19:50 - 2017-02-11 19:50 - 00000000 ___HD C:\$AV_ASW 2017-02-11 15:40 - 2017-02-11 15:40 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2017-02-11 15:40 - 2017-02-11 15:38 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2017-02-11 15:40 - 2017-02-11 15:38 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2017-02-11 15:39 - 2017-02-11 15:39 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-02-11 13:30 - 2017-02-11 13:30 - 00003260 _____ C:\WINDOWS\System32\Tasks\{FE0C3B58-629A-40DF-9997-3D15635AFD19} 2017-02-11 08:53 - 2017-02-21 19:05 - 00000008 __RSH C:\Users\vanessa\ntuser.pol 2017-02-10 23:45 - 2017-02-21 23:02 - 00001184 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-10 23:35 - 2017-02-10 23:35 - 00003258 _____ C:\WINDOWS\System32\Tasks\{3B49C743-57EF-4801-944D-FD04991CD0A7} 2017-02-10 23:16 - 2017-02-10 23:16 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll 2017-02-10 23:15 - 2017-02-21 17:59 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-02-10 18:35 - 2017-02-10 18:35 - 01938530 _____ C:\Users\vanessa\AppData\Roaming\Touchsolohome.bin 2017-02-10 18:35 - 2017-02-10 18:35 - 01908361 _____ C:\Users\vanessa\AppData\Roaming\StrongTop.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 00126464 _____ C:\Users\vanessa\AppData\Roaming\lobby.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 00072787 _____ C:\Users\vanessa\AppData\Roaming\QvoLa.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 00054272 _____ C:\Users\vanessa\AppData\Roaming\ApplicationHosting.dat 2017-01-27 17:10 - 2017-02-11 09:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2017-01-27 17:10 - 2017-02-11 00:27 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-25 17:35 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 17:35 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-22 16:55 - 2016-11-18 15:36 - 00000000 ____D C:\Users\vanessa\AppData\LocalLow\Mozilla 2017-02-22 16:26 - 2016-09-17 03:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-22 15:48 - 2016-09-17 08:46 - 00000000 ____D C:\Users\vanessa\AppData\Local\Deployment 2017-02-22 08:05 - 2014-06-29 19:53 - 00000000 ____D C:\Users\vanessa\AppData\Local\Adobe 2017-02-21 23:02 - 2016-11-17 20:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-21 22:45 - 2016-09-17 03:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-21 22:44 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-21 22:00 - 2016-09-17 03:11 - 00000000 ____D C:\Users\vanessa 2017-02-21 21:59 - 2016-09-18 09:11 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Lavasoft 2017-02-21 21:59 - 2016-09-18 09:11 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2017-02-21 21:59 - 2016-09-18 09:10 - 00000000 ____D C:\ProgramData\Lavasoft 2017-02-21 17:56 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2017-02-21 16:26 - 2014-07-16 15:44 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\SoftGrid Client 2017-02-19 20:46 - 2014-06-27 18:02 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-19 18:14 - 2014-07-16 05:37 - 00000000 ____D C:\Program Files (x86)\Java 2017-02-19 18:14 - 2014-07-08 17:36 - 00000000 ____D C:\Program Files\Java 2017-02-19 18:12 - 2014-07-08 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-19 16:25 - 2015-06-18 07:19 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-18 23:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-18 23:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-18 20:29 - 2015-06-18 07:19 - 00000000 ____D C:\Users\vanessa\AppData\Local\Google 2017-02-18 09:52 - 2016-12-07 11:20 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-02-15 20:23 - 2014-07-01 07:31 - 00006775 _____ C:\WINDOWS\ODBC.INI 2017-02-15 20:19 - 2014-06-26 11:17 - 00000000 ____D C:\Users\vanessa\AppData\Local\VirtualStore 2017-02-14 18:59 - 2014-07-08 17:36 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-02-14 18:58 - 2014-07-16 05:37 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-02-14 18:51 - 2014-06-26 11:52 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\Adobe 2017-02-12 10:46 - 2016-09-29 18:30 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-11 19:49 - 2016-09-29 18:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-11 19:49 - 2011-10-27 12:41 - 00000000 ____D C:\ProgramData\Skype 2017-02-11 15:40 - 2016-09-29 18:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148682405125004 2017-02-11 15:39 - 2016-09-29 18:32 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-02-11 15:39 - 2016-09-29 18:32 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-02-11 15:35 - 2016-09-29 18:34 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-02-11 15:35 - 2016-09-29 18:34 - 00001931 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-02-11 13:20 - 2016-01-01 10:49 - 00000000 ___RD C:\Users\vanessa\Dropbox 2017-02-11 11:28 - 2016-09-30 17:03 - 00137479 ____H C:\Users\vanessa\AppData\Local\IconCache.db.backup 2017-02-11 09:09 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-11 09:09 - 2014-07-16 15:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2017-02-11 09:09 - 2011-10-27 13:14 - 00000000 ____D C:\ProgramData\BackupManager 2017-02-11 08:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration 2017-02-11 00:27 - 2016-09-30 17:57 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\vlc 2017-02-11 00:27 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-02-11 00:27 - 2015-01-14 18:54 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\uTorrent 2017-02-10 23:34 - 2015-09-08 16:39 - 00000000 ____D C:\ProgramData\WinZip 2017-02-10 23:16 - 2007-03-01 04:43 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll 2017-02-10 18:33 - 2011-10-27 12:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-10 18:32 - 2014-06-26 10:42 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll 2017-02-10 18:32 - 2011-10-27 13:13 - 00000000 ____D C:\Program Files (x86)\NTI 2017-02-10 18:03 - 2014-06-26 10:43 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll 2017-02-09 19:54 - 2014-07-01 07:31 - 00000000 ____D C:\Users\vanessa\AppData\Roaming\EIBA sc 2017-02-05 10:42 - 2016-12-24 16:51 - 00061952 _____ C:\Users\vanessa\Desktop\schema marathon.xls 2017-02-02 01:51 - 2016-10-30 00:57 - 20358232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2017-01-25 17:37 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp ==================== Bestanden in de root van sommige mappen ======= 2017-02-10 18:35 - 2017-02-10 18:35 - 0054272 _____ () C:\Users\vanessa\AppData\Roaming\ApplicationHosting.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0126464 _____ () C:\Users\vanessa\AppData\Roaming\lobby.dat 2017-02-10 18:35 - 2017-02-10 18:35 - 0072787 _____ () C:\Users\vanessa\AppData\Roaming\QvoLa.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 1908361 _____ () C:\Users\vanessa\AppData\Roaming\StrongTop.tst 2017-02-10 18:35 - 2017-02-10 18:35 - 1938530 _____ () C:\Users\vanessa\AppData\Roaming\Touchsolohome.bin 2017-02-10 18:35 - 2017-02-10 18:35 - 0032038 _____ () C:\Users\vanessa\AppData\Roaming\uninstall_temp.ico 2015-10-06 20:51 - 2016-11-10 12:12 - 0005120 _____ () C:\Users\vanessa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-29 14:22 - 2014-06-29 14:22 - 0000095 _____ () C:\Users\vanessa\AppData\Local\fusioncache.dat 2014-06-26 10:46 - 2014-06-26 10:48 - 0015252 _____ () C:\ProgramData\ArcadeDeluxe5.log 2016-09-17 03:08 - 2016-09-17 03:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-11-11 21:27 - 2016-11-11 21:27 - 0004965 _____ () C:\ProgramData\mudtcpaz.vzs Sommige bestanden in TEMP: ==================== 2017-02-10 18:58 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\0Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\1Uninst.exe 2017-02-10 18:59 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\2Uninst.exe 2017-02-10 20:06 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\3Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\4Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\5Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\6Uninst.exe 2017-02-10 20:07 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\7Uninst.exe 2017-02-10 20:08 - 2017-02-10 18:40 - 1738648 _____ (Suzhou Shijie Software Co., LTD ) C:\Users\vanessa\AppData\Local\Temp\8Uninst.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-20 21:05 ==================== Eind van FRST.txt ============================